Vulmon
Amazon Linux 2 Security Advisory: ALAS-2023-1997
Advisory Release Date: 2023-03-17 16:34 Pacific
Advisory Updated Date: 2023-03-21 23:25 Pacific
Severity:
Medium
Issue Overview:
In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data. (CVE-2022-24599)
Affected Packages:
audiofile
Issue Correction:
Run yum update audiofile to update your system.
New Packages:
aarch64:
audiofile-0.3.6-10.amzn2.aarch64
audiofile-devel-0.3.6-10.amzn2.aarch64
audiofile-debuginfo-0.3.6-10.amzn2.aarch64
i686:
audiofile-0.3.6-10.amzn2.i686
audiofile-devel-0.3.6-10.amzn2.i686
audiofile-debuginfo-0.3.6-10.amzn2.i686
src:
audiofile-0.3.6-10.amzn2.src
x86_64:
audiofile-0.3.6-10.amzn2.x86_64
audiofile-devel-0.3.6-10.amzn2.x86_64
audiofile-debuginfo-0.3.6-10.amzn2.x86_64