Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2024-2395

Related Vulnerabilities: CVE-2023-30630  

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. (CVE-2023-30630)

Source

ALAS-2024-2395

Amazon Linux 2 Security Advisory: ALAS-2024-2395
Advisory Release Date: 2024-01-03 21:04 Pacific
Advisory Updated Date: 2024-01-09 17:52 Pacific
Severity: Medium
Issue Overview:

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. (CVE-2023-30630)


Affected Packages:

dmidecode


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
"Run yum update dmidecode to update your system.
"

New Packages:
aarch64:
    dmidecode-3.2-5.amzn2.1.1.aarch64
    dmidecode-debuginfo-3.2-5.amzn2.1.1.aarch64

i686:
    dmidecode-3.2-5.amzn2.1.1.i686
    dmidecode-debuginfo-3.2-5.amzn2.1.1.i686

src:
    dmidecode-3.2-5.amzn2.1.1.src

x86_64:
    dmidecode-3.2-5.amzn2.1.1.x86_64
    dmidecode-debuginfo-3.2-5.amzn2.1.1.x86_64

Additional References

Red Hat: CVE-2023-30630

Mitre: CVE-2023-30630

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started