Amazon Linux 2022 Security Advisory: ALAS-2022-068
Advisory Release Date: 2022-05-18 13:53 Pacific
Advisory Updated Date: 2022-05-19 18:13 Pacific
Severity:
Medium
Issue Overview:
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. (CVE-2022-23308)
A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the xmlBuffer types. A substantial input causes values to calculate buffer sizes to overflow, resulting in an out-of-bounds write. (CVE-2022-29824)
Affected Packages:
libxml2
Issue Correction:
Run dnf update --releasever=2022.0.20220518 libxml2 to update your system.
New Packages:
aarch64:
libxml2-static-2.9.14-1.amzn2022.aarch64
libxml2-debugsource-2.9.14-1.amzn2022.aarch64
python3-libxml2-debuginfo-2.9.14-1.amzn2022.aarch64
libxml2-debuginfo-2.9.14-1.amzn2022.aarch64
python3-libxml2-2.9.14-1.amzn2022.aarch64
libxml2-2.9.14-1.amzn2022.aarch64
libxml2-devel-2.9.14-1.amzn2022.aarch64
src:
libxml2-2.9.14-1.amzn2022.src
x86_64:
libxml2-static-2.9.14-1.amzn2022.x86_64
python3-libxml2-debuginfo-2.9.14-1.amzn2022.x86_64
libxml2-debugsource-2.9.14-1.amzn2022.x86_64
libxml2-devel-2.9.14-1.amzn2022.x86_64
libxml2-2.9.14-1.amzn2022.x86_64
python3-libxml2-2.9.14-1.amzn2022.x86_64
libxml2-debuginfo-2.9.14-1.amzn2022.x86_64