1. Home
  2. Security Advisories
  3. Amazon Linux
  4. ALAS2-2023-2326

[ALAS2-2023-2326] Amazon Linux 2 2017.12 - ALAS2-2023-2326: important priority package update for golist

Severity Important
Affected Packages 4
CVEs 1
Info Packages References Vulnerabilities

Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2023-39325:
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Package Affected Version
pkg:rpm/amazonlinux/golist?arch=x86_64&distro=amazonlinux-2 < 0.10.1-10.amzn2.0.4
pkg:rpm/amazonlinux/golist?arch=aarch64&distro=amazonlinux-2 < 0.10.1-10.amzn2.0.4
pkg:rpm/amazonlinux/golist-debuginfo?arch=x86_64&distro=amazonlinux-2 < 0.10.1-10.amzn2.0.4
pkg:rpm/amazonlinux/golist-debuginfo?arch=aarch64&distro=amazonlinux-2 < 0.10.1-10.amzn2.0.4
ID
ALAS2-2023-2326
Severity
important
URL
https://alas.aws.amazon.com/AL2/ALAS-2023-2326.html
Published
2023-10-30T23:59:00
(10 months ago)
Modified
2023-11-01T22:21:00
(10 months ago)
Rights
Amazon Linux Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/amazonlinux/golist?arch=x86_64&distro=amazonlinux-2 amazonlinux golist < 0.10.1-10.amzn2.0.4 amazonlinux-2 x86_64
Affected pkg:rpm/amazonlinux/golist?arch=aarch64&distro=amazonlinux-2 amazonlinux golist < 0.10.1-10.amzn2.0.4 amazonlinux-2 aarch64
Affected pkg:rpm/amazonlinux/golist-debuginfo?arch=x86_64&distro=amazonlinux-2 amazonlinux golist-debuginfo < 0.10.1-10.amzn2.0.4 amazonlinux-2 x86_64
Affected pkg:rpm/amazonlinux/golist-debuginfo?arch=aarch64&distro=amazonlinux-2 amazonlinux golist-debuginfo < 0.10.1-10.amzn2.0.4 amazonlinux-2 aarch64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date