Amazon Linux 1 Security Advisory: ALAS-2021-1496
Advisory Release Date: 2021-05-06 19:11 Pacific
Advisory Updated Date: 2021-05-07 19:54 Pacific
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. (CVE-2021-28831)
Affected Packages:
busybox
Issue Correction:
Run yum update busybox to update your system.
i686:
busybox-1.19.3-2.12.amzn1.i686
busybox-petitboot-1.19.3-2.12.amzn1.i686
src:
busybox-1.19.3-2.12.amzn1.src
x86_64:
busybox-1.19.3-2.12.amzn1.x86_64
busybox-petitboot-1.19.3-2.12.amzn1.x86_64