ALAS-2024-478

Amazon Linux 2023 Security Advisory: ALAS-2024-478
Advisory Release Date: 2024-01-03 23:20 Pacific
Advisory Updated Date: 2024-01-08 21:02 Pacific
Severity: Medium
Issue Overview:

An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. (CVE-2023-34623)


Affected Packages:

jtidy


Issue Correction:
Run dnf update jtidy --releasever 2023.3.20240108 to update your system.

New Packages:
noarch:
    jtidy-1.0-0.38.20100930svn1125.amzn2023.0.2.noarch
    jtidy-javadoc-1.0-0.38.20100930svn1125.amzn2023.0.2.noarch

src:
    jtidy-1.0-0.38.20100930svn1125.amzn2023.0.2.src

Additional References

Red Hat: CVE-2023-34623

Mitre: CVE-2023-34623