[ALAS2-2023-2325] Amazon Linux 2 2017.12 - ALAS2-2023-2325: important priority package update for cni-plugins
Severity
Important
Affected Packages
4
CVEs
1
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2023-39325:
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
| Package | Affected Version |
|---|---|
 pkg:rpm/amazonlinux/cni-plugins?arch=x86_64&distro=amazonlinux-2
|
< 1.2.0-1.amzn2.0.4 |
|
pkg:rpm/amazonlinux/cni-plugins?arch=aarch64&distro=amazonlinux-2
|
< 1.2.0-1.amzn2.0.4 |
|
pkg:rpm/amazonlinux/cni-plugins-debuginfo?arch=x86_64&distro=amazonlinux-2
|
< 1.2.0-1.amzn2.0.4 |
|
pkg:rpm/amazonlinux/cni-plugins-debuginfo?arch=aarch64&distro=amazonlinux-2
|
< 1.2.0-1.amzn2.0.4 |
- ID
- ALAS2-2023-2325
- Severity
- important
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2023-2325.html
- Published
-
2023-10-30T23:59:00
(10 months ago) - Modified
-
2023-11-01T22:21:00
(10 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
ALAS-2023-1871
-
ALAS-2024-1920
-
ALAS2-2023-2313
-
ALAS2-2023-2324
-
ALAS2-2023-2326
-
ALAS2-2023-2339
-
ALAS2-2024-2424
-
ALAS2-2024-2458
-
ALPINE:CVE-2023-39325
-
ALSA-2023:5721
-
ALSA-2023:5738
-
ALSA-2023:5863
-
ALSA-2023:5867
-
ALSA-2023:6077
-
ELSA-2023-13028
-
ELSA-2023-13029
-
ELSA-2023-13053
-
ELSA-2023-13054
-
ELSA-2023-5721
-
ELSA-2023-5738
-
ELSA-2023-5863
-
ELSA-2023-5867
-
FEDORA-2023-0d46257314
-
FEDORA-2023-257f33c602
-
FEDORA-2023-327346caa5
-
FEDORA-2023-3a895ff65c
-
FEDORA-2023-4bf641255e
-
FEDORA-2023-5029b92850
-
FEDORA-2023-548163deb1
-
FEDORA-2023-66966ae3d0
-
FEDORA-2023-6f4c5b6331
-
FEDORA-2023-822aab0a5a
-
FEDORA-2023-a5a5542890
-
FEDORA-2023-b43faebc9f
-
FEDORA-2023-b60ff8c9ec
-
FEDORA-2023-b75ee820ce
-
FEDORA-2023-c858d2c53b
-
FEDORA-2023-d58c8eeb7c
-
FEDORA-2023-e359fd31d2
-
FEDORA-2023-e3e4e3f51a
-
FEDORA-2023-fa2d7b25d9
-
FEDORA-2023-fa2ec3d3e0
-
FEDORA-2023-fe53e13b5b
-
FEDORA-2024-07c811c7a5
-
FEDORA-2024-0ac454dafc
-
FEDORA-2024-0d4d9925a2
-
FEDORA-2024-35c28f59d1
-
FEDORA-2024-5d8e87ec66
-
FEDORA-2024-80e062d21a
-
FEDORA-2024-9cc0e0c63e
-
FEDORA-2024-ae653fb07b
-
FEDORA-2024-b85b97c0e9
-
FEDORA-2024-c3e32c5635
-
FEDORA-2024-cafa04a149
-
FEDORA-2024-d652859efb
-
FEDORA-2024-f99ecead66
-
FEDORA-2024-fb32950d11
-
FEDORA-2024-fd3545a844
-
FREEBSD:7A1B2624-6A89-11EE-AF06-5404A68AD561
-
GLSA-202311-09
-
GO-2023-2102
-
openSUSE-SU-2023:0360-1
-
RHSA-2023:5721
-
RHSA-2023:5738
-
RHSA-2023:5835
-
RHSA-2023:5863
-
RHSA-2023:5867
-
RHSA-2023:6077
-
RLSA-2023:5863
-
RLSA-2023:6077
-
SUSE-SU-2023:4068-1
-
SUSE-SU-2023:4069-1
-
SUSE-SU-2023:4469-1
-
SUSE-SU-2023:4472-1
-
SUSE-SU-2024:3094-1
-
SUSE-SU-2024:3097-1
-
SUSE-SU-2024:3098-1
-
USN-6574-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2023-39325 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/cni-plugins?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
cni-plugins
|
< 1.2.0-1.amzn2.0.4 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/cni-plugins?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
cni-plugins
|
< 1.2.0-1.amzn2.0.4 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/cni-plugins-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
cni-plugins-debuginfo
|
< 1.2.0-1.amzn2.0.4 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/cni-plugins-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
cni-plugins-debuginfo
|
< 1.2.0-1.amzn2.0.4 | amazonlinux-2 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |