Amazon Linux 2023 Security Advisory: ALAS2023-2026-1798
Advisory Released Date: 2026-06-08
Advisory Updated Date: 2026-06-08
FAQs regarding Amazon Linux ALAS/CVE Severity
A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processing this crafted signature could lead to a denial of service in automated package or repository processing workflows. (CVE-2026-48863)
A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service. (CVE-2026-48864)
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted .solv file containing negative size values in the repo_add_solv function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS). (CVE-2026-9149)
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system. (CVE-2026-9150)
Affected Packages:
libsolv
Issue Correction:
Run dnf update libsolv --releasever 2023.12.20260608 or dnf update --advisory ALAS2023-2026-1798 --releasever 2023.12.20260608 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
libsolv-tools-0.7.22-1.amzn2023.0.4.aarch64
python3-solv-debuginfo-0.7.22-1.amzn2023.0.4.aarch64
libsolv-demo-debuginfo-0.7.22-1.amzn2023.0.4.aarch64
libsolv-demo-0.7.22-1.amzn2023.0.4.aarch64
libsolv-debugsource-0.7.22-1.amzn2023.0.4.aarch64
libsolv-debuginfo-0.7.22-1.amzn2023.0.4.aarch64
ruby-solv-0.7.22-1.amzn2023.0.4.aarch64
perl-solv-debuginfo-0.7.22-1.amzn2023.0.4.aarch64
python3-solv-0.7.22-1.amzn2023.0.4.aarch64
libsolv-0.7.22-1.amzn2023.0.4.aarch64
perl-solv-0.7.22-1.amzn2023.0.4.aarch64
libsolv-devel-0.7.22-1.amzn2023.0.4.aarch64
ruby-solv-debuginfo-0.7.22-1.amzn2023.0.4.aarch64
libsolv-tools-debuginfo-0.7.22-1.amzn2023.0.4.aarch64
src:
libsolv-0.7.22-1.amzn2023.0.4.src
x86_64:
libsolv-demo-debuginfo-0.7.22-1.amzn2023.0.4.x86_64
libsolv-demo-0.7.22-1.amzn2023.0.4.x86_64
libsolv-debuginfo-0.7.22-1.amzn2023.0.4.x86_64
libsolv-debugsource-0.7.22-1.amzn2023.0.4.x86_64
ruby-solv-debuginfo-0.7.22-1.amzn2023.0.4.x86_64
libsolv-tools-debuginfo-0.7.22-1.amzn2023.0.4.x86_64
libsolv-tools-0.7.22-1.amzn2023.0.4.x86_64
python3-solv-0.7.22-1.amzn2023.0.4.x86_64
libsolv-devel-0.7.22-1.amzn2023.0.4.x86_64
libsolv-0.7.22-1.amzn2023.0.4.x86_64
perl-solv-debuginfo-0.7.22-1.amzn2023.0.4.x86_64
python3-solv-debuginfo-0.7.22-1.amzn2023.0.4.x86_64
perl-solv-0.7.22-1.amzn2023.0.4.x86_64
ruby-solv-0.7.22-1.amzn2023.0.4.x86_64