Amazon Linux 2023 Security Advisory: ALAS-2023-406
Advisory Release Date: 2023-10-30 23:44 Pacific
Advisory Updated Date: 2023-11-03 22:37 Pacific
Severity:
Important
Issue Overview:
A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.
A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. (CVE-2023-5363)
Affected Packages:
openssl
Issue Correction:
Run dnf update openssl --releasever 2023.2.20231030 to update your system.
New Packages:
aarch64:
openssl-snapsafe-libs-debuginfo-3.0.8-1.amzn2023.0.9.aarch64
openssl-libs-debuginfo-3.0.8-1.amzn2023.0.9.aarch64
openssl-debuginfo-3.0.8-1.amzn2023.0.9.aarch64
openssl-perl-3.0.8-1.amzn2023.0.9.aarch64
openssl-snapsafe-libs-3.0.8-1.amzn2023.0.9.aarch64
openssl-libs-3.0.8-1.amzn2023.0.9.aarch64
openssl-3.0.8-1.amzn2023.0.9.aarch64
openssl-debugsource-3.0.8-1.amzn2023.0.9.aarch64
openssl-devel-3.0.8-1.amzn2023.0.9.aarch64
src:
openssl-3.0.8-1.amzn2023.0.9.src
x86_64:
openssl-snapsafe-libs-debuginfo-3.0.8-1.amzn2023.0.9.x86_64
openssl-debuginfo-3.0.8-1.amzn2023.0.9.x86_64
openssl-perl-3.0.8-1.amzn2023.0.9.x86_64
openssl-libs-3.0.8-1.amzn2023.0.9.x86_64
openssl-snapsafe-libs-3.0.8-1.amzn2023.0.9.x86_64
openssl-libs-debuginfo-3.0.8-1.amzn2023.0.9.x86_64
openssl-3.0.8-1.amzn2023.0.9.x86_64
openssl-debugsource-3.0.8-1.amzn2023.0.9.x86_64
openssl-devel-3.0.8-1.amzn2023.0.9.x86_64