Amazon Linux 2022 Security Advisory: ALAS-2022-081
Advisory Release Date: 2022-05-18 00:43 Pacific
Advisory Updated Date: 2022-05-19 18:37 Pacific
Severity:
Low
Issue Overview:
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file". (CVE-2020-18442)
Affected Packages:
zziplib
Issue Correction:
Run dnf update --releasever=2022.0.20220518 zziplib to update your system.
New Packages:
aarch64:
zziplib-utils-0.13.72-1.amzn2022.0.1.aarch64
zziplib-debugsource-0.13.72-1.amzn2022.0.1.aarch64
zziplib-0.13.72-1.amzn2022.0.1.aarch64
zziplib-utils-debuginfo-0.13.72-1.amzn2022.0.1.aarch64
zziplib-debuginfo-0.13.72-1.amzn2022.0.1.aarch64
zziplib-devel-0.13.72-1.amzn2022.0.1.aarch64
src:
zziplib-0.13.72-1.amzn2022.0.1.src
x86_64:
zziplib-utils-debuginfo-0.13.72-1.amzn2022.0.1.x86_64
zziplib-debuginfo-0.13.72-1.amzn2022.0.1.x86_64
zziplib-utils-0.13.72-1.amzn2022.0.1.x86_64
zziplib-debugsource-0.13.72-1.amzn2022.0.1.x86_64
zziplib-0.13.72-1.amzn2022.0.1.x86_64
zziplib-devel-0.13.72-1.amzn2022.0.1.x86_64