Amazon Linux 2023 Security Advisory: ALAS2023-2025-1311
Advisory Released Date: 2025-12-08
Advisory Updated Date: 2025-12-08
Severity:
Important
Issue Overview:
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string. (CVE-2025-13601)
Affected Packages:
glib2
Issue Correction:
Run dnf update glib2 --releasever 2023.9.20251208 or dnf update --advisory ALAS2023-2025-1311 --releasever 2023.9.20251208 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
glib2-static-2.82.2-767.amzn2023.aarch64
glib2-devel-debuginfo-2.82.2-767.amzn2023.aarch64
glib2-debuginfo-2.82.2-767.amzn2023.aarch64
glib2-2.82.2-767.amzn2023.aarch64
glib2-devel-2.82.2-767.amzn2023.aarch64
glib2-debugsource-2.82.2-767.amzn2023.aarch64
glib2-tests-2.82.2-767.amzn2023.aarch64
glib2-tests-debuginfo-2.82.2-767.amzn2023.aarch64
glib2-doc-2.82.2-767.amzn2023.aarch64
src:
glib2-2.82.2-767.amzn2023.src
x86_64:
glib2-devel-debuginfo-2.82.2-767.amzn2023.x86_64
glib2-static-2.82.2-767.amzn2023.x86_64
glib2-debuginfo-2.82.2-767.amzn2023.x86_64
glib2-debugsource-2.82.2-767.amzn2023.x86_64
glib2-2.82.2-767.amzn2023.x86_64
glib2-devel-2.82.2-767.amzn2023.x86_64
glib2-tests-debuginfo-2.82.2-767.amzn2023.x86_64
glib2-tests-2.82.2-767.amzn2023.x86_64
glib2-doc-2.82.2-767.amzn2023.x86_64