Amazon Linux 2 Security Advisory: ALAS2DOCKER-2025-052
Advisory Released Date: 2025-02-25
Advisory Updated Date: 2025-02-25
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. (CVE-2024-45338)
Affected Packages:
soci-snapshotter
Note:
This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update soci-snapshotter to update your system.
aarch64:
soci-snapshotter-0.9.0-1.amzn2.0.1.aarch64
src:
soci-snapshotter-0.9.0-1.amzn2.0.1.src
x86_64:
soci-snapshotter-0.9.0-1.amzn2.0.1.x86_64