ALAS2023-2023-088

Amazon Linux 2023 Security Advisory: ALAS-2023-088
Advisory Release Date: 2023-02-17 20:47 Pacific
Advisory Updated Date: 2023-02-22 23:28 Pacific

Severity: Important

References: CVE-2022-3515
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment. (CVE-2022-3515)

Affected Packages:

libksba

Issue Correction:
Run dnf update libksba --releasever=2023.0.20230222 to update your system.

New Packages:

aarch64:
    libksba-devel-1.6.3-1.amzn2023.0.2.aarch64
    libksba-debuginfo-1.6.3-1.amzn2023.0.2.aarch64
    libksba-debugsource-1.6.3-1.amzn2023.0.2.aarch64
    libksba-1.6.3-1.amzn2023.0.2.aarch64

src:
    libksba-1.6.3-1.amzn2023.0.2.src

x86_64:
    libksba-debuginfo-1.6.3-1.amzn2023.0.2.x86_64
    libksba-debugsource-1.6.3-1.amzn2023.0.2.x86_64
    libksba-1.6.3-1.amzn2023.0.2.x86_64
    libksba-devel-1.6.3-1.amzn2023.0.2.x86_64

Additional References

Red Hat: CVE-2022-3515

Mitre: CVE-2022-3515

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2023-2023-088

Additional References