Amazon Linux 1 Security Advisory: ALAS-2024-1930
Advisory Release Date: 2024-04-25 16:04 Pacific
Advisory Updated Date: 2024-04-25 16:04 Pacific
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. (CVE-2024-2961)
Affected Packages:
glibc
Issue Correction:
Run yum update glibc to update your system.
i686:
nscd-2.17-324.190.amzn1.i686
glibc-static-2.17-324.190.amzn1.i686
glibc-debuginfo-common-2.17-324.190.amzn1.i686
glibc-headers-2.17-324.190.amzn1.i686
glibc-devel-2.17-324.190.amzn1.i686
glibc-utils-2.17-324.190.amzn1.i686
glibc-debuginfo-2.17-324.190.amzn1.i686
glibc-2.17-324.190.amzn1.i686
glibc-common-2.17-324.190.amzn1.i686
src:
glibc-2.17-324.190.amzn1.src
x86_64:
glibc-utils-2.17-324.190.amzn1.x86_64
glibc-debuginfo-common-2.17-324.190.amzn1.x86_64
glibc-devel-2.17-324.190.amzn1.x86_64
glibc-static-2.17-324.190.amzn1.x86_64
glibc-common-2.17-324.190.amzn1.x86_64
glibc-headers-2.17-324.190.amzn1.x86_64
glibc-debuginfo-2.17-324.190.amzn1.x86_64
glibc-2.17-324.190.amzn1.x86_64
nscd-2.17-324.190.amzn1.x86_64