[ALAS2-2023-1926] Amazon Linux 2 2017.12 - ALAS2-2023-1926: medium priority package update for golang
Severity
Medium
Affected Packages
11
CVEs
1
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2022-41717:
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
Package | Affected Version |
---|---|
pkg:rpm/amazonlinux/golang?arch=x86_64&distro=amazonlinux-2 | < 1.18.9-1.amzn2.0.1 |
pkg:rpm/amazonlinux/golang?arch=aarch64&distro=amazonlinux-2 | < 1.18.9-1.amzn2.0.1 |
pkg:rpm/amazonlinux/golang-tests?arch=noarch&distro=amazonlinux-2 | < 1.18.9-1.amzn2.0.1 |
pkg:rpm/amazonlinux/golang-src?arch=noarch&distro=amazonlinux-2 | < 1.18.9-1.amzn2.0.1 |
pkg:rpm/amazonlinux/golang-shared?arch=x86_64&distro=amazonlinux-2 | < 1.18.9-1.amzn2.0.1 |
pkg:rpm/amazonlinux/golang-shared?arch=aarch64&distro=amazonlinux-2 | < 1.18.9-1.amzn2.0.1 |
pkg:rpm/amazonlinux/golang-race?arch=x86_64&distro=amazonlinux-2 | < 1.18.9-1.amzn2.0.1 |
pkg:rpm/amazonlinux/golang-misc?arch=noarch&distro=amazonlinux-2 | < 1.18.9-1.amzn2.0.1 |
pkg:rpm/amazonlinux/golang-docs?arch=noarch&distro=amazonlinux-2 | < 1.18.9-1.amzn2.0.1 |
pkg:rpm/amazonlinux/golang-bin?arch=x86_64&distro=amazonlinux-2 | < 1.18.9-1.amzn2.0.1 |
pkg:rpm/amazonlinux/golang-bin?arch=aarch64&distro=amazonlinux-2 | < 1.18.9-1.amzn2.0.1 |
- ID
- ALAS2-2023-1926
- Severity
- medium
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2023-1926.html
- Published
-
2023-01-30T16:02:00
(19 months ago) - Modified
-
2023-02-04T18:28:00
(19 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS-2023-1731
- ALAS-2023-1848
- ALPINE:CVE-2022-41717
- ALSA-2023:2204
- ALSA-2023:2222
- ALSA-2023:2236
- ALSA-2023:2253
- ALSA-2023:2282
- ALSA-2023:2283
- ALSA-2023:2357
- ALSA-2023:2367
- ALSA-2023:2758
- ALSA-2023:2780
- ALSA-2023:2802
- ALSA-2023:2866
- ALSA-2023:6420
- ELSA-2023-18908
- ELSA-2023-2204
- ELSA-2023-2222
- ELSA-2023-2253
- ELSA-2023-2282
- ELSA-2023-2283
- ELSA-2023-2357
- ELSA-2023-2367
- ELSA-2023-2758
- ELSA-2023-2780
- ELSA-2023-2802
- ELSA-2023-2866
- ELSA-2023-6420
- FEDORA-2023-0c354a3f9a
- FEDORA-2023-0fa7715821
- FEDORA-2023-0fff8bc164
- FEDORA-2023-2663dc67d8
- FEDORA-2023-267503a090
- FEDORA-2023-2df9d60e4c
- FEDORA-2023-322314ad50
- FEDORA-2023-327346caa5
- FEDORA-2023-3baf3f43a0
- FEDORA-2023-3dba09f630
- FEDORA-2023-4e2068ba5d
- FEDORA-2023-5eca6a8326
- FEDORA-2023-62ce942e75
- FEDORA-2023-6550d9323b
- FEDORA-2023-6cfe7492c1
- FEDORA-2023-6d71ff268e
- FEDORA-2023-70eb8ba61e
- FEDORA-2023-74e5545901
- FEDORA-2023-8b700042ac
- FEDORA-2023-8c02aee138
- FEDORA-2023-8ecc0e487e
- FEDORA-2023-946dfaf17f
- FEDORA-2023-a5a5542890
- FEDORA-2023-aa7c75ed4a
- FEDORA-2023-abb47e24d8
- FEDORA-2023-ac4651c9b2
- FEDORA-2023-af2e3d1c18
- FEDORA-2023-c0149844e2
- FEDORA-2023-c9b2182a4e
- FEDORA-2023-ca444fdecf
- FEDORA-2023-cb3a59a3df
- FEDORA-2023-ce2836acfa
- FEDORA-2023-e16469fdec
- FEDORA-2023-e359fd31d2
- FEDORA-2023-e82fd2abcb
- FEDORA-2023-e8c27ba884
- FEDORA-2023-ee472c698c
- FEDORA-2023-f4bd7ab2f7
- FEDORA-2024-ae653fb07b
- FEDORA-2024-b85b97c0e9
- FEDORA-2024-fb32950d11
- FEDORA-2024-fd3545a844
- FREEBSD:6F5192F5-75A7-11ED-83C0-411D43CE7FE4
- GLSA-202311-09
- GO-2022-1144
- MS:CVE-2022-41717
- RHSA-2023:0328
- RHSA-2023:0446
- RHSA-2023:2204
- RHSA-2023:2222
- RHSA-2023:2236
- RHSA-2023:2253
- RHSA-2023:2282
- RHSA-2023:2283
- RHSA-2023:2357
- RHSA-2023:2367
- RHSA-2023:2758
- RHSA-2023:2780
- RHSA-2023:2802
- RHSA-2023:2866
- RHSA-2023:6420
- SUSE-SU-2022:4397-1
- SUSE-SU-2022:4398-1
- SUSE-SU-2023:2312-1
- USN-6038-1
- USN-6038-2
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2022-41717 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41717 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/golang?arch=x86_64&distro=amazonlinux-2 | amazonlinux | golang | < 1.18.9-1.amzn2.0.1 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/golang?arch=aarch64&distro=amazonlinux-2 | amazonlinux | golang | < 1.18.9-1.amzn2.0.1 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/golang-tests?arch=noarch&distro=amazonlinux-2 | amazonlinux | golang-tests | < 1.18.9-1.amzn2.0.1 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/golang-src?arch=noarch&distro=amazonlinux-2 | amazonlinux | golang-src | < 1.18.9-1.amzn2.0.1 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/golang-shared?arch=x86_64&distro=amazonlinux-2 | amazonlinux | golang-shared | < 1.18.9-1.amzn2.0.1 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/golang-shared?arch=aarch64&distro=amazonlinux-2 | amazonlinux | golang-shared | < 1.18.9-1.amzn2.0.1 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/golang-race?arch=x86_64&distro=amazonlinux-2 | amazonlinux | golang-race | < 1.18.9-1.amzn2.0.1 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/golang-misc?arch=noarch&distro=amazonlinux-2 | amazonlinux | golang-misc | < 1.18.9-1.amzn2.0.1 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/golang-docs?arch=noarch&distro=amazonlinux-2 | amazonlinux | golang-docs | < 1.18.9-1.amzn2.0.1 | amazonlinux-2 | noarch | |
Affected | pkg:rpm/amazonlinux/golang-bin?arch=x86_64&distro=amazonlinux-2 | amazonlinux | golang-bin | < 1.18.9-1.amzn2.0.1 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/golang-bin?arch=aarch64&distro=amazonlinux-2 | amazonlinux | golang-bin | < 1.18.9-1.amzn2.0.1 | amazonlinux-2 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |