Amazon Linux 2023 Security Advisory: ALAS-2024-551
Advisory Release Date: 2024-02-29 10:29 Pacific
Advisory Updated Date: 2024-03-05 12:00 Pacific
Severity:
Medium
Issue Overview:
Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. (CVE-2023-5841)
Affected Packages:
openexr
Issue Correction:
Run dnf update openexr --releasever 2023.3.20240304 to update your system.
New Packages:
aarch64:
openexr-libs-debuginfo-3.1.5-1.amzn2023.0.4.aarch64
openexr-debuginfo-3.1.5-1.amzn2023.0.4.aarch64
openexr-3.1.5-1.amzn2023.0.4.aarch64
openexr-devel-3.1.5-1.amzn2023.0.4.aarch64
openexr-libs-3.1.5-1.amzn2023.0.4.aarch64
openexr-debugsource-3.1.5-1.amzn2023.0.4.aarch64
src:
openexr-3.1.5-1.amzn2023.0.4.src
x86_64:
openexr-libs-debuginfo-3.1.5-1.amzn2023.0.4.x86_64
openexr-3.1.5-1.amzn2023.0.4.x86_64
openexr-debuginfo-3.1.5-1.amzn2023.0.4.x86_64
openexr-libs-3.1.5-1.amzn2023.0.4.x86_64
openexr-devel-3.1.5-1.amzn2023.0.4.x86_64
openexr-debugsource-3.1.5-1.amzn2023.0.4.x86_64