Amazon Linux 2023 Security Advisory: ALAS-2024-638
Advisory Release Date: 2024-06-06 20:47 Pacific
Advisory Updated Date: 2024-06-10 17:10 Pacific
Severity:
Important
Issue Overview:
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user's system when interacted with. (CVE-2024-27322)
Affected Packages:
R
Issue Correction:
Run dnf update R --releasever 2023.4.20240611 to update your system.
New Packages:
aarch64:
libRmath-debuginfo-4.3.2-1.amzn2023.0.3.aarch64
R-4.3.2-1.amzn2023.0.3.aarch64
R-java-devel-4.3.2-1.amzn2023.0.3.aarch64
libRmath-static-4.3.2-1.amzn2023.0.3.aarch64
R-debuginfo-4.3.2-1.amzn2023.0.3.aarch64
R-devel-4.3.2-1.amzn2023.0.3.aarch64
R-java-4.3.2-1.amzn2023.0.3.aarch64
libRmath-devel-4.3.2-1.amzn2023.0.3.aarch64
libRmath-4.3.2-1.amzn2023.0.3.aarch64
R-debugsource-4.3.2-1.amzn2023.0.3.aarch64
R-core-debuginfo-4.3.2-1.amzn2023.0.3.aarch64
R-core-devel-4.3.2-1.amzn2023.0.3.aarch64
R-core-4.3.2-1.amzn2023.0.3.aarch64
src:
R-4.3.2-1.amzn2023.0.3.src
x86_64:
R-4.3.2-1.amzn2023.0.3.x86_64
libRmath-debuginfo-4.3.2-1.amzn2023.0.3.x86_64
libRmath-static-4.3.2-1.amzn2023.0.3.x86_64
libRmath-4.3.2-1.amzn2023.0.3.x86_64
R-devel-4.3.2-1.amzn2023.0.3.x86_64
libRmath-devel-4.3.2-1.amzn2023.0.3.x86_64
R-debuginfo-4.3.2-1.amzn2023.0.3.x86_64
R-java-4.3.2-1.amzn2023.0.3.x86_64
R-core-debuginfo-4.3.2-1.amzn2023.0.3.x86_64
R-core-devel-4.3.2-1.amzn2023.0.3.x86_64
R-java-devel-4.3.2-1.amzn2023.0.3.x86_64
R-debugsource-4.3.2-1.amzn2023.0.3.x86_64
R-core-4.3.2-1.amzn2023.0.3.x86_64