Amazon Linux 2 Security Advisory: ALAS-2023-1937
Advisory Release Date: 2023-02-13 16:57 Pacific
Advisory Updated Date: 2023-02-14 22:18 Pacific
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. (CVE-2022-25147)
Affected Packages:
apr-util
Issue Correction:
pkg_manager = 'yum'Run update apr-util to update your system.
aarch64:
apr-util-1.6.3-1.amzn2.0.1.aarch64
apr-util-devel-1.6.3-1.amzn2.0.1.aarch64
apr-util-pgsql-1.6.3-1.amzn2.0.1.aarch64
apr-util-bdb-1.6.3-1.amzn2.0.1.aarch64
apr-util-mysql-1.6.3-1.amzn2.0.1.aarch64
apr-util-sqlite-1.6.3-1.amzn2.0.1.aarch64
apr-util-odbc-1.6.3-1.amzn2.0.1.aarch64
apr-util-ldap-1.6.3-1.amzn2.0.1.aarch64
apr-util-openssl-1.6.3-1.amzn2.0.1.aarch64
apr-util-nss-1.6.3-1.amzn2.0.1.aarch64
apr-util-debuginfo-1.6.3-1.amzn2.0.1.aarch64
i686:
apr-util-1.6.3-1.amzn2.0.1.i686
apr-util-devel-1.6.3-1.amzn2.0.1.i686
apr-util-pgsql-1.6.3-1.amzn2.0.1.i686
apr-util-bdb-1.6.3-1.amzn2.0.1.i686
apr-util-mysql-1.6.3-1.amzn2.0.1.i686
apr-util-sqlite-1.6.3-1.amzn2.0.1.i686
apr-util-odbc-1.6.3-1.amzn2.0.1.i686
apr-util-ldap-1.6.3-1.amzn2.0.1.i686
apr-util-openssl-1.6.3-1.amzn2.0.1.i686
apr-util-nss-1.6.3-1.amzn2.0.1.i686
apr-util-debuginfo-1.6.3-1.amzn2.0.1.i686
src:
apr-util-1.6.3-1.amzn2.0.1.src
x86_64:
apr-util-1.6.3-1.amzn2.0.1.x86_64
apr-util-devel-1.6.3-1.amzn2.0.1.x86_64
apr-util-pgsql-1.6.3-1.amzn2.0.1.x86_64
apr-util-bdb-1.6.3-1.amzn2.0.1.x86_64
apr-util-mysql-1.6.3-1.amzn2.0.1.x86_64
apr-util-sqlite-1.6.3-1.amzn2.0.1.x86_64
apr-util-odbc-1.6.3-1.amzn2.0.1.x86_64
apr-util-ldap-1.6.3-1.amzn2.0.1.x86_64
apr-util-openssl-1.6.3-1.amzn2.0.1.x86_64
apr-util-nss-1.6.3-1.amzn2.0.1.x86_64
apr-util-debuginfo-1.6.3-1.amzn2.0.1.x86_64