ALAS2-2023-2022

Related Vulnerabilities: CVE-2023-27539  

The Ruby on Rails advisory describes this vulnerability as follows: Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. (CVE-2023-27539)

ALAS2-2023-2022


Amazon Linux 2 Security Advisory: ALAS-2023-2022
Advisory Release Date: 2023-04-27 18:36 Pacific
Advisory Updated Date: 2023-05-02 19:18 Pacific
Severity: Medium

Issue Overview:

The Ruby on Rails advisory describes this vulnerability as follows:

Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. (CVE-2023-27539)


Affected Packages:

pcs


Issue Correction:
Run yum update pcs to update your system.

New Packages:
aarch64:
    pcs-0.9.169-3.amzn2.3.0.2.aarch64
    pcs-snmp-0.9.169-3.amzn2.3.0.2.aarch64
    pcs-debuginfo-0.9.169-3.amzn2.3.0.2.aarch64

i686:
    pcs-0.9.169-3.amzn2.3.0.2.i686
    pcs-snmp-0.9.169-3.amzn2.3.0.2.i686
    pcs-debuginfo-0.9.169-3.amzn2.3.0.2.i686

src:
    pcs-0.9.169-3.amzn2.3.0.2.src

x86_64:
    pcs-0.9.169-3.amzn2.3.0.2.x86_64
    pcs-snmp-0.9.169-3.amzn2.3.0.2.x86_64
    pcs-debuginfo-0.9.169-3.amzn2.3.0.2.x86_64