ALAS2023-2024-556

Amazon Linux 2023 Security Advisory: ALAS2023-2024-556
Advisory Released Date: 2024-03-05
Advisory Updated Date: 2024-03-05

Severity: Important

References: CVE-2022-48623
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service. (CVE-2022-48623)

Affected Packages:

perl-Cpanel-JSON-XS

Issue Correction:
Run dnf update perl-Cpanel-JSON-XS --releasever 2023.3.20240304 to update your system.

New Packages:

aarch64:
    perl-Cpanel-JSON-XS-debugsource-4.25-2.amzn2023.0.6.aarch64
    perl-Cpanel-JSON-XS-debuginfo-4.25-2.amzn2023.0.6.aarch64
    perl-Cpanel-JSON-XS-4.25-2.amzn2023.0.6.aarch64

src:
    perl-Cpanel-JSON-XS-4.25-2.amzn2023.0.6.src

x86_64:
    perl-Cpanel-JSON-XS-debugsource-4.25-2.amzn2023.0.6.x86_64
    perl-Cpanel-JSON-XS-debuginfo-4.25-2.amzn2023.0.6.x86_64
    perl-Cpanel-JSON-XS-4.25-2.amzn2023.0.6.x86_64

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2022-48623

Mitre: CVE-2022-48623