Amazon Linux 2023 Security Advisory: ALAS-2023-227
Advisory Release Date: 2023-06-21 19:11 Pacific
Advisory Updated Date: 2023-06-27 20:58 Pacific
Severity:
Important
Issue Overview:
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files.
This issue affects libeconf: before 0.5.2. (CVE-2023-22652)
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf allows for DoS via malformed configuration files
This issue affects libeconf: before 0.5.2. (CVE-2023-32181)
Affected Packages:
libeconf
Issue Correction:
Run dnf update libeconf --releasever 2023.1.20230628 to update your system.
New Packages:
aarch64:
libeconf-debugsource-0.4.0-1.amzn2023.0.3.aarch64
libeconf-utils-0.4.0-1.amzn2023.0.3.aarch64
libeconf-0.4.0-1.amzn2023.0.3.aarch64
libeconf-utils-debuginfo-0.4.0-1.amzn2023.0.3.aarch64
libeconf-debuginfo-0.4.0-1.amzn2023.0.3.aarch64
libeconf-devel-0.4.0-1.amzn2023.0.3.aarch64
src:
libeconf-0.4.0-1.amzn2023.0.3.src
x86_64:
libeconf-debuginfo-0.4.0-1.amzn2023.0.3.x86_64
libeconf-utils-debuginfo-0.4.0-1.amzn2023.0.3.x86_64
libeconf-utils-0.4.0-1.amzn2023.0.3.x86_64
libeconf-devel-0.4.0-1.amzn2023.0.3.x86_64
libeconf-0.4.0-1.amzn2023.0.3.x86_64
libeconf-debugsource-0.4.0-1.amzn2023.0.3.x86_64