ALAS2023-2023-200

Amazon Linux 2023 Security Advisory: ALAS-2023-200
Advisory Release Date: 2023-06-05 16:39 Pacific
Advisory Updated Date: 2023-06-07 20:09 Pacific

Severity: Medium

References: CVE-2022-38750
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. (CVE-2022-38750)

Affected Packages:

snakeyaml

Issue Correction:
Run dnf update snakeyaml --releasever 2023.0.20230607 to update your system.

New Packages:

noarch:
    snakeyaml-1.27-6.amzn2023.0.2.noarch
    snakeyaml-javadoc-1.27-6.amzn2023.0.2.noarch

src:
    snakeyaml-1.27-6.amzn2023.0.2.src

Additional References

Red Hat: CVE-2022-38750

Mitre: CVE-2022-38750

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2023-2023-200

Additional References