Amazon Linux 2023: CVE-2022-29526: Important priority package update for golist (Multiple Advisories)
Description
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability.
Solution(s)
- amazon-linux-2023-upgrade-compat-golang-github-cpuguy83-md2man-2-devel
- amazon-linux-2023-upgrade-golang
- amazon-linux-2023-upgrade-golang-bin
- amazon-linux-2023-upgrade-golang-docs
- amazon-linux-2023-upgrade-golang-github-cpuguy83-md2man
- amazon-linux-2023-upgrade-golang-github-cpuguy83-md2man-debuginfo
- amazon-linux-2023-upgrade-golang-github-cpuguy83-md2man-debugsource
- amazon-linux-2023-upgrade-golang-github-cpuguy83-md2man-devel
- amazon-linux-2023-upgrade-golang-misc
- amazon-linux-2023-upgrade-golang-race
- amazon-linux-2023-upgrade-golang-shared
- amazon-linux-2023-upgrade-golang-src
- amazon-linux-2023-upgrade-golang-tests
- amazon-linux-2023-upgrade-golist
- amazon-linux-2023-upgrade-golist-debuginfo
- amazon-linux-2023-upgrade-golist-debugsource
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center