ALAS2023-2025-1112

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1112
Advisory Released Date: 2025-08-08
Advisory Updated Date: 2025-08-08

Severity: Medium

References: CVE-2024-23337
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue. (CVE-2024-23337)

Affected Packages:

Issue Correction:
Run dnf update jq --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1112 --releasever 2023.8.20250808 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

aarch64:
    jq-devel-1.7.1-50.amzn2023.aarch64
    jq-debugsource-1.7.1-50.amzn2023.aarch64
    jq-debuginfo-1.7.1-50.amzn2023.aarch64
    jq-1.7.1-50.amzn2023.aarch64

src:
    jq-1.7.1-50.amzn2023.src

x86_64:
    jq-debugsource-1.7.1-50.amzn2023.x86_64
    jq-1.7.1-50.amzn2023.x86_64
    jq-debuginfo-1.7.1-50.amzn2023.x86_64
    jq-devel-1.7.1-50.amzn2023.x86_64

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2024-23337

Mitre: CVE-2024-23337