Amazon Linux 2023 Security Advisory: ALAS-2024-481
Advisory Release Date: 2024-01-03 23:20 Pacific
Advisory Updated Date: 2024-01-08 21:02 Pacific
Severity:
Medium
Issue Overview:
p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp. (CVE-2022-47069)
Affected Packages:
p7zip
Issue Correction:
Run dnf update p7zip --releasever 2023.3.20240108 to update your system.
New Packages:
aarch64:
p7zip-plugins-debuginfo-16.02-20.amzn2023.0.5.aarch64
p7zip-16.02-20.amzn2023.0.5.aarch64
p7zip-plugins-16.02-20.amzn2023.0.5.aarch64
p7zip-debugsource-16.02-20.amzn2023.0.5.aarch64
noarch:
p7zip-doc-16.02-20.amzn2023.0.5.noarch
src:
p7zip-16.02-20.amzn2023.0.5.src
x86_64:
p7zip-plugins-debuginfo-16.02-20.amzn2023.0.5.x86_64
p7zip-16.02-20.amzn2023.0.5.x86_64
p7zip-plugins-16.02-20.amzn2023.0.5.x86_64
p7zip-debugsource-16.02-20.amzn2023.0.5.x86_64