Vulmon
Amazon Linux 2022 Security Advisory: ALAS-2022-181
Advisory Release Date: 2022-11-01 21:24 Pacific
Advisory Updated Date: 2022-11-03 21:00 Pacific
Severity:
Medium
References:
CVE-2021-45931
Issue Overview:
HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy). (CVE-2021-45931)
Affected Packages:
harfbuzz
Issue Correction:
Run dnf update harfbuzz --releasever=2022.0.20221102 to update your system.
New Packages:
aarch64:
harfbuzz-debuginfo-2.9.1-1.amzn2022.0.2.aarch64
harfbuzz-icu-debuginfo-2.9.1-1.amzn2022.0.2.aarch64
harfbuzz-icu-2.9.1-1.amzn2022.0.2.aarch64
harfbuzz-devel-debuginfo-2.9.1-1.amzn2022.0.2.aarch64
harfbuzz-2.9.1-1.amzn2022.0.2.aarch64
harfbuzz-debugsource-2.9.1-1.amzn2022.0.2.aarch64
harfbuzz-devel-2.9.1-1.amzn2022.0.2.aarch64
i686:
harfbuzz-debuginfo-2.9.1-1.amzn2022.0.2.i686
harfbuzz-2.9.1-1.amzn2022.0.2.i686
harfbuzz-debugsource-2.9.1-1.amzn2022.0.2.i686
harfbuzz-devel-2.9.1-1.amzn2022.0.2.i686
harfbuzz-devel-debuginfo-2.9.1-1.amzn2022.0.2.i686
harfbuzz-icu-debuginfo-2.9.1-1.amzn2022.0.2.i686
harfbuzz-icu-2.9.1-1.amzn2022.0.2.i686
src:
harfbuzz-2.9.1-1.amzn2022.0.2.src
x86_64:
harfbuzz-debuginfo-2.9.1-1.amzn2022.0.2.x86_64
harfbuzz-icu-debuginfo-2.9.1-1.amzn2022.0.2.x86_64
harfbuzz-icu-2.9.1-1.amzn2022.0.2.x86_64
harfbuzz-devel-debuginfo-2.9.1-1.amzn2022.0.2.x86_64
harfbuzz-2.9.1-1.amzn2022.0.2.x86_64
harfbuzz-devel-2.9.1-1.amzn2022.0.2.x86_64
harfbuzz-debugsource-2.9.1-1.amzn2022.0.2.x86_64