Amazon Linux 2023 Security Advisory: ALAS-2024-558
Advisory Release Date: 2024-02-29 18:49 Pacific
Advisory Updated Date: 2024-03-05 12:00 Pacific
Severity:
Low
References:
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
This update enables libpsl support in curl, which adds protection against domain spanning "super cookies" as described in section 5.3 of RFC 6265.
Affected Packages:
curl
Issue Correction:
Run dnf update curl --releasever 2023.3.20240304 to update your system.
New Packages:
aarch64:
curl-minimal-debuginfo-8.5.0-1.amzn2023.0.2.aarch64
libcurl-debuginfo-8.5.0-1.amzn2023.0.2.aarch64
libcurl-8.5.0-1.amzn2023.0.2.aarch64
curl-debugsource-8.5.0-1.amzn2023.0.2.aarch64
libcurl-minimal-debuginfo-8.5.0-1.amzn2023.0.2.aarch64
curl-8.5.0-1.amzn2023.0.2.aarch64
libcurl-minimal-8.5.0-1.amzn2023.0.2.aarch64
curl-debuginfo-8.5.0-1.amzn2023.0.2.aarch64
curl-minimal-8.5.0-1.amzn2023.0.2.aarch64
libcurl-devel-8.5.0-1.amzn2023.0.2.aarch64
src:
curl-8.5.0-1.amzn2023.0.2.src
x86_64:
libcurl-debuginfo-8.5.0-1.amzn2023.0.2.x86_64
curl-minimal-debuginfo-8.5.0-1.amzn2023.0.2.x86_64
libcurl-minimal-8.5.0-1.amzn2023.0.2.x86_64
curl-debugsource-8.5.0-1.amzn2023.0.2.x86_64
curl-debuginfo-8.5.0-1.amzn2023.0.2.x86_64
libcurl-minimal-debuginfo-8.5.0-1.amzn2023.0.2.x86_64
curl-8.5.0-1.amzn2023.0.2.x86_64
curl-minimal-8.5.0-1.amzn2023.0.2.x86_64
libcurl-8.5.0-1.amzn2023.0.2.x86_64
libcurl-devel-8.5.0-1.amzn2023.0.2.x86_64