ALAS2-2021-1599

Affecting glibc-langpack-en package, versions <2.26-40.amzn2

Report new vulnerabilities
high severity
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to ALAS2-2021-1599. Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2019-25013: A flaw was found in glibc. When processing input in the EUC-KR encoding, an invalid input sequence could cause glibc to read beyond the end of a buffer, resulting in a segmentation fault. The highest threat from this vulnerability is to system availability. 1912960: CVE-2019-25013 glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding

Remediation

Upgrade glibc-langpack-en to version or higher.

References

CVE
ALAS2-2021-1599
Snyk ID
SNYK-AMZN2-GLIBCLANGPACKEN-1077251
Published
20 Feb, 2021