Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-14404

A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.(CVE-2018-14404)

Source

ALAS-2018-1072

Amazon Linux AMI Security Advisory: ALAS-2018-1072
Advisory Release Date: 2018-09-05 19:31 Pacific
Advisory Updated Date: 2018-09-06 22:00 Pacific

Severity: Medium

References: CVE-2018-14404

Issue Overview:

A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.(CVE-2018-14404)

Affected Packages:

libxml2

Issue Correction:
Run yum update libxml2 to update your system.

New Packages:

i686:
    libxml2-devel-2.9.1-6.3.52.amzn1.i686
    libxml2-static-2.9.1-6.3.52.amzn1.i686
    libxml2-debuginfo-2.9.1-6.3.52.amzn1.i686
    libxml2-2.9.1-6.3.52.amzn1.i686
    libxml2-python26-2.9.1-6.3.52.amzn1.i686
    libxml2-python27-2.9.1-6.3.52.amzn1.i686

src:
    libxml2-2.9.1-6.3.52.amzn1.src

x86_64:
    libxml2-static-2.9.1-6.3.52.amzn1.x86_64
    libxml2-2.9.1-6.3.52.amzn1.x86_64
    libxml2-python27-2.9.1-6.3.52.amzn1.x86_64
    libxml2-debuginfo-2.9.1-6.3.52.amzn1.x86_64
    libxml2-devel-2.9.1-6.3.52.amzn1.x86_64
    libxml2-python26-2.9.1-6.3.52.amzn1.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2018-1072

ALAS-2018-1072

Vulmon Search

About

Products

Connect