ALAS2023-2023-157

Amazon Linux 2023 Security Advisory: ALAS-2023-157
Advisory Release Date: 2023-03-30 21:11 Pacific
Advisory Updated Date: 2023-04-04 21:33 Pacific

Severity: Medium

References: CVE-2021-33454 CVE-2021-33459
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. (CVE-2021-33454)

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c. (CVE-2021-33459)

Affected Packages:

yasm

Issue Correction:
Run dnf update yasm --releasever=2023.0.20230329 to update your system.

New Packages:

aarch64:
    yasm-debuginfo-1.3.0-13.amzn2023.0.3.aarch64
    yasm-1.3.0-13.amzn2023.0.3.aarch64
    yasm-devel-1.3.0-13.amzn2023.0.3.aarch64
    yasm-debugsource-1.3.0-13.amzn2023.0.3.aarch64

src:
    yasm-1.3.0-13.amzn2023.0.3.src

x86_64:
    yasm-debuginfo-1.3.0-13.amzn2023.0.3.x86_64
    yasm-devel-1.3.0-13.amzn2023.0.3.x86_64
    yasm-1.3.0-13.amzn2023.0.3.x86_64
    yasm-debugsource-1.3.0-13.amzn2023.0.3.x86_64

Additional References

Red Hat: CVE-2021-33454, CVE-2021-33459

Mitre: CVE-2021-33454, CVE-2021-33459

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2023-2023-157

Additional References