Amazon Linux 2 Security Advisory: ALAS2-2023-2106
Advisory Released Date: 2023-06-27
Advisory Updated Date: 2023-06-29
Severity:
Medium
Issue Overview:
An out-of-bounds write vulnerability was found in libFlak. The vulnerability occurs due to a missing bounds check. This flaw allows a local attacker without additional execution privileges to cause local information disclosure. (CVE-2021-0561)
Affected Packages:
flac
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update flac to update your system.
New Packages:
aarch64:
flac-1.3.0-5.amzn2.0.4.aarch64
flac-libs-1.3.0-5.amzn2.0.4.aarch64
flac-devel-1.3.0-5.amzn2.0.4.aarch64
flac-debuginfo-1.3.0-5.amzn2.0.4.aarch64
i686:
flac-1.3.0-5.amzn2.0.4.i686
flac-libs-1.3.0-5.amzn2.0.4.i686
flac-devel-1.3.0-5.amzn2.0.4.i686
flac-debuginfo-1.3.0-5.amzn2.0.4.i686
src:
flac-1.3.0-5.amzn2.0.4.src
x86_64:
flac-1.3.0-5.amzn2.0.4.x86_64
flac-libs-1.3.0-5.amzn2.0.4.x86_64
flac-devel-1.3.0-5.amzn2.0.4.x86_64
flac-debuginfo-1.3.0-5.amzn2.0.4.x86_64