Amazon Linux 2023 Security Advisory: ALAS2023-2026-1608
Advisory Released Date: 2026-04-30
Advisory Updated Date: 2026-04-30
Severity:
Low
Issue Overview:
A flaw was found in zlib. An attacker providing specially crafted input to the crc32_combine64 or crc32_combine_gen64 functions could trigger an infinite loop within the x2nmodp function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system. (CVE-2026-27171)
Affected Packages:
nodejs20
Issue Correction:
Run dnf update nodejs20 --releasever 2023.11.20260427 or dnf update --advisory ALAS2023-2026-1608 --releasever 2023.11.20260427 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
nodejs20-libs-debuginfo-20.20.2-1.amzn2023.0.2.aarch64
nodejs20-libs-20.20.2-1.amzn2023.0.2.aarch64
nodejs20-debuginfo-20.20.2-1.amzn2023.0.2.aarch64
nodejs20-full-i18n-20.20.2-1.amzn2023.0.2.aarch64
nodejs20-devel-20.20.2-1.amzn2023.0.2.aarch64
nodejs20-20.20.2-1.amzn2023.0.2.aarch64
v8-11.3-devel-11.3.244.8-1.20.20.2.1.amzn2023.0.2.aarch64
nodejs20-npm-10.8.2-1.20.20.2.1.amzn2023.0.2.aarch64
nodejs20-debugsource-20.20.2-1.amzn2023.0.2.aarch64
noarch:
nodejs20-docs-20.20.2-1.amzn2023.0.2.noarch
src:
nodejs20-20.20.2-1.amzn2023.0.2.src
x86_64:
nodejs20-libs-debuginfo-20.20.2-1.amzn2023.0.2.x86_64
nodejs20-devel-20.20.2-1.amzn2023.0.2.x86_64
nodejs20-full-i18n-20.20.2-1.amzn2023.0.2.x86_64
nodejs20-libs-20.20.2-1.amzn2023.0.2.x86_64
nodejs20-debuginfo-20.20.2-1.amzn2023.0.2.x86_64
v8-11.3-devel-11.3.244.8-1.20.20.2.1.amzn2023.0.2.x86_64
nodejs20-20.20.2-1.amzn2023.0.2.x86_64
nodejs20-npm-10.8.2-1.20.20.2.1.amzn2023.0.2.x86_64
nodejs20-debugsource-20.20.2-1.amzn2023.0.2.x86_64