Amazon Linux 2023 Security Advisory: ALAS-2023-188
Advisory Release Date: 2023-05-25 17:41 Pacific
Advisory Updated Date: 2023-06-07 20:08 Pacific
Severity:
Medium
References:
CVE-2022-27405
CVE-2022-27406
CVE-2023-2004
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
A segmentation fault was found in the FreeType library. This flaw allows an attacker to attempt access to a memory location in a way that could cause an application to halt or crash, leading to a denial of service. (CVE-2022-27405)
A segmentation fault was found in FreeType's FT_Request_Size() function in the ftobjs.c file. This flaw allows an attacker to access a memory location in a way that could cause an application to halt or crash, leading to a denial of service. (CVE-2022-27406)
An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c. (CVE-2023-2004)
Affected Packages:
freetype
Issue Correction:
Run dnf update freetype --releasever 2023.0.20230607 to update your system.
New Packages:
aarch64:
freetype-debuginfo-2.13.0-2.amzn2023.0.1.aarch64
freetype-2.13.0-2.amzn2023.0.1.aarch64
freetype-demos-debuginfo-2.13.0-2.amzn2023.0.1.aarch64
freetype-demos-2.13.0-2.amzn2023.0.1.aarch64
freetype-devel-2.13.0-2.amzn2023.0.1.aarch64
freetype-debugsource-2.13.0-2.amzn2023.0.1.aarch64
src:
freetype-2.13.0-2.amzn2023.0.1.src
x86_64:
freetype-debuginfo-2.13.0-2.amzn2023.0.1.x86_64
freetype-demos-2.13.0-2.amzn2023.0.1.x86_64
freetype-devel-2.13.0-2.amzn2023.0.1.x86_64
freetype-2.13.0-2.amzn2023.0.1.x86_64
freetype-demos-debuginfo-2.13.0-2.amzn2023.0.1.x86_64
freetype-debugsource-2.13.0-2.amzn2023.0.1.x86_64