Amazon Linux 2023 Security Advisory: ALAS-2023-025
Advisory Release Date: 2023-02-17 20:43 Pacific
Advisory Updated Date: 2023-02-22 23:55 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. (CVE-2021-3997)
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. (CVE-2022-4415)
systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file. (CVE-2022-45873)
Affected Packages:
systemd
Issue Correction:
Run dnf update systemd --releasever=2023.0.20230222 to update your system.
aarch64:
systemd-resolved-debuginfo-252.4-1161.amzn2023.0.1.aarch64
systemd-standalone-sysusers-debuginfo-252.4-1161.amzn2023.0.1.aarch64
systemd-standalone-sysusers-252.4-1161.amzn2023.0.1.aarch64
systemd-pam-debuginfo-252.4-1161.amzn2023.0.1.aarch64
systemd-libs-debuginfo-252.4-1161.amzn2023.0.1.aarch64
systemd-udev-debuginfo-252.4-1161.amzn2023.0.1.aarch64
systemd-journal-remote-debuginfo-252.4-1161.amzn2023.0.1.aarch64
systemd-networkd-252.4-1161.amzn2023.0.1.aarch64
systemd-standalone-tmpfiles-debuginfo-252.4-1161.amzn2023.0.1.aarch64
systemd-container-debuginfo-252.4-1161.amzn2023.0.1.aarch64
systemd-networkd-debuginfo-252.4-1161.amzn2023.0.1.aarch64
systemd-container-252.4-1161.amzn2023.0.1.aarch64
systemd-pam-252.4-1161.amzn2023.0.1.aarch64
systemd-devel-252.4-1161.amzn2023.0.1.aarch64
systemd-resolved-252.4-1161.amzn2023.0.1.aarch64
systemd-libs-252.4-1161.amzn2023.0.1.aarch64
systemd-journal-remote-252.4-1161.amzn2023.0.1.aarch64
systemd-standalone-tmpfiles-252.4-1161.amzn2023.0.1.aarch64
systemd-tests-debuginfo-252.4-1161.amzn2023.0.1.aarch64
systemd-debugsource-252.4-1161.amzn2023.0.1.aarch64
systemd-udev-252.4-1161.amzn2023.0.1.aarch64
systemd-debuginfo-252.4-1161.amzn2023.0.1.aarch64
systemd-252.4-1161.amzn2023.0.1.aarch64
systemd-tests-252.4-1161.amzn2023.0.1.aarch64
noarch:
systemd-oomd-defaults-252.4-1161.amzn2023.0.1.noarch
systemd-rpm-macros-252.4-1161.amzn2023.0.1.noarch
src:
systemd-252.4-1161.amzn2023.0.1.src
x86_64:
systemd-resolved-debuginfo-252.4-1161.amzn2023.0.1.x86_64
systemd-udev-debuginfo-252.4-1161.amzn2023.0.1.x86_64
systemd-standalone-sysusers-debuginfo-252.4-1161.amzn2023.0.1.x86_64
systemd-journal-remote-debuginfo-252.4-1161.amzn2023.0.1.x86_64
systemd-networkd-252.4-1161.amzn2023.0.1.x86_64
systemd-networkd-debuginfo-252.4-1161.amzn2023.0.1.x86_64
systemd-libs-debuginfo-252.4-1161.amzn2023.0.1.x86_64
systemd-resolved-252.4-1161.amzn2023.0.1.x86_64
systemd-standalone-tmpfiles-debuginfo-252.4-1161.amzn2023.0.1.x86_64
systemd-pam-debuginfo-252.4-1161.amzn2023.0.1.x86_64
systemd-standalone-tmpfiles-252.4-1161.amzn2023.0.1.x86_64
systemd-debuginfo-252.4-1161.amzn2023.0.1.x86_64
systemd-devel-252.4-1161.amzn2023.0.1.x86_64
systemd-container-debuginfo-252.4-1161.amzn2023.0.1.x86_64
systemd-standalone-sysusers-252.4-1161.amzn2023.0.1.x86_64
systemd-libs-252.4-1161.amzn2023.0.1.x86_64
systemd-journal-remote-252.4-1161.amzn2023.0.1.x86_64
systemd-container-252.4-1161.amzn2023.0.1.x86_64
systemd-pam-252.4-1161.amzn2023.0.1.x86_64
systemd-udev-252.4-1161.amzn2023.0.1.x86_64
systemd-252.4-1161.amzn2023.0.1.x86_64
systemd-debugsource-252.4-1161.amzn2023.0.1.x86_64
systemd-tests-debuginfo-252.4-1161.amzn2023.0.1.x86_64
systemd-tests-252.4-1161.amzn2023.0.1.x86_64