Amazon Linux 2023 Security Advisory: ALAS-2023-036
Advisory Release Date: 2023-02-17 20:44 Pacific
Advisory Updated Date: 2023-02-22 23:52 Pacific
Severity:
Medium
Issue Overview:
HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy). (CVE-2021-45931)
Affected Packages:
harfbuzz
Issue Correction:
Run dnf update harfbuzz --releasever=2023.0.20230222 to update your system.
New Packages:
aarch64:
harfbuzz-icu-2.9.1-1.amzn2023.0.3.aarch64
harfbuzz-debuginfo-2.9.1-1.amzn2023.0.3.aarch64
harfbuzz-icu-debuginfo-2.9.1-1.amzn2023.0.3.aarch64
harfbuzz-devel-debuginfo-2.9.1-1.amzn2023.0.3.aarch64
harfbuzz-2.9.1-1.amzn2023.0.3.aarch64
harfbuzz-debugsource-2.9.1-1.amzn2023.0.3.aarch64
harfbuzz-devel-2.9.1-1.amzn2023.0.3.aarch64
src:
harfbuzz-2.9.1-1.amzn2023.0.3.src
x86_64:
harfbuzz-debuginfo-2.9.1-1.amzn2023.0.3.x86_64
harfbuzz-icu-debuginfo-2.9.1-1.amzn2023.0.3.x86_64
harfbuzz-devel-debuginfo-2.9.1-1.amzn2023.0.3.x86_64
harfbuzz-debugsource-2.9.1-1.amzn2023.0.3.x86_64
harfbuzz-icu-2.9.1-1.amzn2023.0.3.x86_64
harfbuzz-2.9.1-1.amzn2023.0.3.x86_64
harfbuzz-devel-2.9.1-1.amzn2023.0.3.x86_64