ALAS-2017-876


Amazon Linux AMI Security Advisory: ALAS-2017-876
Advisory Release Date: 2017-08-31 22:53 Pacific
Severity: Medium
References: CVE-2017-0553 

Issue Overview:

Integer overflow in nlmsg_reserve():
An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application. (CVE-2017-0553 )


Affected Packages:

libnl3


Issue Correction:
Run yum update libnl3 to update your system.

New Packages:
i686:
    libnl3-doc-3.2.28-4.6.amzn1.i686
    libnl3-cli-3.2.28-4.6.amzn1.i686
    libnl3-debuginfo-3.2.28-4.6.amzn1.i686
    libnl3-devel-3.2.28-4.6.amzn1.i686
    libnl3-3.2.28-4.6.amzn1.i686

src:
    libnl3-3.2.28-4.6.amzn1.src

x86_64:
    libnl3-debuginfo-3.2.28-4.6.amzn1.x86_64
    libnl3-3.2.28-4.6.amzn1.x86_64
    libnl3-cli-3.2.28-4.6.amzn1.x86_64
    libnl3-doc-3.2.28-4.6.amzn1.x86_64
    libnl3-devel-3.2.28-4.6.amzn1.x86_64