Vulmon
Amazon Linux AMI Security Advisory: ALAS-2023-1685
Advisory Release Date: 2023-02-15 00:23 Pacific
Advisory Updated Date: 2023-02-15 00:24 Pacific
Severity:
Medium
References:
CVE-2022-23772
CVE-2022-23773
CVE-2022-23806
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. (CVE-2022-23772)
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. (CVE-2022-23773)
A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource. (CVE-2022-23806)
Affected Packages:
golang
Issue Correction:
pkg_manager = 'yum'Run update golang to update your system.
New Packages:
i686:
golang-bin-1.16.15-1.38.amzn1.i686
golang-shared-1.16.15-1.38.amzn1.i686
golang-1.16.15-1.38.amzn1.i686
noarch:
golang-tests-1.16.15-1.38.amzn1.noarch
golang-src-1.16.15-1.38.amzn1.noarch
golang-docs-1.16.15-1.38.amzn1.noarch
golang-misc-1.16.15-1.38.amzn1.noarch
src:
golang-1.16.15-1.38.amzn1.src
x86_64:
golang-bin-1.16.15-1.38.amzn1.x86_64
golang-race-1.16.15-1.38.amzn1.x86_64
golang-shared-1.16.15-1.38.amzn1.x86_64
golang-1.16.15-1.38.amzn1.x86_64