Medium: xerces-c

🗓️ 04 Mar 2024 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 1 Views

Update xerces-c on Amazon Linux 2 to fix CVE-2024-23807 via yum update ALAS2-2024-2476.

Reporter	Title	Published	Views	Family All 183
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise & IBM Integration Bus are affected by vulnerabilities in Apache Xerces-C 3.0.0 to 3.2.2 XML parser (CVE-2018-1311)	20 Jan 202105:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware	15 Apr 202502:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V	18 Jun 202422:03	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in Apache Xerces C++ XML parser may affect IBM Storage Protect HSM for Windows	17 Jun 202415:46	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Xerces-C (CVE-2018-1311)	17 Nov 202116:26	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been fixed in the IBM Security Access Manager and IBM Security Verify Access products	14 Oct 202016:31	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty and Apache Xerces C++ XML parser may affect IBM Storage Protect for Space Management	28 Jun 202408:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect Backup-Archive Client	18 Jun 202420:51	–	ibm
ATTACKERKB	CVE-2024-23807	29 Feb 202401:44	–	attackerkb
Tenable Nessus	Amazon Linux 2 : xerces-c (ALAS-2020-1415)	24 Apr 202000:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	xerces-c	3.1.1-10.amzn2.0.2	xerces-c-3.1.1-10.amzn2.0.2.aarch64.rpm
Amazon Linux	2	i686	xerces-c	3.1.1-10.amzn2.0.2	xerces-c-3.1.1-10.amzn2.0.2.i686.rpm
Amazon Linux	2	x86_64	xerces-c	3.1.1-10.amzn2.0.2	xerces-c-3.1.1-10.amzn2.0.2.x86_64.rpm
Amazon Linux	2	aarch64	xerces-c-debuginfo	3.1.1-10.amzn2.0.2	xerces-c-debuginfo-3.1.1-10.amzn2.0.2.aarch64.rpm
Amazon Linux	2	i686	xerces-c-debuginfo	3.1.1-10.amzn2.0.2	xerces-c-debuginfo-3.1.1-10.amzn2.0.2.i686.rpm
Amazon Linux	2	x86_64	xerces-c-debuginfo	3.1.1-10.amzn2.0.2	xerces-c-debuginfo-3.1.1-10.amzn2.0.2.x86_64.rpm
Amazon Linux	2	aarch64	xerces-c-devel	3.1.1-10.amzn2.0.2	xerces-c-devel-3.1.1-10.amzn2.0.2.aarch64.rpm
Amazon Linux	2	i686	xerces-c-devel	3.1.1-10.amzn2.0.2	xerces-c-devel-3.1.1-10.amzn2.0.2.i686.rpm
Amazon Linux	2	x86_64	xerces-c-devel	3.1.1-10.amzn2.0.2	xerces-c-devel-3.1.1-10.amzn2.0.2.x86_64.rpm
Amazon Linux	2	any	xerces-c-doc	3.1.1-10.amzn2.0.2	xerces-c-doc-3.1.1-10.amzn2.0.2.noarch.rpm

04 Mar 2024 00:00Current

8.4High risk

Vulners AI Score8.4

CVSS 26.8

CVSS 3.18.1 - 9.8

EPSS0.04171

SSVC

xerces-c amazon linux two cve 2024 23807 al2 advisory yum update aarch64 i686 x86_64