ALAS2023-2023-272

Amazon Linux 2023 Security Advisory: ALAS2023-2023-272
Advisory Released Date: 2023-08-09
Advisory Updated Date: 2023-08-09

Severity: Medium

References: CVE-2023-38469 CVE-2023-38470 CVE-2023-38471
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A reachable assertion was found in avahi_dns_packet_append_record. (CVE-2023-38469)

A reachable assertion was found in avahi_escape_label. (CVE-2023-38470)

A reachable assertion was found in dbus_set_host_name. (CVE-2023-38471)

Affected Packages:

avahi

Issue Correction:
Run dnf update avahi --releasever 2023.1.20230809 to update your system.

New Packages:

aarch64:
    avahi-ui-gtk3-debuginfo-0.8-14.amzn2023.0.8.aarch64
    avahi-glib-debuginfo-0.8-14.amzn2023.0.8.aarch64
    avahi-0.8-14.amzn2023.0.8.aarch64
    avahi-glib-devel-0.8-14.amzn2023.0.8.aarch64
    avahi-debugsource-0.8-14.amzn2023.0.8.aarch64
    avahi-compat-howl-0.8-14.amzn2023.0.8.aarch64
    avahi-gobject-debuginfo-0.8-14.amzn2023.0.8.aarch64
    avahi-glib-0.8-14.amzn2023.0.8.aarch64
    avahi-dnsconfd-0.8-14.amzn2023.0.8.aarch64
    avahi-libs-debuginfo-0.8-14.amzn2023.0.8.aarch64
    avahi-libs-0.8-14.amzn2023.0.8.aarch64
    avahi-devel-0.8-14.amzn2023.0.8.aarch64
    avahi-debuginfo-0.8-14.amzn2023.0.8.aarch64
    avahi-autoipd-0.8-14.amzn2023.0.8.aarch64
    avahi-tools-debuginfo-0.8-14.amzn2023.0.8.aarch64
    avahi-compat-libdns_sd-0.8-14.amzn2023.0.8.aarch64
    avahi-gobject-0.8-14.amzn2023.0.8.aarch64
    avahi-compat-howl-debuginfo-0.8-14.amzn2023.0.8.aarch64
    avahi-ui-gtk3-0.8-14.amzn2023.0.8.aarch64
    avahi-compat-libdns_sd-devel-0.8-14.amzn2023.0.8.aarch64
    avahi-dnsconfd-debuginfo-0.8-14.amzn2023.0.8.aarch64
    avahi-gobject-devel-0.8-14.amzn2023.0.8.aarch64
    avahi-compat-libdns_sd-debuginfo-0.8-14.amzn2023.0.8.aarch64
    avahi-ui-devel-0.8-14.amzn2023.0.8.aarch64
    avahi-compat-howl-devel-0.8-14.amzn2023.0.8.aarch64
    avahi-tools-0.8-14.amzn2023.0.8.aarch64
    avahi-autoipd-debuginfo-0.8-14.amzn2023.0.8.aarch64

src:
    avahi-0.8-14.amzn2023.0.8.src

x86_64:
    avahi-devel-0.8-14.amzn2023.0.8.x86_64
    avahi-debugsource-0.8-14.amzn2023.0.8.x86_64
    avahi-compat-howl-debuginfo-0.8-14.amzn2023.0.8.x86_64
    avahi-dnsconfd-debuginfo-0.8-14.amzn2023.0.8.x86_64
    avahi-dnsconfd-0.8-14.amzn2023.0.8.x86_64
    avahi-libs-debuginfo-0.8-14.amzn2023.0.8.x86_64
    avahi-ui-gtk3-0.8-14.amzn2023.0.8.x86_64
    avahi-compat-libdns_sd-0.8-14.amzn2023.0.8.x86_64
    avahi-gobject-debuginfo-0.8-14.amzn2023.0.8.x86_64
    avahi-tools-0.8-14.amzn2023.0.8.x86_64
    avahi-glib-devel-0.8-14.amzn2023.0.8.x86_64
    avahi-ui-devel-0.8-14.amzn2023.0.8.x86_64
    avahi-compat-howl-devel-0.8-14.amzn2023.0.8.x86_64
    avahi-compat-howl-0.8-14.amzn2023.0.8.x86_64
    avahi-glib-0.8-14.amzn2023.0.8.x86_64
    avahi-gobject-devel-0.8-14.amzn2023.0.8.x86_64
    avahi-gobject-0.8-14.amzn2023.0.8.x86_64
    avahi-glib-debuginfo-0.8-14.amzn2023.0.8.x86_64
    avahi-autoipd-0.8-14.amzn2023.0.8.x86_64
    avahi-debuginfo-0.8-14.amzn2023.0.8.x86_64
    avahi-ui-gtk3-debuginfo-0.8-14.amzn2023.0.8.x86_64
    avahi-compat-libdns_sd-debuginfo-0.8-14.amzn2023.0.8.x86_64
    avahi-autoipd-debuginfo-0.8-14.amzn2023.0.8.x86_64
    avahi-libs-0.8-14.amzn2023.0.8.x86_64
    avahi-compat-libdns_sd-devel-0.8-14.amzn2023.0.8.x86_64
    avahi-tools-debuginfo-0.8-14.amzn2023.0.8.x86_64
    avahi-0.8-14.amzn2023.0.8.x86_64

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2023-38469, CVE-2023-38470, CVE-2023-38471

Mitre: CVE-2023-38469, CVE-2023-38470, CVE-2023-38471