Amazon Linux 2023 Security Advisory: ALAS-2023-129
Advisory Release Date: 2023-03-11 01:10 Pacific
Advisory Updated Date: 2023-03-14 17:28 Pacific
Severity:
Important
Issue Overview:
Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks. (CVE-2022-31394)
Affected Packages:
aws-nitro-enclaves-cli
Issue Correction:
Run dnf update aws-nitro-enclaves-cli --releasever=2023.0.20230315 to update your system.
New Packages:
aarch64:
aws-nitro-enclaves-cli-devel-1.2.2-0.amzn2023.aarch64
aws-nitro-enclaves-cli-integration-tests-1.2.2-0.amzn2023.aarch64
aws-nitro-enclaves-cli-1.2.2-0.amzn2023.aarch64
src:
aws-nitro-enclaves-cli-1.2.2-0.amzn2023.src
x86_64:
aws-nitro-enclaves-cli-devel-1.2.2-0.amzn2023.x86_64
aws-nitro-enclaves-cli-integration-tests-1.2.2-0.amzn2023.x86_64
aws-nitro-enclaves-cli-1.2.2-0.amzn2023.x86_64