ALAS2023-2023-143

Amazon Linux 2023 Security Advisory: ALAS-2023-143
Advisory Release Date: 2023-03-20 18:27 Pacific
Advisory Updated Date: 2023-03-22 23:18 Pacific

Severity: Low

References: CVE-2022-36109
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. (CVE-2022-36109)

Affected Packages:

docker

Issue Correction:
Run dnf update --releasever=2023.0.20230322 docker to update your system.

New Packages:

aarch64:
    docker-debuginfo-20.10.17-1.amzn2023.0.6.aarch64
    docker-20.10.17-1.amzn2023.0.6.aarch64
    docker-debugsource-20.10.17-1.amzn2023.0.6.aarch64

src:
    docker-20.10.17-1.amzn2023.0.6.src

x86_64:
    docker-debuginfo-20.10.17-1.amzn2023.0.6.x86_64
    docker-20.10.17-1.amzn2023.0.6.x86_64
    docker-debugsource-20.10.17-1.amzn2023.0.6.x86_64

Additional References

Red Hat: CVE-2022-36109

Mitre: CVE-2022-36109

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2023-2023-143

Additional References