Amazon Linux 2023: CVE-2024-4741: Medium priority package update for openssl

Amazon Linux 2023: CVE-2024-4741: Medium priority package update for openssl

Severity

5

CVSS

(AV:N/AC:H/Au:N/C:P/I:P/A:P)

Published

05/28/2024

Created

02/14/2025

Added

02/14/2025

Modified

02/14/2025

Description

A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.

Solution(s)

• amazon-linux-2023-upgrade-openssl
• amazon-linux-2023-upgrade-openssl-debuginfo
• amazon-linux-2023-upgrade-openssl-debugsource
• amazon-linux-2023-upgrade-openssl-devel
• amazon-linux-2023-upgrade-openssl-libs
• amazon-linux-2023-upgrade-openssl-libs-debuginfo
• amazon-linux-2023-upgrade-openssl-perl
• amazon-linux-2023-upgrade-openssl-snapsafe-libs
• amazon-linux-2023-upgrade-openssl-snapsafe-libs-debuginfo

References

• https://attackerkb.com/topics/cve-2024-4741
• CVE - 2024-4741
• https://alas.aws.amazon.com/AL2023/ALAS-2024-677.html