Amazon Linux 2023 Security Advisory: ALAS2023-2023-188
Advisory Released Date: 2023-06-07
Advisory Updated Date: 2023-06-07
Severity:
Medium
Issue Overview:
An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c. (CVE-2023-2004)
Affected Packages:
freetype
Issue Correction:
Run dnf update freetype --releasever 2023.0.20230607 or dnf update --advisory ALAS2023-2023-188 --releasever 2023.0.20230607 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
freetype-debuginfo-2.13.0-2.amzn2023.0.1.aarch64
freetype-2.13.0-2.amzn2023.0.1.aarch64
freetype-demos-debuginfo-2.13.0-2.amzn2023.0.1.aarch64
freetype-demos-2.13.0-2.amzn2023.0.1.aarch64
freetype-devel-2.13.0-2.amzn2023.0.1.aarch64
freetype-debugsource-2.13.0-2.amzn2023.0.1.aarch64
src:
freetype-2.13.0-2.amzn2023.0.1.src
x86_64:
freetype-debuginfo-2.13.0-2.amzn2023.0.1.x86_64
freetype-demos-2.13.0-2.amzn2023.0.1.x86_64
freetype-devel-2.13.0-2.amzn2023.0.1.x86_64
freetype-2.13.0-2.amzn2023.0.1.x86_64
freetype-demos-debuginfo-2.13.0-2.amzn2023.0.1.x86_64
freetype-debugsource-2.13.0-2.amzn2023.0.1.x86_64
Changelog:
2025-09-09: CVE-2022-27405 was removed from this advisory.
2025-09-09: CVE-2022-27406 was removed from this advisory.