Amazon Linux 2 Security Advisory: ALAS2-2025-2943
Advisory Released Date: 2025-07-30
Advisory Updated Date: 2025-07-30
Severity:
Medium
Issue Overview:
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue. (CVE-2024-23337)
Affected Packages:
jq
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update jq or yum update --advisory ALAS2-2025-2943 to update your system.
New Packages:
aarch64:
jq-1.5-1.amzn2.0.3.aarch64
jq-devel-1.5-1.amzn2.0.3.aarch64
jq-debuginfo-1.5-1.amzn2.0.3.aarch64
i686:
jq-1.5-1.amzn2.0.3.i686
jq-devel-1.5-1.amzn2.0.3.i686
jq-debuginfo-1.5-1.amzn2.0.3.i686
src:
jq-1.5-1.amzn2.0.3.src
x86_64:
jq-1.5-1.amzn2.0.3.x86_64
jq-devel-1.5-1.amzn2.0.3.x86_64
jq-debuginfo-1.5-1.amzn2.0.3.x86_64