Amazon Linux 2 Security Advisory: ALASR4-2023-001
Advisory Release Date: 2023-08-07 05:24 Pacific
Advisory Updated Date: 2023-09-25 22:04 Pacific
Severity:
Medium
Issue Overview:
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack and OpenBLAS. A specially crafted input passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. (CVE-2021-4048)
Affected Packages:
openblas
Note:
This advisory is applicable to Amazon Linux 2 - R4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update openblas to update your system.
New Packages:
aarch64:
openblas-0.3.9-1.amzn2.0.2.aarch64
openblas-Rblas-0.3.9-1.amzn2.0.2.aarch64
openblas-serial-0.3.9-1.amzn2.0.2.aarch64
openblas-openmp-0.3.9-1.amzn2.0.2.aarch64
openblas-threads-0.3.9-1.amzn2.0.2.aarch64
openblas-serial64-0.3.9-1.amzn2.0.2.aarch64
openblas-openmp64-0.3.9-1.amzn2.0.2.aarch64
openblas-threads64-0.3.9-1.amzn2.0.2.aarch64
openblas-serial64_-0.3.9-1.amzn2.0.2.aarch64
openblas-openmp64_-0.3.9-1.amzn2.0.2.aarch64
openblas-threads64_-0.3.9-1.amzn2.0.2.aarch64
openblas-devel-0.3.9-1.amzn2.0.2.aarch64
openblas-static-0.3.9-1.amzn2.0.2.aarch64
openblas-debuginfo-0.3.9-1.amzn2.0.2.aarch64
src:
openblas-0.3.9-1.amzn2.0.2.src
x86_64:
openblas-0.3.9-1.amzn2.0.2.x86_64
openblas-Rblas-0.3.9-1.amzn2.0.2.x86_64
openblas-serial-0.3.9-1.amzn2.0.2.x86_64
openblas-openmp-0.3.9-1.amzn2.0.2.x86_64
openblas-threads-0.3.9-1.amzn2.0.2.x86_64
openblas-serial64-0.3.9-1.amzn2.0.2.x86_64
openblas-openmp64-0.3.9-1.amzn2.0.2.x86_64
openblas-threads64-0.3.9-1.amzn2.0.2.x86_64
openblas-serial64_-0.3.9-1.amzn2.0.2.x86_64
openblas-openmp64_-0.3.9-1.amzn2.0.2.x86_64
openblas-threads64_-0.3.9-1.amzn2.0.2.x86_64
openblas-devel-0.3.9-1.amzn2.0.2.x86_64
openblas-static-0.3.9-1.amzn2.0.2.x86_64
openblas-debuginfo-0.3.9-1.amzn2.0.2.x86_64