Amazon Linux 2 Security Advisory: ALAS2MATE-DESKTOP1.X-2024-004
Advisory Released Date: 2024-01-09
Advisory Updated Date: 2024-01-09
FAQs regarding Amazon Linux ALAS/CVE Severity
Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function. (CVE-2022-26592)
Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2. (CVE-2022-43357)
Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS). (CVE-2022-43358)
Affected Packages:
libsass
Note:
This advisory is applicable to Amazon Linux 2 - Mate-desktop1.x Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update libsass to update your system.
aarch64:
libsass-3.6.4-3.amzn2.0.1.aarch64
libsass-devel-3.6.4-3.amzn2.0.1.aarch64
libsass-debuginfo-3.6.4-3.amzn2.0.1.aarch64
src:
libsass-3.6.4-3.amzn2.0.1.src
x86_64:
libsass-3.6.4-3.amzn2.0.1.x86_64
libsass-devel-3.6.4-3.amzn2.0.1.x86_64
libsass-debuginfo-3.6.4-3.amzn2.0.1.x86_64