Amazon Linux 2022 Security Advisory: ALAS-2022-046
Advisory Release Date: 2022-04-19 01:21 Pacific
Advisory Updated Date: 2022-04-22 15:12 Pacific
Severity:
Important
Issue Overview:
An uncontrolled resource consumption flaw was found in python-twisted in the dataReceived() function. This flaw allows an unauthenticated, remote attacker to send a simple command to use all available memory and crash the server. (CVE-2022-21716)
Affected Packages:
python-twisted
Issue Correction:
Run dnf update --releasever=2022.0.20220419 python-twisted to update your system.
New Packages:
noarch:
python3-twisted+tls-22.2.0-117.amzn2022.0.1.noarch
python3-twisted-22.2.0-117.amzn2022.0.1.noarch
src:
python-twisted-22.2.0-117.amzn2022.0.1.src