Amazon Linux 2022 Security Advisory: ALAS-2022-198
Advisory Release Date: 2022-11-01 21:25 Pacific
Advisory Updated Date: 2022-11-03 20:56 Pacific
Severity:
Medium
Issue Overview:
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. (CVE-2022-23308)
A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the xmlBuffer types. A substantial input causes values to calculate buffer sizes to overflow, resulting in an out-of-bounds write. (CVE-2022-29824)
Affected Packages:
libxml2
Issue Correction:
Run dnf update libxml2 --releasever=2022.0.20221102 to update your system.
New Packages:
aarch64:
libxml2-static-2.9.14-1.amzn2022.0.1.aarch64
libxml2-debugsource-2.9.14-1.amzn2022.0.1.aarch64
python3-libxml2-debuginfo-2.9.14-1.amzn2022.0.1.aarch64
libxml2-debuginfo-2.9.14-1.amzn2022.0.1.aarch64
libxml2-devel-2.9.14-1.amzn2022.0.1.aarch64
python3-libxml2-2.9.14-1.amzn2022.0.1.aarch64
libxml2-2.9.14-1.amzn2022.0.1.aarch64
src:
libxml2-2.9.14-1.amzn2022.0.1.src
x86_64:
python3-libxml2-debuginfo-2.9.14-1.amzn2022.0.1.x86_64
libxml2-static-2.9.14-1.amzn2022.0.1.x86_64
libxml2-debuginfo-2.9.14-1.amzn2022.0.1.x86_64
libxml2-debugsource-2.9.14-1.amzn2022.0.1.x86_64
python3-libxml2-2.9.14-1.amzn2022.0.1.x86_64
libxml2-2.9.14-1.amzn2022.0.1.x86_64
libxml2-devel-2.9.14-1.amzn2022.0.1.x86_64