libxml2-2.9.7-15.el8.1

エラータID: AXSA:2023-4778:01

Release date: 
Wednesday, January 18, 2023 - 01:30
Subject: 
libxml2-2.9.7-15.el8.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

* libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)
* libxml2: dict corruption caused by entity reference cycles (CVE-2022-40304)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-40303
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
CVE-2022-40304
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

Solution: 

Update packages.

CVEs: 
CVE-2022-40303
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
CVE-2022-40304
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
Additional Info: 

N/A

Download: 

SRPMS
  1. libxml2-2.9.7-15.el8.1.src.rpm
    MD5: e5b2b4b88b1c04717ba41e0c985e8069
    SHA-256: 9c47b0e121a80265b8204d6eb4187745806f0b979e67424082d1df50bf236cee
    Size: 5.22 MB

Asianux Server 8 for x86_64
  1. libxml2-2.9.7-15.el8.1.x86_64.rpm
    MD5: f7984f90cf9e89497147d3df976a3e0a
    SHA-256: 6c576f281bfa3ce098af93cd49dcc4a935eb139dc148f231042995c2162b926c
    Size: 695.47 kB
  2. libxml2-devel-2.9.7-15.el8.1.x86_64.rpm
    MD5: 8b11d364d655d4cf569316a164d1d038
    SHA-256: 0c3a93a445cd31c99b7cfaad31f4d0484d839fa15eee34e6d33a86b8fa95f37a
    Size: 1.04 MB
  3. python3-libxml2-2.9.7-15.el8.1.x86_64.rpm
    MD5: 879d40812d36e1ef4c222d6832d6d95b
    SHA-256: cb4515e695223ec97467790af2fd510eabdd2c125f19570142434b5759029c4f
    Size: 236.43 kB
  4. libxml2-2.9.7-15.el8.1.i686.rpm
    MD5: 9c23ce8e7ef910146c94c311d52d81d9
    SHA-256: aad99a94406c2fcbe47fb1d1b8d9a5357bbdddfa12c3aa657ced0c8b0489c4b0
    Size: 740.21 kB
  5. libxml2-devel-2.9.7-15.el8.1.i686.rpm
    MD5: 38518f7383ded20856c205818916e48c
    SHA-256: d7338495b4b782e1d5342510d7fdc9caf9d8b159255cbd375d9361b0a654117b
    Size: 1.04 MB