ALAS-2017-819


Amazon Linux AMI Security Advisory: ALAS-2017-819
Advisory Release Date: 2017-04-20 22:02 Pacific
Severity: Medium
References: CVE-2017-8714 

Issue Overview:

An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability. (CVE-2017-8714 )


Affected Packages:

R


Issue Correction:
Run yum update R to update your system.

New Packages:
i686:
    R-core-3.3.3-1.51.amzn1.i686
    R-java-devel-3.3.3-1.51.amzn1.i686
    R-core-devel-3.3.3-1.51.amzn1.i686
    R-devel-3.3.3-1.51.amzn1.i686
    R-debuginfo-3.3.3-1.51.amzn1.i686
    R-java-3.3.3-1.51.amzn1.i686
    libRmath-devel-3.3.3-1.51.amzn1.i686
    libRmath-static-3.3.3-1.51.amzn1.i686
    libRmath-3.3.3-1.51.amzn1.i686
    R-3.3.3-1.51.amzn1.i686

src:
    R-3.3.3-1.51.amzn1.src

x86_64:
    R-core-devel-3.3.3-1.51.amzn1.x86_64
    R-devel-3.3.3-1.51.amzn1.x86_64
    R-3.3.3-1.51.amzn1.x86_64
    R-debuginfo-3.3.3-1.51.amzn1.x86_64
    R-java-devel-3.3.3-1.51.amzn1.x86_64
    libRmath-3.3.3-1.51.amzn1.x86_64
    R-java-3.3.3-1.51.amzn1.x86_64
    libRmath-devel-3.3.3-1.51.amzn1.x86_64
    R-core-3.3.3-1.51.amzn1.x86_64
    libRmath-static-3.3.3-1.51.amzn1.x86_64