ALAS2-2021-1599
Affecting glibc-langpack-en package, versions <2.26-40.amzn2
Report new vulnerabilities
high severity
Do your applications use this vulnerable package?
Test your applications
Overview
Affected versions of this package are vulnerable to ALAS2-2021-1599. Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2019-25013: A flaw was found in glibc. When processing input in the EUC-KR encoding, an invalid input sequence could cause glibc to read beyond the end of a buffer, resulting in a segmentation fault. The highest threat from this vulnerability is to system availability. 1912960: CVE-2019-25013 glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding
Remediation
Upgrade glibc-langpack-en to version or higher.
References
- CVE
- ALAS2-2021-1599
- Snyk ID
- SNYK-AMZN2-GLIBCLANGPACKEN-1077251
- Published
- 20 Feb, 2021