Amazon Linux 2023 Security Advisory: ALAS-2023-204
Advisory Release Date: 2023-06-05 16:39 Pacific
Advisory Updated Date: 2023-06-07 20:09 Pacific
Severity:
Important
Issue Overview:
When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free). (CVE-2021-33641)
When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function. (CVE-2021-33642)
Affected Packages:
byacc
Issue Correction:
Run dnf update byacc --releasever 2023.0.20230607 to update your system.
New Packages:
aarch64:
byacc-2.0.20210109-2.amzn2023.0.3.aarch64
byacc-debugsource-2.0.20210109-2.amzn2023.0.3.aarch64
byacc-debuginfo-2.0.20210109-2.amzn2023.0.3.aarch64
src:
byacc-2.0.20210109-2.amzn2023.0.3.src
x86_64:
byacc-2.0.20210109-2.amzn2023.0.3.x86_64
byacc-debugsource-2.0.20210109-2.amzn2023.0.3.x86_64
byacc-debuginfo-2.0.20210109-2.amzn2023.0.3.x86_64