ALAS-2025-862

Amazon Linux 2023 Security Advisory: ALAS-2025-862
Advisory Release Date: 2025-02-12 22:57 Pacific
Advisory Updated Date: 2025-02-21 13:45 Pacific
Severity: Important
Issue Overview:

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. (CVE-2022-49043)


Affected Packages:

libxml2


Issue Correction:
Run dnf update libxml2 --releasever 2023.6.20250218 to update your system.

New Packages:
aarch64:
    libxml2-debuginfo-2.10.4-1.amzn2023.0.8.aarch64
    libxml2-debugsource-2.10.4-1.amzn2023.0.8.aarch64
    libxml2-static-2.10.4-1.amzn2023.0.8.aarch64
    python3-libxml2-debuginfo-2.10.4-1.amzn2023.0.8.aarch64
    libxml2-2.10.4-1.amzn2023.0.8.aarch64
    python3-libxml2-2.10.4-1.amzn2023.0.8.aarch64
    libxml2-devel-2.10.4-1.amzn2023.0.8.aarch64

src:
    libxml2-2.10.4-1.amzn2023.0.8.src

x86_64:
    libxml2-debugsource-2.10.4-1.amzn2023.0.8.x86_64
    libxml2-static-2.10.4-1.amzn2023.0.8.x86_64
    python3-libxml2-debuginfo-2.10.4-1.amzn2023.0.8.x86_64
    libxml2-debuginfo-2.10.4-1.amzn2023.0.8.x86_64
    python3-libxml2-2.10.4-1.amzn2023.0.8.x86_64
    libxml2-devel-2.10.4-1.amzn2023.0.8.x86_64
    libxml2-2.10.4-1.amzn2023.0.8.x86_64

Additional References

Red Hat: CVE-2022-49043

Mitre: CVE-2022-49043