ALAS2-2026-3148

Amazon Linux 2 Security Advisory: ALAS2-2026-3148
Advisory Released Date: 2026-02-05
Advisory Updated Date: 2026-02-05

Severity: Important

References: CVE-2026-23490
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2. (CVE-2026-23490)

Affected Packages:

python-pyasn1

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update python-pyasn1 or yum update --advisory ALAS2-2026-3148 to update your system.

New Packages:

noarch:
    python2-pyasn1-0.1.9-7.amzn2.0.3.noarch
    python2-pyasn1-modules-0.1.9-7.amzn2.0.3.noarch
    python3-pyasn1-0.1.9-7.amzn2.0.3.noarch
    python3-pyasn1-modules-0.1.9-7.amzn2.0.3.noarch

src:
    python-pyasn1-0.1.9-7.amzn2.0.3.src

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2026-23490

Mitre: CVE-2026-23490