Amazon Linux 2 Security Advisory: ALASMATE-DESKTOP1.X-2023-002
Advisory Release Date: 2023-09-14 19:02 Pacific
Advisory Updated Date: 2023-09-25 22:09 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences. (CVE-2021-32490)
A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences. (CVE-2021-32491)
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences. (CVE-2021-32492)
A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences. (CVE-2021-32493)
A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences. (CVE-2021-3500)
Affected Packages:
djvulibre
Note:
This advisory is applicable to Amazon Linux 2 - Mate-desktop1.x Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update djvulibre to update your system.
aarch64:
djvulibre-3.5.27-28.amzn2.0.1.aarch64
djvulibre-libs-3.5.27-28.amzn2.0.1.aarch64
djvulibre-devel-3.5.27-28.amzn2.0.1.aarch64
djvulibre-debuginfo-3.5.27-28.amzn2.0.1.aarch64
src:
djvulibre-3.5.27-28.amzn2.0.1.src
x86_64:
djvulibre-3.5.27-28.amzn2.0.1.x86_64
djvulibre-libs-3.5.27-28.amzn2.0.1.x86_64
djvulibre-devel-3.5.27-28.amzn2.0.1.x86_64
djvulibre-debuginfo-3.5.27-28.amzn2.0.1.x86_64