Amazon Linux 2023 Security Advisory: ALAS-2023-246
Advisory Release Date: 2023-07-05 20:13 Pacific
Advisory Updated Date: 2023-07-20 00:56 Pacific
Severity:
Low
Issue Overview:
In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference or, in some cases, even arbitrary code execution. (CVE-2022-36227)
Affected Packages:
libarchive
Issue Correction:
Run dnf update libarchive --releasever 2023.1.20230719 to update your system.
New Packages:
aarch64:
bsdcpio-debuginfo-3.5.3-2.amzn2023.0.3.aarch64
libarchive-debuginfo-3.5.3-2.amzn2023.0.3.aarch64
bsdtar-3.5.3-2.amzn2023.0.3.aarch64
bsdcat-debuginfo-3.5.3-2.amzn2023.0.3.aarch64
libarchive-debugsource-3.5.3-2.amzn2023.0.3.aarch64
bsdtar-debuginfo-3.5.3-2.amzn2023.0.3.aarch64
bsdcpio-3.5.3-2.amzn2023.0.3.aarch64
bsdcat-3.5.3-2.amzn2023.0.3.aarch64
libarchive-3.5.3-2.amzn2023.0.3.aarch64
libarchive-devel-3.5.3-2.amzn2023.0.3.aarch64
src:
libarchive-3.5.3-2.amzn2023.0.3.src
x86_64:
bsdcat-3.5.3-2.amzn2023.0.3.x86_64
libarchive-debuginfo-3.5.3-2.amzn2023.0.3.x86_64
bsdcpio-3.5.3-2.amzn2023.0.3.x86_64
bsdcpio-debuginfo-3.5.3-2.amzn2023.0.3.x86_64
bsdtar-debuginfo-3.5.3-2.amzn2023.0.3.x86_64
bsdtar-3.5.3-2.amzn2023.0.3.x86_64
libarchive-debugsource-3.5.3-2.amzn2023.0.3.x86_64
libarchive-3.5.3-2.amzn2023.0.3.x86_64
libarchive-devel-3.5.3-2.amzn2023.0.3.x86_64
bsdcat-debuginfo-3.5.3-2.amzn2023.0.3.x86_64