ALAS2023-2023-335

Amazon Linux 2023 Security Advisory: ALAS2023-2023-335
Advisory Released Date: 2023-09-07
Advisory Updated Date: 2023-09-07
Severity: Medium
Issue Overview:

An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c. (CVE-2022-47022)


Affected Packages:

hwloc


Issue Correction:
Run dnf update hwloc --releasever 2023.1.20230906 to update your system.

New Packages:
aarch64:
    hwloc-libs-debuginfo-2.4.1-3.amzn2023.0.6.aarch64
    hwloc-plugins-debuginfo-2.4.1-3.amzn2023.0.6.aarch64
    hwloc-gui-2.4.1-3.amzn2023.0.6.aarch64
    hwloc-plugins-2.4.1-3.amzn2023.0.6.aarch64
    hwloc-libs-2.4.1-3.amzn2023.0.6.aarch64
    hwloc-debugsource-2.4.1-3.amzn2023.0.6.aarch64
    hwloc-gui-debuginfo-2.4.1-3.amzn2023.0.6.aarch64
    hwloc-debuginfo-2.4.1-3.amzn2023.0.6.aarch64
    hwloc-2.4.1-3.amzn2023.0.6.aarch64
    hwloc-devel-2.4.1-3.amzn2023.0.6.aarch64

src:
    hwloc-2.4.1-3.amzn2023.0.6.src

x86_64:
    hwloc-libs-2.4.1-3.amzn2023.0.6.x86_64
    hwloc-plugins-debuginfo-2.4.1-3.amzn2023.0.6.x86_64
    hwloc-libs-debuginfo-2.4.1-3.amzn2023.0.6.x86_64
    hwloc-plugins-2.4.1-3.amzn2023.0.6.x86_64
    hwloc-gui-debuginfo-2.4.1-3.amzn2023.0.6.x86_64
    hwloc-gui-2.4.1-3.amzn2023.0.6.x86_64
    hwloc-2.4.1-3.amzn2023.0.6.x86_64
    hwloc-debuginfo-2.4.1-3.amzn2023.0.6.x86_64
    hwloc-debugsource-2.4.1-3.amzn2023.0.6.x86_64
    hwloc-devel-2.4.1-3.amzn2023.0.6.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2022-47022

Mitre: CVE-2022-47022