ALAS-2023-1749

Amazon Linux 1 (EOL) Security Advisory: ALAS-2023-1749
Advisory Released Date: 2023-05-16
Advisory Updated Date: 2023-05-23

Severity: Important

References: CVE-2018-16429
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). (CVE-2018-16429)

Affected Packages:

glib2

Issue Correction:
Run yum update glib2 to update your system.

New Packages:

i686:
    glib2-devel-2.36.3-5.24.amzn1.i686
    glib2-2.36.3-5.24.amzn1.i686
    glib2-fam-2.36.3-5.24.amzn1.i686
    glib2-debuginfo-2.36.3-5.24.amzn1.i686

noarch:
    glib2-doc-2.36.3-5.24.amzn1.noarch

src:
    glib2-2.36.3-5.24.amzn1.src

x86_64:
    glib2-devel-2.36.3-5.24.amzn1.x86_64
    glib2-fam-2.36.3-5.24.amzn1.x86_64
    glib2-2.36.3-5.24.amzn1.x86_64
    glib2-debuginfo-2.36.3-5.24.amzn1.x86_64

Additional References

Red Hat: CVE-2018-16429

Mitre: CVE-2018-16429