logo
DATABASE RESOURCES PRICING ABOUT US

Medium: libxml2

Description

**Issue Overview:** A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.(CVE-2018-14404) **Affected Packages:** libxml2 **Issue Correction:** Run _yum update libxml2_ to update your system. **New Packages:** i686:     libxml2-devel-2.9.1-6.3.52.amzn1.i686     libxml2-static-2.9.1-6.3.52.amzn1.i686     libxml2-debuginfo-2.9.1-6.3.52.amzn1.i686     libxml2-2.9.1-6.3.52.amzn1.i686     libxml2-python26-2.9.1-6.3.52.amzn1.i686     libxml2-python27-2.9.1-6.3.52.amzn1.i686 src:     libxml2-2.9.1-6.3.52.amzn1.src x86_64:     libxml2-static-2.9.1-6.3.52.amzn1.x86_64     libxml2-2.9.1-6.3.52.amzn1.x86_64     libxml2-python27-2.9.1-6.3.52.amzn1.x86_64     libxml2-debuginfo-2.9.1-6.3.52.amzn1.x86_64     libxml2-devel-2.9.1-6.3.52.amzn1.x86_64     libxml2-python26-2.9.1-6.3.52.amzn1.x86_64


Affected Package


OS OS Version Package Name Package Version
Amazon Linux 1 libxml2-devel 2.9.1-6.3.52.amzn1
Amazon Linux 1 libxml2-static 2.9.1-6.3.52.amzn1
Amazon Linux 1 libxml2-debuginfo 2.9.1-6.3.52.amzn1
Amazon Linux 1 libxml2 2.9.1-6.3.52.amzn1
Amazon Linux 1 libxml2-python26 2.9.1-6.3.52.amzn1
Amazon Linux 1 libxml2-python27 2.9.1-6.3.52.amzn1
Amazon Linux 1 libxml2 2.9.1-6.3.52.amzn1
Amazon Linux 1 libxml2-static 2.9.1-6.3.52.amzn1
Amazon Linux 1 libxml2 2.9.1-6.3.52.amzn1
Amazon Linux 1 libxml2-python27 2.9.1-6.3.52.amzn1
Amazon Linux 1 libxml2-debuginfo 2.9.1-6.3.52.amzn1
Amazon Linux 1 libxml2-devel 2.9.1-6.3.52.amzn1
Amazon Linux 1 libxml2-python26 2.9.1-6.3.52.amzn1

Related