Amazon Linux 2023 Security Advisory: ALAS-2023-352
Advisory Release Date: 2023-09-14 00:55 Pacific
Advisory Updated Date: 2023-09-20 21:35 Pacific
Severity:
Medium
Issue Overview:
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. (CVE-2021-44648)
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. (CVE-2021-46829)
Affected Packages:
gdk-pixbuf2
Issue Correction:
Run dnf update gdk-pixbuf2 --releasever 2023.2.20230920 to update your system.
New Packages:
aarch64:
gdk-pixbuf2-modules-debuginfo-2.42.10-1.amzn2023.0.1.aarch64
gdk-pixbuf2-tests-debuginfo-2.42.10-1.amzn2023.0.1.aarch64
gdk-pixbuf2-debuginfo-2.42.10-1.amzn2023.0.1.aarch64
gdk-pixbuf2-devel-debuginfo-2.42.10-1.amzn2023.0.1.aarch64
gdk-pixbuf2-debugsource-2.42.10-1.amzn2023.0.1.aarch64
gdk-pixbuf2-modules-2.42.10-1.amzn2023.0.1.aarch64
gdk-pixbuf2-2.42.10-1.amzn2023.0.1.aarch64
gdk-pixbuf2-devel-2.42.10-1.amzn2023.0.1.aarch64
gdk-pixbuf2-tests-2.42.10-1.amzn2023.0.1.aarch64
src:
gdk-pixbuf2-2.42.10-1.amzn2023.0.1.src
x86_64:
gdk-pixbuf2-debuginfo-2.42.10-1.amzn2023.0.1.x86_64
gdk-pixbuf2-devel-debuginfo-2.42.10-1.amzn2023.0.1.x86_64
gdk-pixbuf2-modules-debuginfo-2.42.10-1.amzn2023.0.1.x86_64
gdk-pixbuf2-modules-2.42.10-1.amzn2023.0.1.x86_64
gdk-pixbuf2-debugsource-2.42.10-1.amzn2023.0.1.x86_64
gdk-pixbuf2-devel-2.42.10-1.amzn2023.0.1.x86_64
gdk-pixbuf2-tests-debuginfo-2.42.10-1.amzn2023.0.1.x86_64
gdk-pixbuf2-2.42.10-1.amzn2023.0.1.x86_64
gdk-pixbuf2-tests-2.42.10-1.amzn2023.0.1.x86_64