ALAS2-2023-1920

Amazon Linux 2 Security Advisory: ALAS-2023-1920
Advisory Release Date: 2023-01-30 16:02 Pacific
Advisory Updated Date: 2023-02-04 18:25 Pacific
Severity: Low
Issue Overview:

** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments. (CVE-2021-37600)


Affected Packages:

util-linux


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update util-linux to update your system.

New Packages:
aarch64:
    util-linux-2.30.2-2.amzn2.0.11.aarch64
    libfdisk-2.30.2-2.amzn2.0.11.aarch64
    libfdisk-devel-2.30.2-2.amzn2.0.11.aarch64
    libsmartcols-2.30.2-2.amzn2.0.11.aarch64
    libsmartcols-devel-2.30.2-2.amzn2.0.11.aarch64
    libmount-2.30.2-2.amzn2.0.11.aarch64
    libmount-devel-2.30.2-2.amzn2.0.11.aarch64
    libblkid-2.30.2-2.amzn2.0.11.aarch64
    libblkid-devel-2.30.2-2.amzn2.0.11.aarch64
    libuuid-2.30.2-2.amzn2.0.11.aarch64
    libuuid-devel-2.30.2-2.amzn2.0.11.aarch64
    uuidd-2.30.2-2.amzn2.0.11.aarch64
    python-libmount-2.30.2-2.amzn2.0.11.aarch64
    util-linux-user-2.30.2-2.amzn2.0.11.aarch64
    util-linux-debuginfo-2.30.2-2.amzn2.0.11.aarch64

i686:
    util-linux-2.30.2-2.amzn2.0.11.i686
    libfdisk-2.30.2-2.amzn2.0.11.i686
    libfdisk-devel-2.30.2-2.amzn2.0.11.i686
    libsmartcols-2.30.2-2.amzn2.0.11.i686
    libsmartcols-devel-2.30.2-2.amzn2.0.11.i686
    libmount-2.30.2-2.amzn2.0.11.i686
    libmount-devel-2.30.2-2.amzn2.0.11.i686
    libblkid-2.30.2-2.amzn2.0.11.i686
    libblkid-devel-2.30.2-2.amzn2.0.11.i686
    libuuid-2.30.2-2.amzn2.0.11.i686
    libuuid-devel-2.30.2-2.amzn2.0.11.i686
    uuidd-2.30.2-2.amzn2.0.11.i686
    python-libmount-2.30.2-2.amzn2.0.11.i686
    util-linux-user-2.30.2-2.amzn2.0.11.i686
    util-linux-debuginfo-2.30.2-2.amzn2.0.11.i686

src:
    util-linux-2.30.2-2.amzn2.0.11.src

x86_64:
    util-linux-2.30.2-2.amzn2.0.11.x86_64
    libfdisk-2.30.2-2.amzn2.0.11.x86_64
    libfdisk-devel-2.30.2-2.amzn2.0.11.x86_64
    libsmartcols-2.30.2-2.amzn2.0.11.x86_64
    libsmartcols-devel-2.30.2-2.amzn2.0.11.x86_64
    libmount-2.30.2-2.amzn2.0.11.x86_64
    libmount-devel-2.30.2-2.amzn2.0.11.x86_64
    libblkid-2.30.2-2.amzn2.0.11.x86_64
    libblkid-devel-2.30.2-2.amzn2.0.11.x86_64
    libuuid-2.30.2-2.amzn2.0.11.x86_64
    libuuid-devel-2.30.2-2.amzn2.0.11.x86_64
    uuidd-2.30.2-2.amzn2.0.11.x86_64
    python-libmount-2.30.2-2.amzn2.0.11.x86_64
    util-linux-user-2.30.2-2.amzn2.0.11.x86_64
    util-linux-debuginfo-2.30.2-2.amzn2.0.11.x86_64

Additional References

Red Hat: CVE-2021-37600

Mitre: CVE-2021-37600