Amazon Linux 2023 Security Advisory: ALAS2023-2023-375
Advisory Released Date: 2023-10-03
Advisory Updated Date: 2023-10-03
Severity:
Medium
Issue Overview:
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. (CVE-2022-38752)
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. (CVE-2022-41854)
Affected Packages:
snakeyaml
Issue Correction:
Run dnf update snakeyaml --releasever 2023.2.20231002 or dnf update --advisory ALAS2023-2023-375 --releasever 2023.2.20231002 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
noarch:
snakeyaml-1.27-6.amzn2023.0.3.noarch
snakeyaml-javadoc-1.27-6.amzn2023.0.3.noarch
src:
snakeyaml-1.27-6.amzn2023.0.3.src