Amazon Linux 2023 Security Advisory: ALAS2023-2026-1616
Advisory Released Date: 2026-04-30
Advisory Updated Date: 2026-04-30
Severity:
Low
Issue Overview:
A flaw was found in zlib. An attacker providing specially crafted input to the crc32_combine64 or crc32_combine_gen64 functions could trigger an infinite loop within the x2nmodp function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system. (CVE-2026-27171)
Affected Packages:
nodejs22
Issue Correction:
Run dnf update nodejs22 --releasever 2023.11.20260427 or dnf update --advisory ALAS2023-2026-1616 --releasever 2023.11.20260427 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
nodejs22-libs-debuginfo-22.22.2-1.amzn2023.0.2.aarch64
nodejs22-debuginfo-22.22.2-1.amzn2023.0.2.aarch64
nodejs22-libs-22.22.2-1.amzn2023.0.2.aarch64
nodejs22-full-i18n-22.22.2-1.amzn2023.0.2.aarch64
v8-12.4-devel-12.4.254.21-1.22.22.2.1.amzn2023.0.2.aarch64
nodejs22-22.22.2-1.amzn2023.0.2.aarch64
nodejs22-devel-22.22.2-1.amzn2023.0.2.aarch64
nodejs22-npm-10.9.7-1.22.22.2.1.amzn2023.0.2.aarch64
nodejs22-debugsource-22.22.2-1.amzn2023.0.2.aarch64
noarch:
nodejs22-docs-22.22.2-1.amzn2023.0.2.noarch
src:
nodejs22-22.22.2-1.amzn2023.0.2.src
x86_64:
nodejs22-libs-debuginfo-22.22.2-1.amzn2023.0.2.x86_64
nodejs22-devel-22.22.2-1.amzn2023.0.2.x86_64
v8-12.4-devel-12.4.254.21-1.22.22.2.1.amzn2023.0.2.x86_64
nodejs22-full-i18n-22.22.2-1.amzn2023.0.2.x86_64
nodejs22-libs-22.22.2-1.amzn2023.0.2.x86_64
nodejs22-22.22.2-1.amzn2023.0.2.x86_64
nodejs22-npm-10.9.7-1.22.22.2.1.amzn2023.0.2.x86_64
nodejs22-debugsource-22.22.2-1.amzn2023.0.2.x86_64
nodejs22-debuginfo-22.22.2-1.amzn2023.0.2.x86_64