Amazon Linux 2023 Security Advisory: ALAS-2023-370
Advisory Release Date: 2023-09-27 21:06 Pacific
Advisory Updated Date: 2023-10-03 20:50 Pacific
Severity:
Medium
Issue Overview:
Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). (CVE-2023-36328)
Affected Packages:
libtommath
Issue Correction:
Run dnf update libtommath --releasever 2023.2.20231002 to update your system.
New Packages:
aarch64:
libtommath-debuginfo-1.2.0-62.amzn2023.0.1.aarch64
libtommath-1.2.0-62.amzn2023.0.1.aarch64
libtommath-devel-1.2.0-62.amzn2023.0.1.aarch64
libtommath-debugsource-1.2.0-62.amzn2023.0.1.aarch64
noarch:
libtommath-doc-1.2.0-62.amzn2023.0.1.noarch
src:
libtommath-1.2.0-62.amzn2023.0.1.src
x86_64:
libtommath-debuginfo-1.2.0-62.amzn2023.0.1.x86_64
libtommath-1.2.0-62.amzn2023.0.1.x86_64
libtommath-devel-1.2.0-62.amzn2023.0.1.x86_64
libtommath-debugsource-1.2.0-62.amzn2023.0.1.x86_64