Affected versions of this package are vulnerable to ALAS2-2020-1534. Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2020-7595: 1799786: CVE-2020-7595 libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. CVE-2019-20388: 1799734: CVE-2019-20388 libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service. System availability is the highest threat from this vulnerability. CVE-2019-19956: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. 1788856: CVE-2019-19956 libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c
libxml2 to version or higher.