Amazon Linux 1 (EOL) Security Advisory: ALAS-2024-1930
Advisory Released Date: 2024-04-29
Advisory Updated Date: 2024-04-29
Severity:
Important
Issue Overview:
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. (CVE-2024-2961)
Affected Packages:
glibc
Issue Correction:
Run yum update glibc to update your system.
New Packages:
i686:
nscd-2.17-324.190.amzn1.i686
glibc-static-2.17-324.190.amzn1.i686
glibc-debuginfo-common-2.17-324.190.amzn1.i686
glibc-headers-2.17-324.190.amzn1.i686
glibc-devel-2.17-324.190.amzn1.i686
glibc-utils-2.17-324.190.amzn1.i686
glibc-debuginfo-2.17-324.190.amzn1.i686
glibc-2.17-324.190.amzn1.i686
glibc-common-2.17-324.190.amzn1.i686
src:
glibc-2.17-324.190.amzn1.src
x86_64:
glibc-utils-2.17-324.190.amzn1.x86_64
glibc-debuginfo-common-2.17-324.190.amzn1.x86_64
glibc-devel-2.17-324.190.amzn1.x86_64
glibc-static-2.17-324.190.amzn1.x86_64
glibc-common-2.17-324.190.amzn1.x86_64
glibc-headers-2.17-324.190.amzn1.x86_64
glibc-debuginfo-2.17-324.190.amzn1.x86_64
glibc-2.17-324.190.amzn1.x86_64
nscd-2.17-324.190.amzn1.x86_64