ALAS2023-2025-1260

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1260
Advisory Released Date: 2025-11-10
Advisory Updated Date: 2025-11-10
Severity: Important
Issue Overview:

XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled. (CVE-2024-31573)


Affected Packages:

xmlunit


Issue Correction:
Run dnf update xmlunit --releasever 2023.9.20251110 or dnf update --advisory ALAS2023-2025-1260 --releasever 2023.9.20251110 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:
noarch:
    xmlunit-legacy-2.8.2-6.amzn2023.0.4.noarch
    xmlunit-2.8.2-6.amzn2023.0.4.noarch
    xmlunit-core-2.8.2-6.amzn2023.0.4.noarch
    xmlunit-placeholders-2.8.2-6.amzn2023.0.4.noarch
    xmlunit-assertj-2.8.2-6.amzn2023.0.4.noarch
    xmlunit-matchers-2.8.2-6.amzn2023.0.4.noarch
    xmlunit-javadoc-2.8.2-6.amzn2023.0.4.noarch

src:
    xmlunit-2.8.2-6.amzn2023.0.4.src

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2024-31573

Mitre: CVE-2024-31573