Amazon Linux 2 Security Advisory: ALAS-2022-1807
Advisory Release Date: 2022-07-06 02:44 Pacific
Advisory Updated Date: 2022-07-14 21:49 Pacific
Severity:
Medium
Issue Overview:
A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB) ), causing a stack overflow in Decode, which leads to a loss of availability. (CVE-2022-24675)
Affected Packages:
amazon-ssm-agent
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update amazon-ssm-agent to update your system.
New Packages:
aarch64:
amazon-ssm-agent-3.1.1575.0-1.amzn2.aarch64
amazon-ssm-agent-debuginfo-3.1.1575.0-1.amzn2.aarch64
src:
amazon-ssm-agent-3.1.1575.0-1.amzn2.src
x86_64:
amazon-ssm-agent-3.1.1575.0-1.amzn2.x86_64
amazon-ssm-agent-debuginfo-3.1.1575.0-1.amzn2.x86_64