libxml2-2.9.7-13.el8.1

エラータID: AXSA:2022-3668:04

Release date: 
Monday, August 15, 2022 - 07:39
Subject: 
libxml2-2.9.7-13.el8.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The libxml2 library is a development toolbox providing the implementation of
various XML standards.

Security Fix(es):

* libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds
write (CVE-2022-29824)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2022-29824
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*)
and tree.c (xmlBuffer*) don't check for integer overflows. This can result in
out-of-bounds memory writes. Exploitation requires a victim to open a crafted,
multi-gigabyte XML file. Other software using libxml2's buffer functions, for
example libxslt through 1.1.35, is affected as well.

Solution: 

Update packages.

CVEs: 
CVE-2022-29824
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
Additional Info: 

N/A

Download: 

SRPMS
  1. libxml2-2.9.7-13.el8.1.src.rpm
    MD5: 6a5a9d05cec20974ad0386173c3b8932
    SHA-256: 233b925a5acd724fe34e0c05e1edfb558b8f0325ecbc55172decc671ad5a564d
    Size: 5.22 MB

Asianux Server 8 for x86_64
  1. libxml2-2.9.7-13.el8.1.x86_64.rpm
    MD5: 52b0425a42a6852c59bc97e386069ee2
    SHA-256: a180535039d2ad5303d0a9a929720ba7e2ce0e0fc1b79d2c2c9b4ba98d50c6d2
    Size: 694.52 kB
  2. libxml2-devel-2.9.7-13.el8.1.x86_64.rpm
    MD5: 3b6f24485699db47186f31d909a0f463
    SHA-256: fc8d1f6b605c3c4ed6d7f067870781b0ccb9054c220f7124976c14654938f41c
    Size: 1.04 MB
  3. python3-libxml2-2.9.7-13.el8.1.x86_64.rpm
    MD5: d91c4359717f01221bca8ee9705f3897
    SHA-256: 5113998ad22b85dc6ada0384f90f4005961895ba4e73a2f63b5262eb686ddb44
    Size: 236.26 kB
  4. libxml2-2.9.7-13.el8.1.i686.rpm
    MD5: b4e36002021115f4d40f2677f86d4a71
    SHA-256: 8155c7dc811d0138a14c416d254ed4831ba1fbe050b49116ed5f179dddfd8bcd
    Size: 739.71 kB
  5. libxml2-devel-2.9.7-13.el8.1.i686.rpm
    MD5: 7166b7668489fa451420fc44b85a5799
    SHA-256: cc5b760efc5db57507e24feac25b39f23141e11c5af8008b11c66ccc79c4b1e0
    Size: 1.04 MB