Amazon Linux 1 Security Advisory: ALAS-2024-1940
Advisory Release Date: 2024-06-19 18:46 Pacific
Advisory Updated Date: 2024-06-24 14:01 Pacific
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user's system when interacted with. (CVE-2024-27322)
Affected Packages:
R
Issue Correction:
Run yum update R to update your system.
i686:
libRmath-static-3.4.1-1.53.amzn1.i686
R-core-devel-3.4.1-1.53.amzn1.i686
R-devel-3.4.1-1.53.amzn1.i686
R-java-3.4.1-1.53.amzn1.i686
R-3.4.1-1.53.amzn1.i686
R-java-devel-3.4.1-1.53.amzn1.i686
R-core-3.4.1-1.53.amzn1.i686
libRmath-3.4.1-1.53.amzn1.i686
libRmath-devel-3.4.1-1.53.amzn1.i686
R-debuginfo-3.4.1-1.53.amzn1.i686
src:
R-3.4.1-1.53.amzn1.src
x86_64:
libRmath-static-3.4.1-1.53.amzn1.x86_64
libRmath-devel-3.4.1-1.53.amzn1.x86_64
R-3.4.1-1.53.amzn1.x86_64
R-devel-3.4.1-1.53.amzn1.x86_64
R-java-devel-3.4.1-1.53.amzn1.x86_64
R-java-3.4.1-1.53.amzn1.x86_64
R-core-3.4.1-1.53.amzn1.x86_64
R-core-devel-3.4.1-1.53.amzn1.x86_64
libRmath-3.4.1-1.53.amzn1.x86_64
R-debuginfo-3.4.1-1.53.amzn1.x86_64