ALAS2-2021-1713


Amazon Linux 2 Security Advisory: ALAS-2021-1713
Advisory Release Date: 2021-10-04 20:17 Pacific
Advisory Updated Date: 2021-10-06 20:25 Pacific
Severity: Important
References: CVE-2021-3246 

Issue Overview:

A heap buffer overflow flaw was found in libsndfile. This flaw allows an attacker to execute arbitrary code via a crafted WAV file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3246)


Affected Packages:

libsndfile


Issue Correction:
Run yum update libsndfile to update your system.

New Packages:
aarch64:
    libsndfile-1.0.25-12.amzn2.1.aarch64
    libsndfile-devel-1.0.25-12.amzn2.1.aarch64
    libsndfile-utils-1.0.25-12.amzn2.1.aarch64
    libsndfile-debuginfo-1.0.25-12.amzn2.1.aarch64

i686:
    libsndfile-1.0.25-12.amzn2.1.i686
    libsndfile-devel-1.0.25-12.amzn2.1.i686
    libsndfile-utils-1.0.25-12.amzn2.1.i686
    libsndfile-debuginfo-1.0.25-12.amzn2.1.i686

src:
    libsndfile-1.0.25-12.amzn2.1.src

x86_64:
    libsndfile-1.0.25-12.amzn2.1.x86_64
    libsndfile-devel-1.0.25-12.amzn2.1.x86_64
    libsndfile-utils-1.0.25-12.amzn2.1.x86_64
    libsndfile-debuginfo-1.0.25-12.amzn2.1.x86_64