ALAS2023-2025-1069

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1069
Advisory Released Date: 2025-07-10
Advisory Updated Date: 2025-07-10
Severity: Important
Issue Overview:

A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. (CVE-2025-3360)

A flaw was found in how GLib's GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn't. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption. (CVE-2025-6052)


Affected Packages:

glib2


Issue Correction:
Run dnf update glib2 --releasever 2023.8.20250707 to update your system.

New Packages:
aarch64:
    glib2-debuginfo-2.82.2-766.amzn2023.aarch64
    glib2-devel-debuginfo-2.82.2-766.amzn2023.aarch64
    glib2-static-2.82.2-766.amzn2023.aarch64
    glib2-2.82.2-766.amzn2023.aarch64
    glib2-devel-2.82.2-766.amzn2023.aarch64
    glib2-debugsource-2.82.2-766.amzn2023.aarch64
    glib2-tests-2.82.2-766.amzn2023.aarch64
    glib2-tests-debuginfo-2.82.2-766.amzn2023.aarch64
    glib2-doc-2.82.2-766.amzn2023.aarch64

src:
    glib2-2.82.2-766.amzn2023.src

x86_64:
    glib2-static-2.82.2-766.amzn2023.x86_64
    glib2-debuginfo-2.82.2-766.amzn2023.x86_64
    glib2-devel-debuginfo-2.82.2-766.amzn2023.x86_64
    glib2-2.82.2-766.amzn2023.x86_64
    glib2-debugsource-2.82.2-766.amzn2023.x86_64
    glib2-devel-2.82.2-766.amzn2023.x86_64
    glib2-tests-debuginfo-2.82.2-766.amzn2023.x86_64
    glib2-tests-2.82.2-766.amzn2023.x86_64
    glib2-doc-2.82.2-766.amzn2023.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-3360, CVE-2025-6052

Mitre: CVE-2025-3360, CVE-2025-6052