Amazon Linux 2 Security Advisory: ALAS2-2024-2490
Advisory Released Date: 2024-03-04
Advisory Updated Date: 2024-03-04
Severity:
Low
References:
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
This update enables libpsl support in curl, which adds protection against domain spanning "super cookies" as described in section 5.3 of RFC 6265.
Affected Packages:
curl
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update curl to update your system.
New Packages:
aarch64:
curl-8.3.0-1.amzn2.0.6.aarch64
libcurl-8.3.0-1.amzn2.0.6.aarch64
libcurl-devel-8.3.0-1.amzn2.0.6.aarch64
curl-debuginfo-8.3.0-1.amzn2.0.6.aarch64
i686:
curl-8.3.0-1.amzn2.0.6.i686
libcurl-8.3.0-1.amzn2.0.6.i686
libcurl-devel-8.3.0-1.amzn2.0.6.i686
curl-debuginfo-8.3.0-1.amzn2.0.6.i686
src:
curl-8.3.0-1.amzn2.0.6.src
x86_64:
curl-8.3.0-1.amzn2.0.6.x86_64
libcurl-8.3.0-1.amzn2.0.6.x86_64
libcurl-devel-8.3.0-1.amzn2.0.6.x86_64
curl-debuginfo-8.3.0-1.amzn2.0.6.x86_64