libxml2-2.9.13-3.el9

エラータID: AXSA:2023-4863:02

Release date: 
Thursday, January 26, 2023 - 06:58
Subject: 
libxml2-2.9.13-3.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

* libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)
* libxml2: dict corruption caused by entity reference cycles (CVE-2022-40304)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-40303
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
CVE-2022-40304
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

Solution: 

Update packages.

CVEs: 
CVE-2022-40303
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
CVE-2022-40304
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
Additional Info: 

N/A

Download: 

SRPMS
  1. libxml2-2.9.13-3.el9.src.rpm
    MD5: 9dc846d7784f423c72f7bce1dc84e3bf
    SHA-256: 0204f8d9e82805748071cbd712841d40e958390769e71c35f5e83b92ef37a3a6
    Size: 3.12 MB

Asianux Server 9 for x86_64
  1. libxml2-2.9.13-3.el9.x86_64.rpm
    MD5: 48ab1b3b0f52ec488ac5e72091857e9f
    SHA-256: 0cdf54fe63db0f309fcce2fec96b27006a11de2e7dc04d3213c9c3285c518e99
    Size: 746.75 kB
  2. libxml2-devel-2.9.13-3.el9.x86_64.rpm
    MD5: aabf0db50427db3d95db25de71e2d206
    SHA-256: 3b0f9283dba7e065f809dc2a92ad4d2810d2446620da2f55e3ec71ec3445e242
    Size: 828.12 kB
  3. python3-libxml2-2.9.13-3.el9.x86_64.rpm
    MD5: 3ae35f023804bddfb610d8b9537483c9
    SHA-256: 9f9deb26ce4fa27a41f0626e2be7ca7c77c33c99e09987db9493e67d8aab7e19
    Size: 225.48 kB
  4. libxml2-2.9.13-3.el9.i686.rpm
    MD5: d0728e61c105e5203133ce31a241b344
    SHA-256: a6bf7526a67e71a6b30781bd01d147d0a741abb51eaed15f75c8b47fbacc7f7d
    Size: 784.15 kB
  5. libxml2-devel-2.9.13-3.el9.i686.rpm
    MD5: 9f178af2982ebff1d5b4c6263896438f
    SHA-256: 197a421956bbd445017817f153dcb1ab9b3dbd3c9e56b65719cbdbe5b09157a4
    Size: 828.19 kB