Amazon Linux 1 Security Advisory: ALAS-2023-1841
Advisory Release Date: 2023-09-27 22:15 Pacific
Advisory Updated Date: 2023-10-06 00:53 Pacific
Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. (CVE-2023-39615)
Affected Packages:
libxml2
Issue Correction:
Run yum update libxml2 to update your system.
i686:
libxml2-devel-2.9.1-6.6.43.amzn1.i686
libxml2-2.9.1-6.6.43.amzn1.i686
libxml2-debuginfo-2.9.1-6.6.43.amzn1.i686
libxml2-static-2.9.1-6.6.43.amzn1.i686
libxml2-python27-2.9.1-6.6.43.amzn1.i686
libxml2-python26-2.9.1-6.6.43.amzn1.i686
src:
libxml2-2.9.1-6.6.43.amzn1.src
x86_64:
libxml2-python26-2.9.1-6.6.43.amzn1.x86_64
libxml2-2.9.1-6.6.43.amzn1.x86_64
libxml2-debuginfo-2.9.1-6.6.43.amzn1.x86_64
libxml2-python27-2.9.1-6.6.43.amzn1.x86_64
libxml2-static-2.9.1-6.6.43.amzn1.x86_64
libxml2-devel-2.9.1-6.6.43.amzn1.x86_64