ALAS2023-2024-478

Amazon Linux 2023 Security Advisory: ALAS2023-2024-478
Advisory Released Date: 2024-01-08
Advisory Updated Date: 2024-01-08

Severity: Medium

References: CVE-2023-34623
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. (CVE-2023-34623)

Affected Packages:

jtidy

Issue Correction:
Run dnf update jtidy --releasever 2023.3.20240108 to update your system.

New Packages:

noarch:
    jtidy-1.0-0.38.20100930svn1125.amzn2023.0.2.noarch
    jtidy-javadoc-1.0-0.38.20100930svn1125.amzn2023.0.2.noarch

src:
    jtidy-1.0-0.38.20100930svn1125.amzn2023.0.2.src

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2023-34623

Mitre: CVE-2023-34623