ALAS-2024-2557

Amazon Linux 2 Security Advisory: ALAS-2024-2557
Advisory Release Date: 2024-05-23 22:04 Pacific
Advisory Updated Date: 2024-05-29 12:00 Pacific

Severity: Medium

References: CVE-2023-1183
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. (CVE-2023-1183)

Affected Packages:

hsqldb

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update hsqldb to update your system.

New Packages:

noarch:
    hsqldb-1.8.1.3-15.amzn2.0.3.noarch
    hsqldb-manual-1.8.1.3-15.amzn2.0.3.noarch
    hsqldb-javadoc-1.8.1.3-15.amzn2.0.3.noarch
    hsqldb-demo-1.8.1.3-15.amzn2.0.3.noarch

src:
    hsqldb-1.8.1.3-15.amzn2.0.3.src

Additional References

Red Hat: CVE-2023-1183

Mitre: CVE-2023-1183

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS-2024-2557

Additional References