Amazon Linux 2022 Security Advisory: ALAS-2022-162
Advisory Release Date: 2022-11-01 21:23 Pacific
Advisory Updated Date: 2022-11-03 21:03 Pacific
Severity:
Low
Issue Overview:
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file". (CVE-2020-18442)
Affected Packages:
zziplib
Issue Correction:
Run dnf update zziplib --releasever=2022.0.20221102 to update your system.
New Packages:
aarch64:
zziplib-debugsource-0.13.72-1.amzn2022.0.2.aarch64
zziplib-debuginfo-0.13.72-1.amzn2022.0.2.aarch64
zziplib-utils-0.13.72-1.amzn2022.0.2.aarch64
zziplib-0.13.72-1.amzn2022.0.2.aarch64
zziplib-utils-debuginfo-0.13.72-1.amzn2022.0.2.aarch64
zziplib-devel-0.13.72-1.amzn2022.0.2.aarch64
src:
zziplib-0.13.72-1.amzn2022.0.2.src
x86_64:
zziplib-utils-debuginfo-0.13.72-1.amzn2022.0.2.x86_64
zziplib-debuginfo-0.13.72-1.amzn2022.0.2.x86_64
zziplib-debugsource-0.13.72-1.amzn2022.0.2.x86_64
zziplib-utils-0.13.72-1.amzn2022.0.2.x86_64
zziplib-devel-0.13.72-1.amzn2022.0.2.x86_64
zziplib-0.13.72-1.amzn2022.0.2.x86_64