Amazon Linux 2023 Security Advisory: ALAS-2023-266
Advisory Release Date: 2023-07-19 21:24 Pacific
Advisory Updated Date: 2023-07-26 23:51 Pacific
Severity:
Medium
Issue Overview:
janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. (CVE-2023-33546)
Affected Packages:
janino
Issue Correction:
Run dnf update janino --releasever 2023.1.20230725 to update your system.
New Packages:
noarch:
commons-compiler-3.1.7-1.amzn2023.0.2.noarch
commons-compiler-jdk-3.1.7-1.amzn2023.0.2.noarch
janino-3.1.7-1.amzn2023.0.2.noarch
janino-javadoc-3.1.7-1.amzn2023.0.2.noarch
src:
janino-3.1.7-1.amzn2023.0.2.src