Amazon Linux 2 Security Advisory: ALAS-2020-1417
Advisory Release Date: 2020-05-05 01:12 Pacific
Advisory Updated Date: 2020-05-06 22:56 Pacific
Severity:
Important
References:
CVE-2019-15605
Issue Overview:
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed (CVE-2019-15605)
Affected Packages:
http-parser
Issue Correction:
Run yum update http-parser to update your system.
New Packages:
aarch64:
http-parser-2.7.1-8.amzn2.2.aarch64
http-parser-devel-2.7.1-8.amzn2.2.aarch64
http-parser-debuginfo-2.7.1-8.amzn2.2.aarch64
i686:
http-parser-2.7.1-8.amzn2.2.i686
http-parser-devel-2.7.1-8.amzn2.2.i686
http-parser-debuginfo-2.7.1-8.amzn2.2.i686
src:
http-parser-2.7.1-8.amzn2.2.src
x86_64:
http-parser-2.7.1-8.amzn2.2.x86_64
http-parser-devel-2.7.1-8.amzn2.2.x86_64
http-parser-debuginfo-2.7.1-8.amzn2.2.x86_64