ALAS-2022-1650


Amazon Linux 1 Security Advisory: ALAS-2022-1650
Advisory Release Date: 2022-12-01 17:34 Pacific
Advisory Updated Date: 2022-12-10 00:39 Pacific
Severity: Medium

Issue Overview:

A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call inflateGetHeader. (CVE-2022-37434)


Affected Packages:

zlib


Issue Correction:
Run yum update zlib to update your system.

New Packages:
i686:
    zlib-1.2.8-7.20.amzn1.i686
    minizip-1.2.8-7.20.amzn1.i686
    zlib-static-1.2.8-7.20.amzn1.i686
    minizip-devel-1.2.8-7.20.amzn1.i686
    zlib-devel-1.2.8-7.20.amzn1.i686
    zlib-debuginfo-1.2.8-7.20.amzn1.i686

src:
    zlib-1.2.8-7.20.amzn1.src

x86_64:
    minizip-1.2.8-7.20.amzn1.x86_64
    minizip-devel-1.2.8-7.20.amzn1.x86_64
    zlib-debuginfo-1.2.8-7.20.amzn1.x86_64
    zlib-static-1.2.8-7.20.amzn1.x86_64
    zlib-1.2.8-7.20.amzn1.x86_64
    zlib-devel-1.2.8-7.20.amzn1.x86_64