Medium: libxml2

Issue Overview:

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2807)

A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language (XPointer) expressions. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3102)

Affected Packages:

libxml2

Issue Correction:
Run yum update libxml2 to update your system.

New Packages:

i686:  
    libxml2-debuginfo-2.7.8-9.22.amzn1.i686  
    libxml2-static-2.7.8-9.22.amzn1.i686  
    libxml2-devel-2.7.8-9.22.amzn1.i686  
    libxml2-2.7.8-9.22.amzn1.i686  
    libxml2-python-2.7.8-9.22.amzn1.i686  
  
src:  
    libxml2-2.7.8-9.22.amzn1.src  
  
x86_64:  
    libxml2-2.7.8-9.22.amzn1.x86_64  
    libxml2-debuginfo-2.7.8-9.22.amzn1.x86_64  
    libxml2-devel-2.7.8-9.22.amzn1.x86_64  
    libxml2-python-2.7.8-9.22.amzn1.x86_64  
    libxml2-static-2.7.8-9.22.amzn1.x86_64  

Additional References

Red Hat: CVE-2011-3102, CVE-2012-2807

Mitre: CVE-2011-3102, CVE-2012-2807