ALAS2-2020-1518

Amazon Linux 2 Security Advisory: ALAS-2020-1518
Advisory Release Date: 2020-10-22 17:38 Pacific
Advisory Updated Date: 2020-10-22 22:35 Pacific

Severity: Low

References: CVE-2019-16707
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. (CVE-2019-16707)

Affected Packages:

hunspell

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update hunspell to update your system.

New Packages:

aarch64:
    hunspell-1.3.2-16.amzn2.aarch64
    hunspell-devel-1.3.2-16.amzn2.aarch64
    hunspell-debuginfo-1.3.2-16.amzn2.aarch64

i686:
    hunspell-1.3.2-16.amzn2.i686
    hunspell-devel-1.3.2-16.amzn2.i686
    hunspell-debuginfo-1.3.2-16.amzn2.i686

src:
    hunspell-1.3.2-16.amzn2.src

x86_64:
    hunspell-1.3.2-16.amzn2.x86_64
    hunspell-devel-1.3.2-16.amzn2.x86_64
    hunspell-debuginfo-1.3.2-16.amzn2.x86_64

Additional References

Red Hat: CVE-2019-16707

Mitre: CVE-2019-16707