Amazon Linux 1 Security Advisory: ALAS-2023-1684
Advisory Release Date: 2023-02-13 20:36 Pacific
Advisory Updated Date: 2023-05-23 19:21 Pacific
2023-05-23: The severity level was changed from Critical to Medium.
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. (CVE-2022-25147)
Affected Packages:
apr-util
Issue Correction:
Run yum update apr-util to update your system.
i686:
apr-util-devel-1.5.4-6.19.amzn1.i686
apr-util-1.5.4-6.19.amzn1.i686
apr-util-openssl-1.5.4-6.19.amzn1.i686
apr-util-sqlite-1.5.4-6.19.amzn1.i686
apr-util-freetds-1.5.4-6.19.amzn1.i686
apr-util-ldap-1.5.4-6.19.amzn1.i686
apr-util-mysql-1.5.4-6.19.amzn1.i686
apr-util-pgsql-1.5.4-6.19.amzn1.i686
apr-util-debuginfo-1.5.4-6.19.amzn1.i686
apr-util-nss-1.5.4-6.19.amzn1.i686
apr-util-odbc-1.5.4-6.19.amzn1.i686
src:
apr-util-1.5.4-6.19.amzn1.src
x86_64:
apr-util-mysql-1.5.4-6.19.amzn1.x86_64
apr-util-pgsql-1.5.4-6.19.amzn1.x86_64
apr-util-devel-1.5.4-6.19.amzn1.x86_64
apr-util-odbc-1.5.4-6.19.amzn1.x86_64
apr-util-1.5.4-6.19.amzn1.x86_64
apr-util-ldap-1.5.4-6.19.amzn1.x86_64
apr-util-openssl-1.5.4-6.19.amzn1.x86_64
apr-util-sqlite-1.5.4-6.19.amzn1.x86_64
apr-util-nss-1.5.4-6.19.amzn1.x86_64
apr-util-freetds-1.5.4-6.19.amzn1.x86_64
apr-util-debuginfo-1.5.4-6.19.amzn1.x86_64