ALAS-2021-1496


Amazon Linux AMI Security Advisory: ALAS-2021-1496
Advisory Release Date: 2021-05-06 19:11 Pacific
Advisory Updated Date: 2021-05-07 19:54 Pacific
Severity: Medium
References: CVE-2021-28831 

Issue Overview:

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. (CVE-2021-28831)


Affected Packages:

busybox


Issue Correction:
Run yum update busybox to update your system.

New Packages:
i686:
    busybox-1.19.3-2.12.amzn1.i686
    busybox-petitboot-1.19.3-2.12.amzn1.i686

src:
    busybox-1.19.3-2.12.amzn1.src

x86_64:
    busybox-1.19.3-2.12.amzn1.x86_64
    busybox-petitboot-1.19.3-2.12.amzn1.x86_64