Amazon Linux 2 Security Advisory: ALASNITRO-ENCLAVES-2023-021
Advisory Release Date: 2023-03-17 16:45 Pacific
Advisory Updated Date: 2023-03-21 21:43 Pacific
Severity:
Important
Issue Overview:
Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks. (CVE-2022-31394)
Affected Packages:
aws-nitro-enclaves-cli
Note:
This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update aws-nitro-enclaves-cli to update your system.
New Packages:
aarch64:
aws-nitro-enclaves-cli-1.2.2-0.amzn2.aarch64
aws-nitro-enclaves-cli-integration-tests-1.2.2-0.amzn2.aarch64
aws-nitro-enclaves-cli-devel-1.2.2-0.amzn2.aarch64
aws-nitro-enclaves-cli-debuginfo-1.2.2-0.amzn2.aarch64
src:
aws-nitro-enclaves-cli-1.2.2-0.amzn2.src
x86_64:
aws-nitro-enclaves-cli-1.2.2-0.amzn2.x86_64
aws-nitro-enclaves-cli-integration-tests-1.2.2-0.amzn2.x86_64
aws-nitro-enclaves-cli-devel-1.2.2-0.amzn2.x86_64
aws-nitro-enclaves-cli-debuginfo-1.2.2-0.amzn2.x86_64