Amazon Linux 2023 Security Advisory: ALAS-2023-343
Advisory Release Date: 2023-09-14 00:54 Pacific
Advisory Updated Date: 2023-09-20 21:34 Pacific
Severity:
Medium
Issue Overview:
Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. (CVE-2023-39615)
Affected Packages:
libxml2
Issue Correction:
Run dnf update libxml2 --releasever 2023.2.20230920 to update your system.
New Packages:
aarch64:
python3-libxml2-debuginfo-2.10.4-1.amzn2023.0.4.aarch64
libxml2-debugsource-2.10.4-1.amzn2023.0.4.aarch64
libxml2-debuginfo-2.10.4-1.amzn2023.0.4.aarch64
libxml2-devel-2.10.4-1.amzn2023.0.4.aarch64
libxml2-static-2.10.4-1.amzn2023.0.4.aarch64
python3-libxml2-2.10.4-1.amzn2023.0.4.aarch64
libxml2-2.10.4-1.amzn2023.0.4.aarch64
src:
libxml2-2.10.4-1.amzn2023.0.4.src
x86_64:
libxml2-debugsource-2.10.4-1.amzn2023.0.4.x86_64
libxml2-debuginfo-2.10.4-1.amzn2023.0.4.x86_64
python3-libxml2-2.10.4-1.amzn2023.0.4.x86_64
libxml2-static-2.10.4-1.amzn2023.0.4.x86_64
libxml2-devel-2.10.4-1.amzn2023.0.4.x86_64
python3-libxml2-debuginfo-2.10.4-1.amzn2023.0.4.x86_64
libxml2-2.10.4-1.amzn2023.0.4.x86_64