Amazon Linux 2 Security Advisory: ALAS-2023-2283
Advisory Release Date: 2023-09-27 22:49 Pacific
Advisory Updated Date: 2023-10-05 22:20 Pacific
Severity:
Medium
Issue Overview:
Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. (CVE-2020-22219)
Affected Packages:
flac
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update flac to update your system.
New Packages:
aarch64:
flac-1.3.0-5.amzn2.0.5.aarch64
flac-libs-1.3.0-5.amzn2.0.5.aarch64
flac-devel-1.3.0-5.amzn2.0.5.aarch64
flac-debuginfo-1.3.0-5.amzn2.0.5.aarch64
i686:
flac-1.3.0-5.amzn2.0.5.i686
flac-libs-1.3.0-5.amzn2.0.5.i686
flac-devel-1.3.0-5.amzn2.0.5.i686
flac-debuginfo-1.3.0-5.amzn2.0.5.i686
src:
flac-1.3.0-5.amzn2.0.5.src
x86_64:
flac-1.3.0-5.amzn2.0.5.x86_64
flac-libs-1.3.0-5.amzn2.0.5.x86_64
flac-devel-1.3.0-5.amzn2.0.5.x86_64
flac-debuginfo-1.3.0-5.amzn2.0.5.x86_64