Amazon Linux 2 Security Advisory: ALAS2-2026-3133
Advisory Released Date: 2026-02-05
Advisory Updated Date: 2026-02-05
Severity:
Medium
Issue Overview:
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue. (CVE-2025-67873)
Affected Packages:
capstone
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update capstone or yum update --advisory ALAS2-2026-3133 to update your system.
New Packages:
aarch64:
capstone-3.0.5-1.amzn2.0.1.aarch64
capstone-devel-3.0.5-1.amzn2.0.1.aarch64
python2-capstone-3.0.5-1.amzn2.0.1.aarch64
capstone-debuginfo-3.0.5-1.amzn2.0.1.aarch64
i686:
capstone-3.0.5-1.amzn2.0.1.i686
capstone-devel-3.0.5-1.amzn2.0.1.i686
python2-capstone-3.0.5-1.amzn2.0.1.i686
capstone-debuginfo-3.0.5-1.amzn2.0.1.i686
noarch:
capstone-java-3.0.5-1.amzn2.0.1.noarch
src:
capstone-3.0.5-1.amzn2.0.1.src
x86_64:
capstone-3.0.5-1.amzn2.0.1.x86_64
capstone-devel-3.0.5-1.amzn2.0.1.x86_64
python2-capstone-3.0.5-1.amzn2.0.1.x86_64
capstone-debuginfo-3.0.5-1.amzn2.0.1.x86_64