Amazon Linux 1 Security Advisory: ALAS-2017-819
Advisory Release Date: 2017-04-20 06:04 Pacific
Advisory Updated Date: 2017-04-20 22:02 Pacific
An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability. (CVE-2017-8714)
Affected Packages:
R
Issue Correction:
Run yum update R to update your system.
i686:
R-core-3.3.3-1.51.amzn1.i686
R-java-devel-3.3.3-1.51.amzn1.i686
R-core-devel-3.3.3-1.51.amzn1.i686
R-devel-3.3.3-1.51.amzn1.i686
R-debuginfo-3.3.3-1.51.amzn1.i686
R-java-3.3.3-1.51.amzn1.i686
libRmath-devel-3.3.3-1.51.amzn1.i686
libRmath-static-3.3.3-1.51.amzn1.i686
libRmath-3.3.3-1.51.amzn1.i686
R-3.3.3-1.51.amzn1.i686
src:
R-3.3.3-1.51.amzn1.src
x86_64:
R-core-devel-3.3.3-1.51.amzn1.x86_64
R-devel-3.3.3-1.51.amzn1.x86_64
R-3.3.3-1.51.amzn1.x86_64
R-debuginfo-3.3.3-1.51.amzn1.x86_64
R-java-devel-3.3.3-1.51.amzn1.x86_64
libRmath-3.3.3-1.51.amzn1.x86_64
R-java-3.3.3-1.51.amzn1.x86_64
libRmath-devel-3.3.3-1.51.amzn1.x86_64
R-core-3.3.3-1.51.amzn1.x86_64
libRmath-static-3.3.3-1.51.amzn1.x86_64