alas.aws.amazon.com Open in urlscan Pro
2600:9000:2436:5e00:f:fca1:7a80:93a1  Public Scan

Form analysis
0 forms found in the DOM

Text Content

SELECT YOUR COOKIE PREFERENCES

We use cookies and similar tools to enhance your experience, provide our
services, deliver relevant advertising, and make improvements. Approved third
parties also use these tools to help us deliver advertising and provide certain
site features.

CustomizeAccept all


CUSTOMIZE COOKIE PREFERENCES

We use cookies and similar tools (collectively, "cookies") for the following
purposes.


ESSENTIAL

Essential cookies are necessary to provide our site and services and cannot be
deactivated. They are usually set in response to your actions on the site, such
as setting your privacy preferences, signing in, or filling in forms.




PERFORMANCE

Performance cookies provide anonymous statistics about how customers navigate
our site so we can improve site experience and performance. Approved third
parties may perform analytics on our behalf, but they cannot use the data for
their own purposes.

Allow performance category
Allowed


FUNCTIONAL

Functional cookies help us provide useful site features, remember your
preferences, and display relevant content. Approved third parties may set these
cookies to provide certain site features. If you do not allow these cookies,
then some or all of these services may not function properly.

Allow functional category
Allowed


ADVERTISING

Advertising cookies may be set through our site by us or our advertising
partners and help us deliver relevant marketing content. If you do not allow
these cookies, you will experience less relevant advertising.

Allow advertising category
Allowed

Blocking some types of cookies may impact your experience of our sites. You may
review and change your choices at any time by clicking Cookie preferences in the
footer of this site. We and selected third-parties use cookies or similar
technologies as specified in the AWS Cookie Notice

.

CancelSave preferences


Amazon Linux Security Center
 * Amazon Linux
 * Amazon Linux 2
 * Amazon Linux 2023
 * Announcements
 * FAQs


ALAS2-2022-1901

--------------------------------------------------------------------------------

Amazon Linux 2 Security Advisory: ALAS-2022-1901
Advisory Release Date: 2022-12-01 20:32 Pacific
Advisory Updated Date: 2022-12-06 22:38 Pacific

Severity: Medium

References: CVE-2022-0563 
FAQs regarding Amazon Linux ALAS/CVE Severity

--------------------------------------------------------------------------------

Issue Overview:

A flaw was found in the Linux kernel's util-linux chfn and chsh utilities when
compiled with Readline support. The Readline library uses an "INPUTRC"
environment variable to get a path to the library config file. When the library
cannot parse the specified file, it prints an error message containing data from
the file. This flaw allows an unprivileged user to read root-owned files,
potentially leading to privilege escalation. (CVE-2022-0563)


Affected Packages:


util-linux


Issue Correction:
Run yum update util-linux to update your system.


New Packages:

aarch64:
    util-linux-2.30.2-2.amzn2.0.10.aarch64
    libfdisk-2.30.2-2.amzn2.0.10.aarch64
    libfdisk-devel-2.30.2-2.amzn2.0.10.aarch64
    libsmartcols-2.30.2-2.amzn2.0.10.aarch64
    libsmartcols-devel-2.30.2-2.amzn2.0.10.aarch64
    libmount-2.30.2-2.amzn2.0.10.aarch64
    libmount-devel-2.30.2-2.amzn2.0.10.aarch64
    libblkid-2.30.2-2.amzn2.0.10.aarch64
    libblkid-devel-2.30.2-2.amzn2.0.10.aarch64
    libuuid-2.30.2-2.amzn2.0.10.aarch64
    libuuid-devel-2.30.2-2.amzn2.0.10.aarch64
    uuidd-2.30.2-2.amzn2.0.10.aarch64
    python-libmount-2.30.2-2.amzn2.0.10.aarch64
    util-linux-user-2.30.2-2.amzn2.0.10.aarch64
    util-linux-debuginfo-2.30.2-2.amzn2.0.10.aarch64

i686:
    util-linux-2.30.2-2.amzn2.0.10.i686
    libfdisk-2.30.2-2.amzn2.0.10.i686
    libfdisk-devel-2.30.2-2.amzn2.0.10.i686
    libsmartcols-2.30.2-2.amzn2.0.10.i686
    libsmartcols-devel-2.30.2-2.amzn2.0.10.i686
    libmount-2.30.2-2.amzn2.0.10.i686
    libmount-devel-2.30.2-2.amzn2.0.10.i686
    libblkid-2.30.2-2.amzn2.0.10.i686
    libblkid-devel-2.30.2-2.amzn2.0.10.i686
    libuuid-2.30.2-2.amzn2.0.10.i686
    libuuid-devel-2.30.2-2.amzn2.0.10.i686
    uuidd-2.30.2-2.amzn2.0.10.i686
    python-libmount-2.30.2-2.amzn2.0.10.i686
    util-linux-user-2.30.2-2.amzn2.0.10.i686
    util-linux-debuginfo-2.30.2-2.amzn2.0.10.i686

src:
    util-linux-2.30.2-2.amzn2.0.10.src

x86_64:
    util-linux-2.30.2-2.amzn2.0.10.x86_64
    libfdisk-2.30.2-2.amzn2.0.10.x86_64
    libfdisk-devel-2.30.2-2.amzn2.0.10.x86_64
    libsmartcols-2.30.2-2.amzn2.0.10.x86_64
    libsmartcols-devel-2.30.2-2.amzn2.0.10.x86_64
    libmount-2.30.2-2.amzn2.0.10.x86_64
    libmount-devel-2.30.2-2.amzn2.0.10.x86_64
    libblkid-2.30.2-2.amzn2.0.10.x86_64
    libblkid-devel-2.30.2-2.amzn2.0.10.x86_64
    libuuid-2.30.2-2.amzn2.0.10.x86_64
    libuuid-devel-2.30.2-2.amzn2.0.10.x86_64
    uuidd-2.30.2-2.amzn2.0.10.x86_64
    python-libmount-2.30.2-2.amzn2.0.10.x86_64
    util-linux-user-2.30.2-2.amzn2.0.10.x86_64
    util-linux-debuginfo-2.30.2-2.amzn2.0.10.x86_64




ADDITIONAL REFERENCES

Red Hat: CVE-2022-0563

Mitre: CVE-2022-0563

CVE description copyright © 2023 The MITRE Corporation

CVE description copyright © 2023 Red Hat, Inc. Per
https://access.redhat.com/security/data, RedHat's CVE report is licensed under
CC BY 4.0.

Privacy | Site terms apply, and downloading this site or portions of it is
permitted | Cookie preferences | © 2023, Amazon Web Services, Inc. or its
affiliates. All rights reserved.