Amazon Linux 2 Security Advisory: ALAS2-2025-3074
Advisory Released Date: 2025-11-10
Advisory Updated Date: 2025-11-10
Severity:
Medium
Issue Overview:
A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. (CVE-2025-11277)
Affected Packages:
qt5-qt3d
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update qt5-qt3d or yum update --advisory ALAS2-2025-3074 to update your system.
New Packages:
aarch64:
qt5-qt3d-5.15.3-1.amzn2.0.7.aarch64
qt5-qt3d-devel-5.15.3-1.amzn2.0.7.aarch64
qt5-qt3d-examples-5.15.3-1.amzn2.0.7.aarch64
qt5-qt3d-debuginfo-5.15.3-1.amzn2.0.7.aarch64
i686:
qt5-qt3d-5.15.3-1.amzn2.0.7.i686
qt5-qt3d-devel-5.15.3-1.amzn2.0.7.i686
qt5-qt3d-examples-5.15.3-1.amzn2.0.7.i686
qt5-qt3d-debuginfo-5.15.3-1.amzn2.0.7.i686
src:
qt5-qt3d-5.15.3-1.amzn2.0.7.src
x86_64:
qt5-qt3d-5.15.3-1.amzn2.0.7.x86_64
qt5-qt3d-devel-5.15.3-1.amzn2.0.7.x86_64
qt5-qt3d-examples-5.15.3-1.amzn2.0.7.x86_64
qt5-qt3d-debuginfo-5.15.3-1.amzn2.0.7.x86_64