ALAS-2023-1770

Amazon Linux 1 (EOL) Security Advisory: ALAS-2023-1770
Advisory Released Date: 2023-06-27
Advisory Updated Date: 2023-06-29

Severity: Important

References: CVE-2023-32067
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Denial of Service.

An issue in c-ares was found where a 0-byte UDP payload can cause a Denial of Service (CVE-2023-32067).

Affected Packages:

c-ares

Issue Correction:
Run yum update c-ares to update your system.

New Packages:

i686:
    c-ares-1.17.2-1.9.amzn1.i686
    c-ares-debuginfo-1.17.2-1.9.amzn1.i686
    c-ares-devel-1.17.2-1.9.amzn1.i686

src:
    c-ares-1.17.2-1.9.amzn1.src

x86_64:
    c-ares-debuginfo-1.17.2-1.9.amzn1.x86_64
    c-ares-devel-1.17.2-1.9.amzn1.x86_64
    c-ares-1.17.2-1.9.amzn1.x86_64

Additional References

Red Hat: CVE-2023-32067

Mitre: CVE-2023-32067