ALAS2023-2023-082

Amazon Linux 2023 Security Advisory: ALAS2023-2023-082
Advisory Released Date: 2023-03-22
Advisory Updated Date: 2023-03-22
Severity: Important
Issue Overview:

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. (CVE-2022-3179)

Bottle before 0.12.20 mishandles errors during early request binding. (CVE-2022-31799)


Affected Packages:

python-bottle


Issue Correction:
Run dnf update python-bottle --releasever=2023.0.20230222 to update your system.

New Packages:
noarch:
    python3-bottle-0.12.21-2.amzn2023.0.1.noarch

src:
    python-bottle-0.12.21-2.amzn2023.0.1.src

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2022-3179, CVE-2022-31799

Mitre: CVE-2022-3179, CVE-2022-31799