ALAS-2015-554

Amazon Linux 1 (EOL) Security Advisory: ALAS-2015-554
Advisory Released Date: 2015-06-22
Advisory Updated Date: 2015-06-24

Severity: Medium

References: CVE-2015-3905
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A buffer overflow flaw was found in the way t1utils processed, for example, certain PFB (Printer Font Binary) files. An attacker could use this flaw to potentially execute arbitrary code by tricking a user into processing a specially crafted PFB file with t1utils.

Affected Packages:

t1utils

Issue Correction:
Run yum update t1utils to update your system.

New Packages:

i686:
    t1utils-1.39-1.3.amzn1.i686
    t1utils-debuginfo-1.39-1.3.amzn1.i686

src:
    t1utils-1.39-1.3.amzn1.src

x86_64:
    t1utils-debuginfo-1.39-1.3.amzn1.x86_64
    t1utils-1.39-1.3.amzn1.x86_64

Additional References

Red Hat: CVE-2015-3905

Mitre: CVE-2015-3905