Amazon Linux 2023 Security Advisory: ALAS-2024-697
Advisory Release Date: 2024-08-01 04:06 Pacific
Advisory Updated Date: 2024-08-28 20:03 Pacific
Severity:
Medium
Issue Overview:
2024-08-28: CVE-2024-24790 was added to this advisory.
2024-08-09: CVE-2023-47108 was removed from this advisory.
2024-08-09: The severity of this advisory has been changed from Important to Medium.
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. (CVE-2024-24786)
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. (CVE-2024-24790)
Affected Packages:
containerd
Issue Correction:
Run dnf update containerd --releasever 2023.5.20240805 to update your system.
New Packages:
aarch64:
containerd-stress-debuginfo-1.7.20-1.amzn2023.0.1.aarch64
containerd-debuginfo-1.7.20-1.amzn2023.0.1.aarch64
containerd-stress-1.7.20-1.amzn2023.0.1.aarch64
containerd-1.7.20-1.amzn2023.0.1.aarch64
containerd-debugsource-1.7.20-1.amzn2023.0.1.aarch64
src:
containerd-1.7.20-1.amzn2023.0.1.src
x86_64:
containerd-debuginfo-1.7.20-1.amzn2023.0.1.x86_64
containerd-stress-1.7.20-1.amzn2023.0.1.x86_64
containerd-stress-debuginfo-1.7.20-1.amzn2023.0.1.x86_64
containerd-1.7.20-1.amzn2023.0.1.x86_64
containerd-debugsource-1.7.20-1.amzn2023.0.1.x86_64