ALAS-2018-1072


Amazon Linux 1 Security Advisory: ALAS-2018-1072
Advisory Release Date: 2018-09-05 19:31 Pacific
Advisory Updated Date: 2018-09-06 22:00 Pacific
Severity: Medium

Issue Overview:

A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.(CVE-2018-14404)


Affected Packages:

libxml2


Issue Correction:
Run yum update libxml2 to update your system.

New Packages:
i686:
    libxml2-devel-2.9.1-6.3.52.amzn1.i686
    libxml2-static-2.9.1-6.3.52.amzn1.i686
    libxml2-debuginfo-2.9.1-6.3.52.amzn1.i686
    libxml2-2.9.1-6.3.52.amzn1.i686
    libxml2-python26-2.9.1-6.3.52.amzn1.i686
    libxml2-python27-2.9.1-6.3.52.amzn1.i686

src:
    libxml2-2.9.1-6.3.52.amzn1.src

x86_64:
    libxml2-static-2.9.1-6.3.52.amzn1.x86_64
    libxml2-2.9.1-6.3.52.amzn1.x86_64
    libxml2-python27-2.9.1-6.3.52.amzn1.x86_64
    libxml2-debuginfo-2.9.1-6.3.52.amzn1.x86_64
    libxml2-devel-2.9.1-6.3.52.amzn1.x86_64
    libxml2-python26-2.9.1-6.3.52.amzn1.x86_64