ALAS2023-2023-144

Amazon Linux 2023 Security Advisory: ALAS-2023-144
Advisory Release Date: 2023-03-20 18:27 Pacific
Advisory Updated Date: 2023-03-22 23:18 Pacific

Severity: Low

References: CVE-2022-32323
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660. (CVE-2022-32323)

Affected Packages:

autotrace

Issue Correction:
Run dnf update --releasever=2023.0.20230322 autotrace to update your system.

New Packages:

aarch64:
    autotrace-devel-0.31.9-86.amzn2023.0.1.aarch64
    autotrace-debuginfo-0.31.9-86.amzn2023.0.1.aarch64
    autotrace-0.31.9-86.amzn2023.0.1.aarch64
    autotrace-debugsource-0.31.9-86.amzn2023.0.1.aarch64

src:
    autotrace-0.31.9-86.amzn2023.0.1.src

x86_64:
    autotrace-debuginfo-0.31.9-86.amzn2023.0.1.x86_64
    autotrace-devel-0.31.9-86.amzn2023.0.1.x86_64
    autotrace-debugsource-0.31.9-86.amzn2023.0.1.x86_64
    autotrace-0.31.9-86.amzn2023.0.1.x86_64

Additional References

Red Hat: CVE-2022-32323

Mitre: CVE-2022-32323

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2023-2023-144

Additional References