ALAS-2023-1684


Amazon Linux 1 Security Advisory: ALAS-2023-1684
Advisory Release Date: 2023-02-13 20:36 Pacific
Advisory Updated Date: 2023-05-23 19:21 Pacific
Severity: Medium

Issue Overview:

2023-05-23: The severity level was changed from Critical to Medium.

Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. (CVE-2022-25147)


Affected Packages:

apr-util


Issue Correction:
Run yum update apr-util to update your system.

New Packages:
i686:
    apr-util-devel-1.5.4-6.19.amzn1.i686
    apr-util-1.5.4-6.19.amzn1.i686
    apr-util-openssl-1.5.4-6.19.amzn1.i686
    apr-util-sqlite-1.5.4-6.19.amzn1.i686
    apr-util-freetds-1.5.4-6.19.amzn1.i686
    apr-util-ldap-1.5.4-6.19.amzn1.i686
    apr-util-mysql-1.5.4-6.19.amzn1.i686
    apr-util-pgsql-1.5.4-6.19.amzn1.i686
    apr-util-debuginfo-1.5.4-6.19.amzn1.i686
    apr-util-nss-1.5.4-6.19.amzn1.i686
    apr-util-odbc-1.5.4-6.19.amzn1.i686

src:
    apr-util-1.5.4-6.19.amzn1.src

x86_64:
    apr-util-mysql-1.5.4-6.19.amzn1.x86_64
    apr-util-pgsql-1.5.4-6.19.amzn1.x86_64
    apr-util-devel-1.5.4-6.19.amzn1.x86_64
    apr-util-odbc-1.5.4-6.19.amzn1.x86_64
    apr-util-1.5.4-6.19.amzn1.x86_64
    apr-util-ldap-1.5.4-6.19.amzn1.x86_64
    apr-util-openssl-1.5.4-6.19.amzn1.x86_64
    apr-util-sqlite-1.5.4-6.19.amzn1.x86_64
    apr-util-nss-1.5.4-6.19.amzn1.x86_64
    apr-util-freetds-1.5.4-6.19.amzn1.x86_64
    apr-util-debuginfo-1.5.4-6.19.amzn1.x86_64