Medium: libnl3

2017-08-30T23:38:00
ID ALAS-2017-876
Type amazon
Reporter Amazon
Modified 2017-08-30T23:38:00

Description

Issue Overview:

Integer overflow in nlmsg_reserve():
An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application. (CVE-2017-0553 __)

Affected Packages:

libnl3

Issue Correction:
Run yum update libnl3 to update your system.

New Packages:

i686:  
    libnl3-doc-3.2.28-4.6.amzn1.i686  
    libnl3-cli-3.2.28-4.6.amzn1.i686  
    libnl3-debuginfo-3.2.28-4.6.amzn1.i686  
    libnl3-devel-3.2.28-4.6.amzn1.i686  
    libnl3-3.2.28-4.6.amzn1.i686

src:  
    libnl3-3.2.28-4.6.amzn1.src

x86_64:  
    libnl3-debuginfo-3.2.28-4.6.amzn1.x86_64  
    libnl3-3.2.28-4.6.amzn1.x86_64  
    libnl3-cli-3.2.28-4.6.amzn1.x86_64  
    libnl3-doc-3.2.28-4.6.amzn1.x86_64  
    libnl3-devel-3.2.28-4.6.amzn1.x86_64