Amazon Linux 1 Security Advisory: ALAS-2023-1874
Advisory Release Date: 2023-10-30 23:31 Pacific
Advisory Updated Date: 2023-11-03 17:58 Pacific
libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail." (CVE-2023-45322)
Affected Packages:
libxml2
Issue Correction:
Run yum update libxml2 to update your system.
i686:
libxml2-static-2.9.1-6.6.44.amzn1.i686
libxml2-devel-2.9.1-6.6.44.amzn1.i686
libxml2-python26-2.9.1-6.6.44.amzn1.i686
libxml2-python27-2.9.1-6.6.44.amzn1.i686
libxml2-2.9.1-6.6.44.amzn1.i686
libxml2-debuginfo-2.9.1-6.6.44.amzn1.i686
src:
libxml2-2.9.1-6.6.44.amzn1.src
x86_64:
libxml2-python26-2.9.1-6.6.44.amzn1.x86_64
libxml2-devel-2.9.1-6.6.44.amzn1.x86_64
libxml2-debuginfo-2.9.1-6.6.44.amzn1.x86_64
libxml2-python27-2.9.1-6.6.44.amzn1.x86_64
libxml2-2.9.1-6.6.44.amzn1.x86_64
libxml2-static-2.9.1-6.6.44.amzn1.x86_64