Amazon Linux 2 Security Advisory: ALAS-2023-2022
Advisory Release Date: 2023-04-27 18:36 Pacific
Advisory Updated Date: 2023-05-02 19:18 Pacific
Severity:
Medium
Issue Overview:
The Ruby on Rails advisory describes this vulnerability as follows:
Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. (CVE-2023-27539)
Affected Packages:
pcs
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update pcs to update your system.
New Packages:
aarch64:
pcs-0.9.169-3.amzn2.3.0.2.aarch64
pcs-snmp-0.9.169-3.amzn2.3.0.2.aarch64
pcs-debuginfo-0.9.169-3.amzn2.3.0.2.aarch64
i686:
pcs-0.9.169-3.amzn2.3.0.2.i686
pcs-snmp-0.9.169-3.amzn2.3.0.2.i686
pcs-debuginfo-0.9.169-3.amzn2.3.0.2.i686
src:
pcs-0.9.169-3.amzn2.3.0.2.src
x86_64:
pcs-0.9.169-3.amzn2.3.0.2.x86_64
pcs-snmp-0.9.169-3.amzn2.3.0.2.x86_64
pcs-debuginfo-0.9.169-3.amzn2.3.0.2.x86_64