Amazon Linux 2 Security Advisory: ALAS-2023-2067
Advisory Release Date: 2023-05-25 17:41 Pacific
Advisory Updated Date: 2023-06-01 23:36 Pacific
Severity:
Medium
Issue Overview:
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499. (CVE-2015-10082)
Affected Packages:
libplist
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update libplist to update your system.
New Packages:
aarch64:
libplist-1.12-3.amzn2.0.3.aarch64
libplist-devel-1.12-3.amzn2.0.3.aarch64
libplist-python-1.12-3.amzn2.0.3.aarch64
libplist-debuginfo-1.12-3.amzn2.0.3.aarch64
i686:
libplist-1.12-3.amzn2.0.3.i686
libplist-devel-1.12-3.amzn2.0.3.i686
libplist-python-1.12-3.amzn2.0.3.i686
libplist-debuginfo-1.12-3.amzn2.0.3.i686
src:
libplist-1.12-3.amzn2.0.3.src
x86_64:
libplist-1.12-3.amzn2.0.3.x86_64
libplist-devel-1.12-3.amzn2.0.3.x86_64
libplist-python-1.12-3.amzn2.0.3.x86_64
libplist-debuginfo-1.12-3.amzn2.0.3.x86_64