Amazon Linux 2023 Security Advisory: ALAS2023-2025-992
Advisory Released Date: 2025-06-02
Advisory Updated Date: 2025-06-02
Severity:
Low
References:
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
RUSTSEC-2024-0429 is a vulnerability discovered in the glib Rust crate affecting versions prior to 0.20.0. The issue involves unsoundness in Iterator and DoubleEndedIterator implementations for glib::VariantStrIter, where passing an immutable reference to a function that mutates the data behind the pointer violates Rust's invariants.
Affected Packages:
librsvg2
Issue Correction:
Run dnf update librsvg2 --releasever 2023.7.20250527 to update. your system.
New Packages:
aarch64:
librsvg2-debuginfo-2.59.2-317.amzn2023.aarch64
rsvg-pixbuf-loader-debuginfo-2.59.2-317.amzn2023.aarch64
librsvg2-tools-debuginfo-2.59.2-317.amzn2023.aarch64
rsvg-pixbuf-loader-2.59.2-317.amzn2023.aarch64
librsvg2-tools-2.59.2-317.amzn2023.aarch64
librsvg2-devel-2.59.2-317.amzn2023.aarch64
librsvg2-2.59.2-317.amzn2023.aarch64
librsvg2-debugsource-2.59.2-317.amzn2023.aarch64
src:
librsvg2-2.59.2-317.amzn2023.src
x86_64:
librsvg2-debuginfo-2.59.2-317.amzn2023.x86_64
rsvg-pixbuf-loader-debuginfo-2.59.2-317.amzn2023.x86_64
librsvg2-tools-debuginfo-2.59.2-317.amzn2023.x86_64
librsvg2-devel-2.59.2-317.amzn2023.x86_64
rsvg-pixbuf-loader-2.59.2-317.amzn2023.x86_64
librsvg2-tools-2.59.2-317.amzn2023.x86_64
librsvg2-2.59.2-317.amzn2023.x86_64
librsvg2-debugsource-2.59.2-317.amzn2023.x86_64