Amazon Linux 2023 Security Advisory: ALAS-2023-008
Advisory Release Date: 2023-02-17 20:42 Pacific
Advisory Updated Date: 2023-02-23 00:00 Pacific
Severity:
Medium
Issue Overview:
An out-of-bounds write vulnerability was found in libFlak. The vulnerability occurs due to a missing bounds check. This flaw allows a local attacker without additional execution privileges to cause local information disclosure. (CVE-2021-0561)
Affected Packages:
flac
Issue Correction:
Run dnf update flac --releasever=2023.0.20230222 to update your system.
New Packages:
aarch64:
flac-debuginfo-1.3.4-1.amzn2023.0.2.aarch64
flac-libs-debuginfo-1.3.4-1.amzn2023.0.2.aarch64
flac-libs-1.3.4-1.amzn2023.0.2.aarch64
flac-1.3.4-1.amzn2023.0.2.aarch64
flac-debugsource-1.3.4-1.amzn2023.0.2.aarch64
flac-devel-1.3.4-1.amzn2023.0.2.aarch64
src:
flac-1.3.4-1.amzn2023.0.2.src
x86_64:
flac-debuginfo-1.3.4-1.amzn2023.0.2.x86_64
flac-1.3.4-1.amzn2023.0.2.x86_64
flac-libs-debuginfo-1.3.4-1.amzn2023.0.2.x86_64
flac-libs-1.3.4-1.amzn2023.0.2.x86_64
flac-debugsource-1.3.4-1.amzn2023.0.2.x86_64
flac-devel-1.3.4-1.amzn2023.0.2.x86_64