Amazon Linux 2023 Security Advisory: ALAS2023-2026-1923
Advisory Released Date: 2026-07-07
Advisory Updated Date: 2026-07-07
FAQs regarding Amazon Linux ALAS/CVE Severity
The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size. (CVE-2026-46601)
The TIFF decoder does not set a limit on the size of tiles in tiled images, permitting a malicious or corrupt image containing a very large tile to cause unbounded memory consumption. (CVE-2026-46602)
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset. (CVE-2026-46604)
Affected Packages:
rclone
Issue Correction:
Run dnf update rclone --releasever 2023.12.20260706 or dnf update --advisory ALAS2023-2026-1923 --releasever 2023.12.20260706 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
rclone-debuginfo-1.74.3-82.amzn2023.aarch64
rclone-1.74.3-82.amzn2023.aarch64
rclone-debugsource-1.74.3-82.amzn2023.aarch64
src:
rclone-1.74.3-82.amzn2023.src
x86_64:
rclone-debuginfo-1.74.3-82.amzn2023.x86_64
rclone-1.74.3-82.amzn2023.x86_64
rclone-debugsource-1.74.3-82.amzn2023.x86_64