Amazon Linux 1 Security Advisory: ALAS-2023-1780
Advisory Release Date: 2023-07-05 21:44 Pacific
Advisory Updated Date: 2023-07-19 21:50 Pacific
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. (CVE-2022-4904)
Affected Packages:
c-ares
Issue Correction:
Run yum update c-ares to update your system.
i686:
c-ares-debuginfo-1.17.2-1.10.amzn1.i686
c-ares-1.17.2-1.10.amzn1.i686
c-ares-devel-1.17.2-1.10.amzn1.i686
src:
c-ares-1.17.2-1.10.amzn1.src
x86_64:
c-ares-1.17.2-1.10.amzn1.x86_64
c-ares-debuginfo-1.17.2-1.10.amzn1.x86_64
c-ares-devel-1.17.2-1.10.amzn1.x86_64