Amazon Linux 1 Security Advisory: ALAS-2023-1888
Advisory Release Date: 2023-11-10 17:32 Pacific
Advisory Updated Date: 2023-11-15 23:27 Pacific
Severity:
Important
Issue Overview:
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. (CVE-2023-39325)
Affected Packages:
containerd
Issue Correction:
Run yum update containerd to update your system.
New Packages:
src:
containerd-1.4.13-6.amzn1.src
x86_64:
containerd-1.4.13-6.amzn1.x86_64
containerd-stress-1.4.13-6.amzn1.x86_64
containerd-debuginfo-1.4.13-6.amzn1.x86_64