Amazon Linux 2023 Security Advisory: ALAS2023-2024-558
Advisory Released Date: 2024-03-05
Advisory Updated Date: 2024-03-05
Severity:
Low
References:
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
This update enables libpsl support in curl, which adds protection against domain spanning "super cookies" as described in section 5.3 of RFC 6265.
Affected Packages:
curl
Issue Correction:
Run dnf update curl --releasever 2023.3.20240304 to update your system.
New Packages:
aarch64:
curl-minimal-debuginfo-8.5.0-1.amzn2023.0.2.aarch64
libcurl-debuginfo-8.5.0-1.amzn2023.0.2.aarch64
libcurl-8.5.0-1.amzn2023.0.2.aarch64
curl-debugsource-8.5.0-1.amzn2023.0.2.aarch64
libcurl-minimal-debuginfo-8.5.0-1.amzn2023.0.2.aarch64
curl-8.5.0-1.amzn2023.0.2.aarch64
libcurl-minimal-8.5.0-1.amzn2023.0.2.aarch64
curl-debuginfo-8.5.0-1.amzn2023.0.2.aarch64
curl-minimal-8.5.0-1.amzn2023.0.2.aarch64
libcurl-devel-8.5.0-1.amzn2023.0.2.aarch64
src:
curl-8.5.0-1.amzn2023.0.2.src
x86_64:
libcurl-debuginfo-8.5.0-1.amzn2023.0.2.x86_64
curl-minimal-debuginfo-8.5.0-1.amzn2023.0.2.x86_64
libcurl-minimal-8.5.0-1.amzn2023.0.2.x86_64
curl-debugsource-8.5.0-1.amzn2023.0.2.x86_64
curl-debuginfo-8.5.0-1.amzn2023.0.2.x86_64
libcurl-minimal-debuginfo-8.5.0-1.amzn2023.0.2.x86_64
curl-8.5.0-1.amzn2023.0.2.x86_64
curl-minimal-8.5.0-1.amzn2023.0.2.x86_64
libcurl-8.5.0-1.amzn2023.0.2.x86_64
libcurl-devel-8.5.0-1.amzn2023.0.2.x86_64