Amazon Linux 1 (EOL) Security Advisory: ALAS-2021-1496
Advisory Released Date: 2021-05-10
Advisory Updated Date: 2021-05-10
Severity:
Medium
Issue Overview:
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. (CVE-2021-28831)
Affected Packages:
busybox
Issue Correction:
Run yum update busybox to update your system.
New Packages:
i686:
busybox-1.19.3-2.12.amzn1.i686
busybox-petitboot-1.19.3-2.12.amzn1.i686
src:
busybox-1.19.3-2.12.amzn1.src
x86_64:
busybox-1.19.3-2.12.amzn1.x86_64
busybox-petitboot-1.19.3-2.12.amzn1.x86_64