ALAS-2022-257

Amazon Linux 2022 Security Advisory: ALAS-2022-257
Advisory Release Date: 2022-12-06 16:45 Pacific
Advisory Updated Date: 2022-12-06 16:45 Pacific

Severity: Medium

References: CVE-2022-40303 CVE-2022-40304
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Affected Packages:

xmlsec1

Issue Correction:
Run yum update xmlsec1 to update your system.

New Packages:

aarch64:
    xmlsec1-openssl-debuginfo-1.2.33-3.amzn2022.0.1.aarch64
    xmlsec1-openssl-devel-1.2.33-3.amzn2022.0.1.aarch64
    xmlsec1-debuginfo-1.2.33-3.amzn2022.0.1.aarch64
    xmlsec1-debugsource-1.2.33-3.amzn2022.0.1.aarch64
    xmlsec1-openssl-1.2.33-3.amzn2022.0.1.aarch64
    xmlsec1-1.2.33-3.amzn2022.0.1.aarch64
    xmlsec1-devel-1.2.33-3.amzn2022.0.1.aarch64

src:
    xmlsec1-1.2.33-3.amzn2022.0.1.src

x86_64:
    xmlsec1-debuginfo-1.2.33-3.amzn2022.0.1.x86_64
    xmlsec1-openssl-1.2.33-3.amzn2022.0.1.x86_64
    xmlsec1-openssl-devel-1.2.33-3.amzn2022.0.1.x86_64
    xmlsec1-openssl-debuginfo-1.2.33-3.amzn2022.0.1.x86_64
    xmlsec1-1.2.33-3.amzn2022.0.1.x86_64
    xmlsec1-devel-1.2.33-3.amzn2022.0.1.x86_64
    xmlsec1-debugsource-1.2.33-3.amzn2022.0.1.x86_64

Additional References

Red Hat: CVE-2022-40303, CVE-2022-40304

Mitre: CVE-2022-40303, CVE-2022-40304

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS-2022-257

Additional References