libxml2-2.9.13-1.el9.1

エラータID: AXSA:2022-3979:05

Release date: 
Wednesday, November 2, 2022 - 07:07
Subject: 
libxml2-2.9.13-1.el9.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

* libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write (CVE-2022-29824)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-29824
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

Solution: 

Update packages.

CVEs: 
CVE-2022-29824
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
Additional Info: 

N/A

Download: 

SRPMS
  1. libxml2-2.9.13-1.el9.1.src.rpm
    MD5: a7000ef80d1858e661ce2f3e29eea916
    SHA-256: 6c098b734c414a33d81b4ded6731c6301e2b30dfaebf86c8424be45af3e95cfe
    Size: 3.11 MB

Asianux Server 9 for x86_64
  1. libxml2-2.9.13-1.el9.1.x86_64.rpm
    MD5: b147ba1ab0a8df4ca5a2dc1b97346434
    SHA-256: 1196b7dada4439c17000f82262237931ef378ad5c406c759b90ff0f7ea28cb29
    Size: 746.52 kB
  2. libxml2-devel-2.9.13-1.el9.1.x86_64.rpm
    MD5: cc6da0d9e3d1feb815c9cf8da6de31c1
    SHA-256: 4dcf7a406fc5c70440b1d368699a80d9e76f49d9b0983c273eaea9b2c9283f42
    Size: 828.08 kB
  3. python3-libxml2-2.9.13-1.el9.1.x86_64.rpm
    MD5: 89deaef06c80df140343ec6de183ffaa
    SHA-256: 4efa6a2532c5281db990f1a60c31a932c8a8d1db56556b1ad7ec6e796f788aed
    Size: 225.81 kB
  4. libxml2-2.9.13-1.el9.1.i686.rpm
    MD5: 5dd542aee3af911a8f5509db67245a72
    SHA-256: 6990b8172c843b2cea7b0254b8f1a7eebf4a7d5a07f999e05bf455db39f26e21
    Size: 784.66 kB
  5. libxml2-devel-2.9.13-1.el9.1.i686.rpm
    MD5: 1e2c2d824fac6cb510790ef83b7e339b
    SHA-256: 4ea8bfc4bfc3b82748d5a96bb00f5312119df6a8397bf471508a8b02ef05e64f
    Size: 828.54 kB