Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2022-2022-173

Related Vulnerabilities: CVE-2021-4048  

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack and OpenBLAS. A specially crafted input passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. (CVE-2021-4048)

Source

ALAS2022-2022-173

Amazon Linux 2022 Security Advisory: ALAS-2022-173
Advisory Release Date: 2022-11-01 21:24 Pacific
Advisory Updated Date: 2022-11-03 21:01 Pacific
Severity: Medium
References: CVE-2021-4048 
Issue Overview:

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack and OpenBLAS. A specially crafted input passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. (CVE-2021-4048)


Affected Packages:

lapack


Issue Correction:
Run dnf update lapack --releasever=2022.0.20221102 to update your system.

New Packages:
aarch64:
    lapack-static-3.10.0-4.amzn2022.0.2.aarch64
    blas-static-3.10.0-4.amzn2022.0.2.aarch64
    lapack64_-3.10.0-4.amzn2022.0.2.aarch64
    blas-devel-3.10.0-4.amzn2022.0.2.aarch64
    blas64_-3.10.0-4.amzn2022.0.2.aarch64
    lapack-devel-3.10.0-4.amzn2022.0.2.aarch64
    lapack64-3.10.0-4.amzn2022.0.2.aarch64
    blas64-3.10.0-4.amzn2022.0.2.aarch64
    blas-3.10.0-4.amzn2022.0.2.aarch64
    lapack-3.10.0-4.amzn2022.0.2.aarch64

i686:
    lapack-static-3.10.0-4.amzn2022.0.2.i686
    blas-static-3.10.0-4.amzn2022.0.2.i686
    lapack-devel-3.10.0-4.amzn2022.0.2.i686
    lapack-3.10.0-4.amzn2022.0.2.i686
    blas-3.10.0-4.amzn2022.0.2.i686
    blas-devel-3.10.0-4.amzn2022.0.2.i686

src:
    lapack-3.10.0-4.amzn2022.0.2.src

x86_64:
    blas-static-3.10.0-4.amzn2022.0.2.x86_64
    blas64-3.10.0-4.amzn2022.0.2.x86_64
    lapack-static-3.10.0-4.amzn2022.0.2.x86_64
    lapack-devel-3.10.0-4.amzn2022.0.2.x86_64
    lapack64-3.10.0-4.amzn2022.0.2.x86_64
    blas64_-3.10.0-4.amzn2022.0.2.x86_64
    lapack64_-3.10.0-4.amzn2022.0.2.x86_64
    blas-devel-3.10.0-4.amzn2022.0.2.x86_64
    blas-3.10.0-4.amzn2022.0.2.x86_64
    lapack-3.10.0-4.amzn2022.0.2.x86_64

Additional References

Red Hat: CVE-2021-4048

Mitre: CVE-2021-4048

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started