libxml2-2.9.7-16.el8.1
エラータID: AXSA:2023-6331:05
Release date:
Tuesday, August 15, 2023 - 04:51
Subject:
libxml2-2.9.7-16.el8.1
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
The libxml2 library is a development toolbox providing the implementation of
various XML standards.
Security Fix(es):
libxml2: NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484)
libxml2: Hashing of empty dict strings isn't deterministic (CVE-2023-29469)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE(s):
CVE-2023-28484
CVE-2023-29469
Solution:
Update packages.
CVEs:
CVE-2023-28484
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
CVE-2023-29469
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
Additional Info:
N/A
Download:
SRPMS
- libxml2-2.9.7-16.el8.1.src.rpm
MD5: 6f78b8faf3ad049df9b0f6b98cfd0ba1
SHA-256: 430d462446681a3835d1572720cb6b51fc40b76fabf47743c114bf38168c16b9
Size: 5.23 MB
Asianux Server 8 for x86_64
- libxml2-2.9.7-16.el8.1.i686.rpm
MD5: eb5ff1d419a7a9346eaecffa8b689ab1
SHA-256: 7b20bfa8ae2cc4e20684f7ca9a853a5bc106e8a1ec2b048d29b57e1f9431e64e
Size: 740.11 kB - libxml2-2.9.7-16.el8.1.x86_64.rpm
MD5: e30a1a51a78263a4a6b24b20bd6bbdaa
SHA-256: cf18a86363c796509a035632e7e3acec5d4ea1c1f697b37b7fdcb5ff7a64c15f
Size: 695.58 kB - libxml2-devel-2.9.7-16.el8.1.i686.rpm
MD5: 27bf8168ef66f9827e21a303bd516c28
SHA-256: 170567f9c0397e89417eb5afab1ac7fff8a1d079ec220570e331b3a9ab1092a7
Size: 1.04 MB - libxml2-devel-2.9.7-16.el8.1.x86_64.rpm
MD5: dd6d57ec1da4488c49f0b9d2bc847c0d
SHA-256: 0d59531a17ae95b9f93c738f6858d2c7aa129436af2b411aa5df7d8dfa0197c4
Size: 1.04 MB - python3-libxml2-2.9.7-16.el8.1.x86_64.rpm
MD5: 7edf4cf9397157e6413948b665bf0c31
SHA-256: 0d935fa7141d2e8e0bae2125cb654889cda1287606f1da604e664eed6acac070
Size: 236.52 kB
日本語