Amazon Linux 2023 Security Advisory: ALAS-2023-410
Advisory Release Date: 2023-10-30 23:44 Pacific
Advisory Updated Date: 2023-11-03 22:38 Pacific
Severity:
Medium
Issue Overview:
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. (CVE-2023-45853)
Affected Packages:
zlib
Issue Correction:
Run dnf update zlib --releasever 2023.2.20231030 to update your system.
New Packages:
aarch64:
zlib-debugsource-1.2.11-33.amzn2023.0.5.aarch64
minizip-compat-debuginfo-1.2.11-33.amzn2023.0.5.aarch64
minizip-compat-1.2.11-33.amzn2023.0.5.aarch64
zlib-devel-1.2.11-33.amzn2023.0.5.aarch64
zlib-debuginfo-1.2.11-33.amzn2023.0.5.aarch64
zlib-static-1.2.11-33.amzn2023.0.5.aarch64
minizip-compat-devel-1.2.11-33.amzn2023.0.5.aarch64
zlib-1.2.11-33.amzn2023.0.5.aarch64
src:
zlib-1.2.11-33.amzn2023.0.5.src
x86_64:
zlib-debugsource-1.2.11-33.amzn2023.0.5.x86_64
zlib-debuginfo-1.2.11-33.amzn2023.0.5.x86_64
minizip-compat-debuginfo-1.2.11-33.amzn2023.0.5.x86_64
minizip-compat-devel-1.2.11-33.amzn2023.0.5.x86_64
zlib-static-1.2.11-33.amzn2023.0.5.x86_64
minizip-compat-1.2.11-33.amzn2023.0.5.x86_64
zlib-devel-1.2.11-33.amzn2023.0.5.x86_64
zlib-1.2.11-33.amzn2023.0.5.x86_64