alas.aws.amazon.com
Open in
urlscan Pro
2600:9000:211a:2e00:f:fca1:7a80:93a1
Public Scan
URL:
https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-040.html
Submission: On June 04 via api from US — Scanned from DE
Submission: On June 04 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
SELECT YOUR COOKIE PREFERENCES We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features. CustomizeAccept all CUSTOMIZE COOKIE PREFERENCES We use cookies and similar tools (collectively, "cookies") for the following purposes. ESSENTIAL Essential cookies are necessary to provide our site and services and cannot be deactivated. They are usually set in response to your actions on the site, such as setting your privacy preferences, signing in, or filling in forms. PERFORMANCE Performance cookies provide anonymous statistics about how customers navigate our site so we can improve site experience and performance. Approved third parties may perform analytics on our behalf, but they cannot use the data for their own purposes. Allow performance category Allowed FUNCTIONAL Functional cookies help us provide useful site features, remember your preferences, and display relevant content. Approved third parties may set these cookies to provide certain site features. If you do not allow these cookies, then some or all of these services may not function properly. Allow functional category Allowed ADVERTISING Advertising cookies may be set through our site by us or our advertising partners and help us deliver relevant marketing content. If you do not allow these cookies, you will experience less relevant advertising. Allow advertising category Allowed Blocking some types of cookies may impact your experience of our sites. You may review and change your choices at any time by clicking Cookie preferences in the footer of this site. We and selected third-parties use cookies or similar technologies as specified in the AWS Cookie Notice . CancelSave preferences Amazon Linux Security Center * Amazon Linux 1 * Amazon Linux 2 * Amazon Linux 2023 * Announcements * FAQs ALASNITRO-ENCLAVES-2024-040 -------------------------------------------------------------------------------- Amazon Linux 2 Security Advisory: ALASNITRO-ENCLAVES-2024-040 Advisory Release Date: 2024-05-23 23:02 Pacific Advisory Updated Date: 2024-05-30 13:00 Pacific Severity: Medium References: CVE-2023-45288 FAQs regarding Amazon Linux ALAS/CVE Severity -------------------------------------------------------------------------------- Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection. (CVE-2023-45288) Affected Packages: amazon-ecr-credential-helper Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update amazon-ecr-credential-helper to update your system. New Packages: aarch64: amazon-ecr-credential-helper-0.7.1-4.amzn2.aarch64 amazon-ecr-credential-helper-debuginfo-0.7.1-4.amzn2.aarch64 src: amazon-ecr-credential-helper-0.7.1-4.amzn2.src x86_64: amazon-ecr-credential-helper-0.7.1-4.amzn2.x86_64 amazon-ecr-credential-helper-debuginfo-0.7.1-4.amzn2.x86_64 ADDITIONAL REFERENCES Red Hat: CVE-2023-45288 Mitre: CVE-2023-45288 CVE description copyright © 2023 The MITRE Corporation CVE description copyright © 2023 Red Hat, Inc. Per https://access.redhat.com/security/data, RedHat's CVE report is licensed under CC BY 4.0. Privacy | Site terms apply, and downloading this site or portions of it is permitted | Cookie preferences | © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.