Medium: R

2017-04-20T06:04:00
ID ALAS-2017-819
Type amazon
Reporter Amazon
Modified 2017-04-20T06:04:00

Description

Issue Overview:

An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability. (CVE-2017-8714 __)

Affected Packages:

R

Issue Correction:
Run yum update R to update your system.

New Packages:

i686:  
    R-core-3.3.3-1.51.amzn1.i686  
    R-java-devel-3.3.3-1.51.amzn1.i686  
    R-core-devel-3.3.3-1.51.amzn1.i686  
    R-devel-3.3.3-1.51.amzn1.i686  
    R-debuginfo-3.3.3-1.51.amzn1.i686  
    R-java-3.3.3-1.51.amzn1.i686  
    libRmath-devel-3.3.3-1.51.amzn1.i686  
    libRmath-static-3.3.3-1.51.amzn1.i686  
    libRmath-3.3.3-1.51.amzn1.i686  
    R-3.3.3-1.51.amzn1.i686

src:  
    R-3.3.3-1.51.amzn1.src

x86_64:  
    R-core-devel-3.3.3-1.51.amzn1.x86_64  
    R-devel-3.3.3-1.51.amzn1.x86_64  
    R-3.3.3-1.51.amzn1.x86_64  
    R-debuginfo-3.3.3-1.51.amzn1.x86_64  
    R-java-devel-3.3.3-1.51.amzn1.x86_64  
    libRmath-3.3.3-1.51.amzn1.x86_64  
    R-java-3.3.3-1.51.amzn1.x86_64  
    libRmath-devel-3.3.3-1.51.amzn1.x86_64  
    R-core-3.3.3-1.51.amzn1.x86_64  
    libRmath-static-3.3.3-1.51.amzn1.x86_64