Medium: libxml2

🗓️ 22 Mar 2023 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 2 Views

libxml2 updates address use-after-free, buffer overflows, and entity definition flaws.

Reporter	Title	Published	Views	Family All 667
IBM Security Bulletins	Security Bulletin: Security Vulnerabilities fixed in IBM Security Verify Access (CVE-2022-40303)	14 Oct 202305:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Identity Insight vulnerabilities in third party libraries (CVE-2021-39239, CVE-2022-23308, CVE-2021-29424, CVE-2020-15250, 177835)	16 Aug 202219:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from expat, Golang Go, gcc, openssl and libxml.	16 May 202206:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Gnome ibxml2 arbitrary code execution vulnerabilities( CVE-2022-40304, CVE-2022-40303)	6 Jul 202317:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak	25 Aug 202202:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	7 Jun 202316:53	–	ibm
IBM Security Bulletins	Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libxml2, expat, libtasn1 and systemd	25 Jan 202316:27	–	ibm
IBM Security Bulletins	Security Bulletin: Mutiple Vulnerabilties Affecting Watson Machine Learning Accelerator on Cloud Pak for Data version	13 Nov 202315:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities	26 Jul 202214:35	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities have been identified in OpenSSL, Apache HTTP Server and other system libraries shipped with the DS8000 Hardware Management Console (HMC)	12 Jul 202311:03	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	libxml2	2.10.3-2.amzn2023.0.1	libxml2-2.10.3-2.amzn2023.0.1.aarch64.rpm
Amazon Linux	2	x86_64	libxml2	2.10.3-2.amzn2023.0.1	libxml2-2.10.3-2.amzn2023.0.1.x86_64.rpm
Amazon Linux	2	aarch64	libxml2-debuginfo	2.10.3-2.amzn2023.0.1	libxml2-debuginfo-2.10.3-2.amzn2023.0.1.aarch64.rpm
Amazon Linux	2	x86_64	libxml2-debuginfo	2.10.3-2.amzn2023.0.1	libxml2-debuginfo-2.10.3-2.amzn2023.0.1.x86_64.rpm
Amazon Linux	2	aarch64	libxml2-debugsource	2.10.3-2.amzn2023.0.1	libxml2-debugsource-2.10.3-2.amzn2023.0.1.aarch64.rpm
Amazon Linux	2	x86_64	libxml2-debugsource	2.10.3-2.amzn2023.0.1	libxml2-debugsource-2.10.3-2.amzn2023.0.1.x86_64.rpm
Amazon Linux	2	aarch64	libxml2-devel	2.10.3-2.amzn2023.0.1	libxml2-devel-2.10.3-2.amzn2023.0.1.aarch64.rpm
Amazon Linux	2	x86_64	libxml2-devel	2.10.3-2.amzn2023.0.1	libxml2-devel-2.10.3-2.amzn2023.0.1.x86_64.rpm
Amazon Linux	2	aarch64	libxml2-static	2.10.3-2.amzn2023.0.1	libxml2-static-2.10.3-2.amzn2023.0.1.aarch64.rpm
Amazon Linux	2	x86_64	libxml2-static	2.10.3-2.amzn2023.0.1	libxml2-static-2.10.3-2.amzn2023.0.1.x86_64.rpm

22 Mar 2023 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 24.3

CVSS 3.17.8

EPSS0.0023

SSVC

libxml2 security vulnerabilities use-after-free buffer overflow xml document parsing hash table corruption system update