Amazon Linux 2023 Security Advisory: ALAS-2023-006
Advisory Release Date: 2023-02-17 20:42 Pacific
Advisory Updated Date: 2023-02-23 00:00 Pacific
Severity:
Low
Issue Overview:
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file". (CVE-2020-18442)
Affected Packages:
zziplib
Issue Correction:
Run dnf update zziplib --releasever=2023.0.20230222 to update your system.
New Packages:
aarch64:
zziplib-utils-0.13.72-1.amzn2023.0.3.aarch64
zziplib-debugsource-0.13.72-1.amzn2023.0.3.aarch64
zziplib-debuginfo-0.13.72-1.amzn2023.0.3.aarch64
zziplib-0.13.72-1.amzn2023.0.3.aarch64
zziplib-devel-0.13.72-1.amzn2023.0.3.aarch64
zziplib-utils-debuginfo-0.13.72-1.amzn2023.0.3.aarch64
src:
zziplib-0.13.72-1.amzn2023.0.3.src
x86_64:
zziplib-debugsource-0.13.72-1.amzn2023.0.3.x86_64
zziplib-utils-debuginfo-0.13.72-1.amzn2023.0.3.x86_64
zziplib-utils-0.13.72-1.amzn2023.0.3.x86_64
zziplib-debuginfo-0.13.72-1.amzn2023.0.3.x86_64
zziplib-0.13.72-1.amzn2023.0.3.x86_64
zziplib-devel-0.13.72-1.amzn2023.0.3.x86_64