ALAS-2023-341

Amazon Linux 2023 Security Advisory: ALAS-2023-341
Advisory Release Date: 2023-08-31 21:48 Pacific
Advisory Updated Date: 2023-09-07 21:19 Pacific
Severity: Medium
Issue Overview:

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. (CVE-2021-46829)


Affected Packages:

gdk-pixbuf2


Issue Correction:
Run dnf update gdk-pixbuf2 --releasever 2023.1.20230906 to update your system.

New Packages:
aarch64:
    gdk-pixbuf2-debugsource-2.42.6-1.amzn2023.0.3.aarch64
    gdk-pixbuf2-debuginfo-2.42.6-1.amzn2023.0.3.aarch64
    gdk-pixbuf2-modules-debuginfo-2.42.6-1.amzn2023.0.3.aarch64
    gdk-pixbuf2-devel-debuginfo-2.42.6-1.amzn2023.0.3.aarch64
    gdk-pixbuf2-devel-2.42.6-1.amzn2023.0.3.aarch64
    gdk-pixbuf2-modules-2.42.6-1.amzn2023.0.3.aarch64
    gdk-pixbuf2-2.42.6-1.amzn2023.0.3.aarch64
    gdk-pixbuf2-tests-debuginfo-2.42.6-1.amzn2023.0.3.aarch64
    gdk-pixbuf2-tests-2.42.6-1.amzn2023.0.3.aarch64

src:
    gdk-pixbuf2-2.42.6-1.amzn2023.0.3.src

x86_64:
    gdk-pixbuf2-devel-debuginfo-2.42.6-1.amzn2023.0.3.x86_64
    gdk-pixbuf2-debugsource-2.42.6-1.amzn2023.0.3.x86_64
    gdk-pixbuf2-debuginfo-2.42.6-1.amzn2023.0.3.x86_64
    gdk-pixbuf2-tests-debuginfo-2.42.6-1.amzn2023.0.3.x86_64
    gdk-pixbuf2-devel-2.42.6-1.amzn2023.0.3.x86_64
    gdk-pixbuf2-modules-debuginfo-2.42.6-1.amzn2023.0.3.x86_64
    gdk-pixbuf2-modules-2.42.6-1.amzn2023.0.3.x86_64
    gdk-pixbuf2-2.42.6-1.amzn2023.0.3.x86_64
    gdk-pixbuf2-tests-2.42.6-1.amzn2023.0.3.x86_64

Additional References

Red Hat: CVE-2021-46829

Mitre: CVE-2021-46829