ALAS-2023-1764

Amazon Linux 1 (EOL) Security Advisory: ALAS-2023-1764
Advisory Released Date: 2023-06-08
Advisory Updated Date: 2023-06-08

Severity: Medium

References: CVE-2022-27406
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A segmentation fault was found in FreeType's FT_Request_Size() function in the ftobjs.c file. This flaw allows an attacker to access a memory location in a way that could cause an application to halt or crash, leading to a denial of service. (CVE-2022-27406)

Affected Packages:

freetype

Issue Correction:
Run yum update freetype or yum update --advisory ALAS-2023-1764 to update your system.

New Packages:

i686:
    freetype-devel-2.3.11-19.16.amzn1.i686
    freetype-debuginfo-2.3.11-19.16.amzn1.i686
    freetype-2.3.11-19.16.amzn1.i686
    freetype-demos-2.3.11-19.16.amzn1.i686

src:
    freetype-2.3.11-19.16.amzn1.src

x86_64:
    freetype-2.3.11-19.16.amzn1.x86_64
    freetype-devel-2.3.11-19.16.amzn1.x86_64
    freetype-debuginfo-2.3.11-19.16.amzn1.x86_64
    freetype-demos-2.3.11-19.16.amzn1.x86_64

Additional References

Red Hat: CVE-2022-27406

Mitre: CVE-2022-27406