Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2021-1662

Related Vulnerabilities: CVE-2020-24977   CVE-2021-3517   CVE-2021-3541  

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. (CVE-2020-24977) There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. (CVE-2021-3517) A flaw exists in libxml2 which allows for an exponential entity expansion attack which can bypass existing protection mechanisms leading to a potential denial of service. (CVE-2021-3541)

Source

ALAS2-2021-1662

Amazon Linux 2 Security Advisory: ALAS-2021-1662
Advisory Release Date: 2021-06-16 20:37 Pacific
Advisory Updated Date: 2021-06-22 22:38 Pacific
Severity: Medium
Issue Overview:

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. (CVE-2020-24977)

There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. (CVE-2021-3517)

A flaw exists in libxml2 which allows for an exponential entity expansion attack which can bypass existing protection mechanisms leading to a potential denial of service. (CVE-2021-3541)


Affected Packages:

libxml2


Issue Correction:
Run yum update libxml2 to update your system.

New Packages:
aarch64:
    libxml2-2.9.1-6.amzn2.5.3.aarch64
    libxml2-devel-2.9.1-6.amzn2.5.3.aarch64
    libxml2-static-2.9.1-6.amzn2.5.3.aarch64
    libxml2-python-2.9.1-6.amzn2.5.3.aarch64
    libxml2-debuginfo-2.9.1-6.amzn2.5.3.aarch64

i686:
    libxml2-2.9.1-6.amzn2.5.3.i686
    libxml2-devel-2.9.1-6.amzn2.5.3.i686
    libxml2-static-2.9.1-6.amzn2.5.3.i686
    libxml2-python-2.9.1-6.amzn2.5.3.i686
    libxml2-debuginfo-2.9.1-6.amzn2.5.3.i686

src:
    libxml2-2.9.1-6.amzn2.5.3.src

x86_64:
    libxml2-2.9.1-6.amzn2.5.3.x86_64
    libxml2-devel-2.9.1-6.amzn2.5.3.x86_64
    libxml2-static-2.9.1-6.amzn2.5.3.x86_64
    libxml2-python-2.9.1-6.amzn2.5.3.x86_64
    libxml2-debuginfo-2.9.1-6.amzn2.5.3.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started