ALASANSIBLE2-2023-010

Amazon Linux 2 Security Advisory: ALASANSIBLE2-2023-010
Advisory Release Date: 2023-09-14 04:28 Pacific
Advisory Updated Date: 2023-09-25 22:14 Pacific

Severity: Medium

References: CVE-2023-36328
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). (CVE-2023-36328)

Affected Packages:

libtommath

Note:

This advisory is applicable to Amazon Linux 2 - Ansible2 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update libtommath to update your system.

New Packages:

aarch64:
    libtommath-1.0.1-4.amzn2.0.2.aarch64
    libtommath-devel-1.0.1-4.amzn2.0.2.aarch64
    libtommath-debuginfo-1.0.1-4.amzn2.0.2.aarch64

i686:
    libtommath-1.0.1-4.amzn2.0.2.i686
    libtommath-devel-1.0.1-4.amzn2.0.2.i686
    libtommath-debuginfo-1.0.1-4.amzn2.0.2.i686

src:
    libtommath-1.0.1-4.amzn2.0.2.src

x86_64:
    libtommath-1.0.1-4.amzn2.0.2.x86_64
    libtommath-devel-1.0.1-4.amzn2.0.2.x86_64
    libtommath-debuginfo-1.0.1-4.amzn2.0.2.x86_64

Additional References

Red Hat: CVE-2023-36328

Mitre: CVE-2023-36328

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALASANSIBLE2-2023-010

Additional References