ALAS2-2020-1460

Amazon Linux 2 Security Advisory: ALAS-2020-1460
Advisory Release Date: 2020-07-14 02:47 Pacific
Advisory Updated Date: 2020-07-17 00:43 Pacific
Severity: Low
Issue Overview:

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. (CVE-2018-11439)


Affected Packages:

taglib


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update taglib to update your system.

New Packages:
aarch64:
    taglib-1.8-8.20130218git.amzn2.aarch64
    taglib-devel-1.8-8.20130218git.amzn2.aarch64
    taglib-debuginfo-1.8-8.20130218git.amzn2.aarch64

i686:
    taglib-1.8-8.20130218git.amzn2.i686
    taglib-devel-1.8-8.20130218git.amzn2.i686
    taglib-debuginfo-1.8-8.20130218git.amzn2.i686

noarch:
    taglib-doc-1.8-8.20130218git.amzn2.noarch

src:
    taglib-1.8-8.20130218git.amzn2.src

x86_64:
    taglib-1.8-8.20130218git.amzn2.x86_64
    taglib-devel-1.8-8.20130218git.amzn2.x86_64
    taglib-debuginfo-1.8-8.20130218git.amzn2.x86_64

Additional References

Red Hat: CVE-2018-11439

Mitre: CVE-2018-11439