Amazon Linux 1 Security Advisory: ALAS-2023-1676
Advisory Release Date: 2023-01-31 20:44 Pacific
Advisory Updated Date: 2023-02-04 18:16 Pacific
A flaw was found in protobuf. The vulnerability occurs due to incorrect parsing of a NULL character in the proto symbol and leads to a Null pointer dereference. This flaw allows an attacker to execute unauthorized code or commands, read memory, modify memory. (CVE-2021-22570)
Affected Packages:
protobuf
Issue Correction:
Run yum update protobuf to update your system.
i686:
protobuf-static-2.5.0-1.11.amzn1.i686
protobuf-lite-devel-2.5.0-1.11.amzn1.i686
protobuf-debuginfo-2.5.0-1.11.amzn1.i686
protobuf-devel-2.5.0-1.11.amzn1.i686
protobuf-compiler-2.5.0-1.11.amzn1.i686
protobuf-lite-static-2.5.0-1.11.amzn1.i686
protobuf-2.5.0-1.11.amzn1.i686
protobuf-lite-2.5.0-1.11.amzn1.i686
protobuf-python27-2.5.0-1.11.amzn1.i686
protobuf-vim-2.5.0-1.11.amzn1.i686
protobuf-python26-2.5.0-1.11.amzn1.i686
src:
protobuf-2.5.0-1.11.amzn1.src
x86_64:
protobuf-debuginfo-2.5.0-1.11.amzn1.x86_64
protobuf-lite-2.5.0-1.11.amzn1.x86_64
protobuf-devel-2.5.0-1.11.amzn1.x86_64
protobuf-compiler-2.5.0-1.11.amzn1.x86_64
protobuf-python26-2.5.0-1.11.amzn1.x86_64
protobuf-python27-2.5.0-1.11.amzn1.x86_64
protobuf-2.5.0-1.11.amzn1.x86_64
protobuf-vim-2.5.0-1.11.amzn1.x86_64
protobuf-static-2.5.0-1.11.amzn1.x86_64
protobuf-lite-devel-2.5.0-1.11.amzn1.x86_64
protobuf-lite-static-2.5.0-1.11.amzn1.x86_64