Amazon Linux 2023 Security Advisory: ALAS2023-2023-352
Advisory Released Date: 2023-09-20
Advisory Updated Date: 2025-09-09
Severity:
Medium
Issue Overview:
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. (CVE-2021-44648)
Affected Packages:
gdk-pixbuf2
Issue Correction:
Run dnf update gdk-pixbuf2 --releasever 2023.2.20230920 or dnf update --advisory ALAS2023-2023-352 --releasever 2023.2.20230920 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
gdk-pixbuf2-modules-debuginfo-2.42.10-1.amzn2023.0.1.aarch64
gdk-pixbuf2-tests-debuginfo-2.42.10-1.amzn2023.0.1.aarch64
gdk-pixbuf2-debuginfo-2.42.10-1.amzn2023.0.1.aarch64
gdk-pixbuf2-devel-debuginfo-2.42.10-1.amzn2023.0.1.aarch64
gdk-pixbuf2-debugsource-2.42.10-1.amzn2023.0.1.aarch64
gdk-pixbuf2-modules-2.42.10-1.amzn2023.0.1.aarch64
gdk-pixbuf2-2.42.10-1.amzn2023.0.1.aarch64
gdk-pixbuf2-devel-2.42.10-1.amzn2023.0.1.aarch64
gdk-pixbuf2-tests-2.42.10-1.amzn2023.0.1.aarch64
src:
gdk-pixbuf2-2.42.10-1.amzn2023.0.1.src
x86_64:
gdk-pixbuf2-debuginfo-2.42.10-1.amzn2023.0.1.x86_64
gdk-pixbuf2-devel-debuginfo-2.42.10-1.amzn2023.0.1.x86_64
gdk-pixbuf2-modules-debuginfo-2.42.10-1.amzn2023.0.1.x86_64
gdk-pixbuf2-modules-2.42.10-1.amzn2023.0.1.x86_64
gdk-pixbuf2-debugsource-2.42.10-1.amzn2023.0.1.x86_64
gdk-pixbuf2-devel-2.42.10-1.amzn2023.0.1.x86_64
gdk-pixbuf2-tests-debuginfo-2.42.10-1.amzn2023.0.1.x86_64
gdk-pixbuf2-2.42.10-1.amzn2023.0.1.x86_64
gdk-pixbuf2-tests-2.42.10-1.amzn2023.0.1.x86_64
Changelog:
2025-09-09: CVE-2021-46829 was removed from this advisory.