Amazon Linux 2 Security Advisory: ALAS-2023-2013
Advisory Release Date: 2023-04-13 19:28 Pacific
Advisory Updated Date: 2023-04-20 18:23 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint. (CVE-2023-26767)
Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions. (CVE-2023-26768)
Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c. (CVE-2023-26769)
Affected Packages:
liblouis
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update liblouis to update your system.
aarch64:
liblouis-2.6.2-21.amzn2.0.2.aarch64
liblouis-devel-2.6.2-21.amzn2.0.2.aarch64
liblouis-utils-2.6.2-21.amzn2.0.2.aarch64
liblouis-debuginfo-2.6.2-21.amzn2.0.2.aarch64
i686:
liblouis-2.6.2-21.amzn2.0.2.i686
liblouis-devel-2.6.2-21.amzn2.0.2.i686
liblouis-utils-2.6.2-21.amzn2.0.2.i686
liblouis-debuginfo-2.6.2-21.amzn2.0.2.i686
noarch:
python2-louis-2.6.2-21.amzn2.0.2.noarch
python3-louis-2.6.2-21.amzn2.0.2.noarch
liblouis-doc-2.6.2-21.amzn2.0.2.noarch
src:
liblouis-2.6.2-21.amzn2.0.2.src
x86_64:
liblouis-2.6.2-21.amzn2.0.2.x86_64
liblouis-devel-2.6.2-21.amzn2.0.2.x86_64
liblouis-utils-2.6.2-21.amzn2.0.2.x86_64
liblouis-debuginfo-2.6.2-21.amzn2.0.2.x86_64