Amazon Linux 2022 Security Advisory: ALAS-2022-033
Advisory Release Date: 2022-03-02 17:08 Pacific
Advisory Updated Date: 2022-03-02 21:06 Pacific
A heap buffer overflow leading to out-of-bounds write was found in freetype. Memory allocation based on truncated PNG width and height values allows for an out-of-bounds write to occur in application memory when an attacker supplies a specially crafted TTF file. (CVE-2020-15999)
Affected Packages:
freetype
Issue Correction:
Run dnf update --releasever=2022.0.20220302 freetype to update your system.
aarch64:
freetype-debuginfo-2.11.0-3.amzn2022.aarch64
freetype-2.11.0-3.amzn2022.aarch64
freetype-demos-debuginfo-2.11.0-3.amzn2022.aarch64
freetype-demos-2.11.0-3.amzn2022.aarch64
freetype-devel-2.11.0-3.amzn2022.aarch64
freetype-debugsource-2.11.0-3.amzn2022.aarch64
src:
freetype-2.11.0-3.amzn2022.src
x86_64:
freetype-debuginfo-2.11.0-3.amzn2022.x86_64
freetype-demos-2.11.0-3.amzn2022.x86_64
freetype-devel-2.11.0-3.amzn2022.x86_64
freetype-2.11.0-3.amzn2022.x86_64
freetype-demos-debuginfo-2.11.0-3.amzn2022.x86_64
freetype-debugsource-2.11.0-3.amzn2022.x86_64