Amazon Linux 1 Security Advisory: ALAS-2023-1685
Advisory Release Date: 2023-02-15 00:23 Pacific
Advisory Updated Date: 2023-02-15 00:24 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. (CVE-2022-23772)
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. (CVE-2022-23773)
A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource. (CVE-2022-23806)
Affected Packages:
golang
Issue Correction:
Run yum update golang to update your system.
i686:
golang-bin-1.16.15-1.38.amzn1.i686
golang-shared-1.16.15-1.38.amzn1.i686
golang-1.16.15-1.38.amzn1.i686
noarch:
golang-tests-1.16.15-1.38.amzn1.noarch
golang-src-1.16.15-1.38.amzn1.noarch
golang-docs-1.16.15-1.38.amzn1.noarch
golang-misc-1.16.15-1.38.amzn1.noarch
src:
golang-1.16.15-1.38.amzn1.src
x86_64:
golang-bin-1.16.15-1.38.amzn1.x86_64
golang-race-1.16.15-1.38.amzn1.x86_64
golang-shared-1.16.15-1.38.amzn1.x86_64
golang-1.16.15-1.38.amzn1.x86_64