4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.013 Low
EPSS
Percentile
85.6%
Issue Overview:
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka “internal entity expansion” with linear complexity.
Affected Packages:
libxml2
Issue Correction:
Run yum update libxml2 to update your system.
New Packages:
i686:
libxml2-debuginfo-2.7.8-10.26.amzn1.i686
libxml2-static-2.7.8-10.26.amzn1.i686
libxml2-devel-2.7.8-10.26.amzn1.i686
libxml2-2.7.8-10.26.amzn1.i686
libxml2-python-2.7.8-10.26.amzn1.i686
src:
libxml2-2.7.8-10.26.amzn1.src
x86_64:
libxml2-static-2.7.8-10.26.amzn1.x86_64
libxml2-2.7.8-10.26.amzn1.x86_64
libxml2-devel-2.7.8-10.26.amzn1.x86_64
libxml2-debuginfo-2.7.8-10.26.amzn1.x86_64
libxml2-python-2.7.8-10.26.amzn1.x86_64
Red Hat: CVE-2013-0338
Mitre: CVE-2013-0338
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | libxml2-debuginfo | < 2.7.8-10.26.amzn1 | libxml2-debuginfo-2.7.8-10.26.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libxml2-static | < 2.7.8-10.26.amzn1 | libxml2-static-2.7.8-10.26.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libxml2-devel | < 2.7.8-10.26.amzn1 | libxml2-devel-2.7.8-10.26.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libxml2 | < 2.7.8-10.26.amzn1 | libxml2-2.7.8-10.26.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | libxml2-python | < 2.7.8-10.26.amzn1 | libxml2-python-2.7.8-10.26.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | libxml2-static | < 2.7.8-10.26.amzn1 | libxml2-static-2.7.8-10.26.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | libxml2 | < 2.7.8-10.26.amzn1 | libxml2-2.7.8-10.26.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | libxml2-devel | < 2.7.8-10.26.amzn1 | libxml2-devel-2.7.8-10.26.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | libxml2-debuginfo | < 2.7.8-10.26.amzn1 | libxml2-debuginfo-2.7.8-10.26.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | libxml2-python | < 2.7.8-10.26.amzn1 | libxml2-python-2.7.8-10.26.amzn1.x86_64.rpm |