ALAS2-2022-1899

Amazon Linux 2 Security Advisory: ALAS-2022-1899
Advisory Release Date: 2022-12-01 20:32 Pacific
Advisory Updated Date: 2022-12-06 22:38 Pacific
Severity: Medium
Issue Overview:

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. (CVE-2022-3821)


Affected Packages:

systemd


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update systemd to update your system.

New Packages:
aarch64:
    systemd-219-78.amzn2.0.21.aarch64
    systemd-libs-219-78.amzn2.0.21.aarch64
    systemd-devel-219-78.amzn2.0.21.aarch64
    systemd-sysv-219-78.amzn2.0.21.aarch64
    systemd-python-219-78.amzn2.0.21.aarch64
    libgudev1-219-78.amzn2.0.21.aarch64
    libgudev1-devel-219-78.amzn2.0.21.aarch64
    systemd-journal-gateway-219-78.amzn2.0.21.aarch64
    systemd-networkd-219-78.amzn2.0.21.aarch64
    systemd-resolved-219-78.amzn2.0.21.aarch64
    systemd-debuginfo-219-78.amzn2.0.21.aarch64

i686:
    systemd-219-78.amzn2.0.21.i686
    systemd-libs-219-78.amzn2.0.21.i686
    systemd-devel-219-78.amzn2.0.21.i686
    systemd-sysv-219-78.amzn2.0.21.i686
    systemd-python-219-78.amzn2.0.21.i686
    libgudev1-219-78.amzn2.0.21.i686
    libgudev1-devel-219-78.amzn2.0.21.i686
    systemd-journal-gateway-219-78.amzn2.0.21.i686
    systemd-networkd-219-78.amzn2.0.21.i686
    systemd-resolved-219-78.amzn2.0.21.i686
    systemd-debuginfo-219-78.amzn2.0.21.i686

src:
    systemd-219-78.amzn2.0.21.src

x86_64:
    systemd-219-78.amzn2.0.21.x86_64
    systemd-libs-219-78.amzn2.0.21.x86_64
    systemd-devel-219-78.amzn2.0.21.x86_64
    systemd-sysv-219-78.amzn2.0.21.x86_64
    systemd-python-219-78.amzn2.0.21.x86_64
    libgudev1-219-78.amzn2.0.21.x86_64
    libgudev1-devel-219-78.amzn2.0.21.x86_64
    systemd-journal-gateway-219-78.amzn2.0.21.x86_64
    systemd-networkd-219-78.amzn2.0.21.x86_64
    systemd-resolved-219-78.amzn2.0.21.x86_64
    systemd-debuginfo-219-78.amzn2.0.21.x86_64

Additional References

Red Hat: CVE-2022-3821

Mitre: CVE-2022-3821