ALAS-2023-1786


Amazon Linux 1 Security Advisory: ALAS-2023-1786
Advisory Release Date: 2023-07-13 23:57 Pacific
Advisory Updated Date: 2023-07-19 21:51 Pacific
Severity: Medium

Issue Overview:

A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. (CVE-2022-30065)


Affected Packages:

busybox


Issue Correction:
Run yum update busybox to update your system.

New Packages:
i686:
    busybox-debuginfo-1.34.1-1.15.amzn1.i686
    busybox-1.34.1-1.15.amzn1.i686
    busybox-petitboot-1.34.1-1.15.amzn1.i686

src:
    busybox-1.34.1-1.15.amzn1.src

x86_64:
    busybox-petitboot-1.34.1-1.15.amzn1.x86_64
    busybox-1.34.1-1.15.amzn1.x86_64
    busybox-debuginfo-1.34.1-1.15.amzn1.x86_64