Amazon Linux 2 Security Advisory: ALAS-2024-2471
Advisory Release Date: 2024-02-15 03:52 Pacific
Advisory Updated Date: 2024-02-19 17:36 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. (CVE-2018-11577)
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. (CVE-2018-11684)
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c. (CVE-2018-11685)
Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. (CVE-2018-12085)
Affected Packages:
liblouis
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update liblouis to update your system.
aarch64:
liblouis-2.6.2-21.amzn2.0.1.aarch64
liblouis-devel-2.6.2-21.amzn2.0.1.aarch64
liblouis-utils-2.6.2-21.amzn2.0.1.aarch64
liblouis-debuginfo-2.6.2-21.amzn2.0.1.aarch64
i686:
liblouis-2.6.2-21.amzn2.0.1.i686
liblouis-devel-2.6.2-21.amzn2.0.1.i686
liblouis-utils-2.6.2-21.amzn2.0.1.i686
liblouis-debuginfo-2.6.2-21.amzn2.0.1.i686
noarch:
python2-louis-2.6.2-21.amzn2.0.1.noarch
python3-louis-2.6.2-21.amzn2.0.1.noarch
liblouis-doc-2.6.2-21.amzn2.0.1.noarch
src:
liblouis-2.6.2-21.amzn2.0.1.src
x86_64:
liblouis-2.6.2-21.amzn2.0.1.x86_64
liblouis-devel-2.6.2-21.amzn2.0.1.x86_64
liblouis-utils-2.6.2-21.amzn2.0.1.x86_64
liblouis-debuginfo-2.6.2-21.amzn2.0.1.x86_64