AWS Security Advisories — October 2023 — AWS Security Advisories

ALAS-2023-1872

ALAS · AL1Critical2023-10-28

ALAS-2023-1872: squid (critical)

CVEs:CVE-2023-46847

Affected products

Product	Status	Vendor	Package	Ecosystem
squid	affected	Amazon	squid	—

Upstream advisory

ALAS-2023-1856

ALAS · AL1Medium2023-10-24

ALAS-2023-1856: ImageMagick (medium)

CVEs:CVE-2023-5341

Affected products

Product	Status	Vendor	Package	Ecosystem
ImageMagick	affected	Amazon	ImageMagick	—

Upstream advisory

ALAS-2023-1857

ALAS · AL1Medium2023-10-24

ALAS-2023-1857: cups (medium)

CVEs:CVE-2023-4504

Affected products

Product	Status	Vendor	Package	Ecosystem
cups	affected	Amazon	cups	—

Upstream advisory

ALAS-2023-1858

ALAS · AL1Medium2023-10-24

ALAS-2023-1858: nss-softokn (medium)

CVEs:CVE-2023-4421

Affected products

Product	Status	Vendor	Package	Ecosystem
nss-softokn	affected	Amazon	nss-softokn	—

Upstream advisory

ALAS-2023-1859

ALAS · AL1Medium2023-10-24

ALAS-2023-1859: libX11 (medium)

CVEs:CVE-2023-43785 CVE-2023-43787

Affected products

Product	Status	Vendor	Package	Ecosystem
libX11	affected	Amazon	libX11	—

Upstream advisory

ALAS-2023-1860

ALAS · AL1Important2023-10-24

ALAS-2023-1860: exim (important)

CVEs:CVE-2023-42116 CVE-2023-42117

Affected products

Product	Status	Vendor	Package	Ecosystem
exim	affected	Amazon	exim	—

Upstream advisory

ALAS-2023-1861

ALAS · AL1Important2023-10-24

ALAS-2023-1861: tomcat8 (important)

CVEs:CVE-2023-24998 CVE-2023-41080

Affected products

Product	Status	Vendor	Package	Ecosystem
tomcat8	affected	Amazon	tomcat8	—

Upstream advisory

ALAS-2023-1862

ALAS · AL1Important2023-10-24

ALAS-2023-1862: cacti (important)

CVEs:CVE-2023-39362 CVE-2023-39364

Affected products

Product	Status	Vendor	Package	Ecosystem
cacti	affected	Amazon	cacti	—

Upstream advisory

ALAS-2023-1863

ALAS · AL1Important2023-10-24

ALAS-2023-1863: apache-ivy (important)

CVEs:CVE-2022-46751

Affected products

Product	Status	Vendor	Package	Ecosystem
apache-ivy	affected	Amazon	apache-ivy	—

Upstream advisory

ALAS-2023-1864

ALAS · AL1Important2023-10-24

ALAS-2023-1864: java-1.8.0-openjdk (important)

CVEs:CVE-2022-40433

Affected products

Product	Status	Vendor	Package	Ecosystem
java-1.8.0-openjdk	affected	Amazon	java-1.8.0-openjdk	—

Upstream advisory

ALAS-2023-1865

ALAS · AL1Medium2023-10-24

ALAS-2023-1865: mutt (medium)

CVEs:CVE-2022-1328

Affected products

Product	Status	Vendor	Package	Ecosystem
mutt	affected	Amazon	mutt	—

Upstream advisory

ALAS-2023-1866

ALAS · AL1Important2023-10-24

ALAS-2023-1866: amazon-ssm-agent (important)

CVEs:CVE-2021-43565 CVE-2022-41723 CVE-2023-24538 CVE-2023-24540

Affected products

Product	Status	Vendor	Package	Ecosystem
amazon-ssm-agent	affected	Amazon	amazon-ssm-agent	—

Upstream advisory

ALAS-2023-1867

ALAS · AL1Medium2023-10-24

ALAS-2023-1867: ghostscript (medium)

CVEs:CVE-2020-16294

Affected products

Product	Status	Vendor	Package	Ecosystem
ghostscript	affected	Amazon	ghostscript	—

Upstream advisory

AWS-2023-012

AWS Bulletin2023-10-17

CVE-2023-5528

CVEs:CVE-2023-5528

Upstream advisory

ALAS-2023-1868

ALAS · AL1ExploitedImportant2023-10-17

ALAS-2023-1868: tomcat8 (important)

CVEs:CVE-2023-42795 CVE-2023-44487 CVE-2023-45648

Affected products

Product	Status	Vendor	Package	Ecosystem
tomcat8	affected	Amazon	tomcat8	—

Upstream advisory

ALAS-2023-1869

ALAS · AL1ExploitedImportant2023-10-17

ALAS-2023-1869: nghttp2 (important)

CVEs:CVE-2023-44487

Affected products

Product	Status	Vendor	Package	Ecosystem
nghttp2	affected	Amazon	nghttp2	—

Upstream advisory

ALAS-2023-1870

ALAS · AL1ExploitedImportant2023-10-17

ALAS-2023-1870: nginx (important)

CVEs:CVE-2023-44487

Affected products

Product	Status	Vendor	Package	Ecosystem
nginx	affected	Amazon	nginx	—

Upstream advisory

ALAS-2023-1871

ALAS · AL1ExploitedImportant2023-10-17

ALAS-2023-1871: golang (important)

CVEs:CVE-2023-39323 CVE-2023-39325 CVE-2023-44487

Affected products

Product	Status	Vendor	Package	Ecosystem
golang	affected	Amazon	golang	—

Upstream advisory

AWS-2023-011

AWS BulletinExploited2023-10-10

CVE-2023-44487 - HTTP/2 Rapid Reset Attack

CVEs:CVE-2023-44487

Upstream advisory

AWS-2023-010

AWS Bulletin2023-10-06

Issue with Amazon WorkSpaces Windows Client Version 5.9 and 5.10

Upstream advisory

ALAS-2023-1836

ALAS · AL1Medium2023-10-03

ALAS-2023-1836: mutt (medium)

CVEs:CVE-2023-4874 CVE-2023-4875

Affected products

Product	Status	Vendor	Package	Ecosystem
mutt	affected	Amazon	mutt	—

Upstream advisory

ALAS-2023-1837

ALAS · AL1Important2023-10-03

ALAS-2023-1837: vim (important)

CVEs:CVE-2023-4733 CVE-2023-4750 CVE-2023-4752

Affected products

Product	Status	Vendor	Package	Ecosystem
vim	affected	Amazon	vim	—

Upstream advisory

ALAS-2023-1838

ALAS · AL1Important2023-10-03

ALAS-2023-1838: kernel (important)

CVEs:CVE-2023-3772 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-4207 CVE-2023-4244 CVE-2023-42753 CVE-2023-42755 CVE-2023-45871 CVE-2023-4622 CVE-2023-4623 CVE-2023-4921

Affected products

Product	Status	Vendor	Package	Ecosystem
kernel	affected	Amazon	kernel	—

Upstream advisory

ALAS-2023-1839

ALAS · AL1Medium2023-10-03

ALAS-2023-1839: libtiff (medium)

CVEs:CVE-2023-41175

Affected products

Product	Status	Vendor	Package	Ecosystem
libtiff	affected	Amazon	libtiff	—

Upstream advisory

ALAS-2023-1840

ALAS · AL1Important2023-10-03

ALAS-2023-1840: axis (important)

CVEs:CVE-2023-40743

Affected products

Product	Status	Vendor	Package	Ecosystem
axis	affected	Amazon	axis	—

Upstream advisory

ALAS-2023-1841

ALAS · AL1Medium2023-10-03

ALAS-2023-1841: libxml2 (medium)

CVEs:CVE-2023-39615

Affected products

Product	Status	Vendor	Package	Ecosystem
libxml2	affected	Amazon	libxml2	—

Upstream advisory

ALAS-2023-1842

ALAS · AL1Important2023-10-03

ALAS-2023-1842: cacti (important)

CVEs:CVE-2023-39357

Affected products

Product	Status	Vendor	Package	Ecosystem
cacti	affected	Amazon	cacti	—

Upstream advisory

ALAS-2023-1843

ALAS · AL1Medium2023-10-03

ALAS-2023-1843: openssl (medium)

CVEs:CVE-2023-3446 CVE-2023-3817

Affected products

Product	Status	Vendor	Package	Ecosystem
openssl	affected	Amazon	openssl	—

Upstream advisory

ALAS-2023-1844

ALAS · AL1Medium2023-10-03

ALAS-2023-1844: ImageMagick (medium)

CVEs:CVE-2023-34151

Affected products

Product	Status	Vendor	Package	Ecosystem
ImageMagick	affected	Amazon	ImageMagick	—

Upstream advisory

ALAS-2023-1845

ALAS · AL1Important2023-10-03

ALAS-2023-1845: bind (important)

CVEs:CVE-2023-3341

Affected products

Product	Status	Vendor	Package	Ecosystem
bind	affected	Amazon	bind	—

Upstream advisory

ALAS-2023-1846

ALAS · AL1Medium2023-10-03

ALAS-2023-1846: libtiff (medium)

CVEs:CVE-2023-3316

Affected products

Product	Status	Vendor	Package	Ecosystem
libtiff	affected	Amazon	libtiff	—

Upstream advisory

ALAS-2023-1847

ALAS · AL1Medium2023-10-03

ALAS-2023-1847: libtiff (medium)

CVEs:CVE-2023-30774

Affected products

Product	Status	Vendor	Package	Ecosystem
libtiff	affected	Amazon	libtiff	—

Upstream advisory

ALAS-2023-1848

ALAS · AL1Important2023-10-03

ALAS-2023-1848: golang (important)

CVEs:CVE-2022-41717 CVE-2022-41722 CVE-2022-41724 CVE-2022-41725 CVE-2023-24532 CVE-2023-24537 CVE-2023-24538 CVE-2023-24540 CVE-2023-29400 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 CVE-2023-29406 CVE-2023-29409 CVE-2023-39319

Affected products

Product	Status	Vendor	Package	Ecosystem
golang	affected	Amazon	golang	—

Upstream advisory

ALAS-2023-1849

ALAS · AL1Important2023-10-03

ALAS-2023-1849: containerd (important)

CVEs:CVE-2022-41723 CVE-2023-29406 CVE-2023-29409

Affected products

Product	Status	Vendor	Package	Ecosystem
containerd	affected	Amazon	containerd	—

Upstream advisory

ALAS-2023-1850

ALAS · AL1Medium2023-10-03

ALAS-2023-1850: poppler (medium)

CVEs:CVE-2020-36023 CVE-2020-36024 CVE-2022-38349

Affected products

Product	Status	Vendor	Package	Ecosystem
poppler	affected	Amazon	poppler	—

Upstream advisory

ALAS-2023-1851

ALAS · AL1Medium2023-10-03

ALAS-2023-1851: gsl (medium)

CVEs:CVE-2020-35357

Affected products

Product	Status	Vendor	Package	Ecosystem
gsl	affected	Amazon	gsl	—

Upstream advisory

ALAS-2023-1852

ALAS · AL1Medium2023-10-03

ALAS-2023-1852: poppler (medium)

CVEs:CVE-2020-23804

Affected products

Product	Status	Vendor	Package	Ecosystem
poppler	affected	Amazon	poppler	—

Upstream advisory

ALAS-2023-1853

ALAS · AL1Medium2023-10-03

ALAS-2023-1853: ghostscript (medium)

CVEs:CVE-2020-21710

Affected products

Product	Status	Vendor	Package	Ecosystem
ghostscript	affected	Amazon	ghostscript	—

Upstream advisory

ALAS-2023-1854

ALAS · AL1Medium2023-10-03

ALAS-2023-1854: ghostscript (medium)

CVEs:CVE-2020-16305

Affected products

Product	Status	Vendor	Package	Ecosystem
ghostscript	affected	Amazon	ghostscript	—

Upstream advisory

ALAS-2023-1855

ALAS · AL1Medium2023-10-03

ALAS-2023-1855: libtiff (medium)

CVEs:CVE-2016-5321

Affected products

Product	Status	Vendor	Package	Ecosystem
libtiff	affected	Amazon	libtiff	—

Upstream advisory

AWS-2023-009

AWS BulletinExploited2023-10-02

Reported TorchServe Issue (CVE-2023-43654)

CVEs:CVE-2022-1471 CVE-2023-43654

Upstream advisory

Advisories

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Affected products

Need live exploit intelligence?