libxml2-2.9.13-5.el9_3

エラータID: AXSA:2023-7045:07

Release date: 
Thursday, December 21, 2023 - 03:00
Subject: 
libxml2-2.9.13-5.el9_3
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

* libxml2: crafted xml can cause global buffer overflow (CVE-2023-39615)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-39615
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.

Solution: 

Update packages.

CVEs: 
CVE-2023-39615
** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
Additional Info: 

N/A

Download: 

SRPMS
  1. libxml2-2.9.13-5.el9_3.src.rpm
    MD5: 9f066f253d077abc3dc32220c6e98e04
    SHA-256: 9c1937084f17f534dac83267e535039780d08e15123bc949f4cd5419e4c6cab8
    Size: 3.12 MB

Asianux Server 9 for x86_64
  1. libxml2-2.9.13-5.el9_3.i686.rpm
    MD5: d5ff0a9579b207bddcd0d78e8a2dcf98
    SHA-256: f48297e15ca278208475098ef9e53a06601c73264c1bfa5ffb1dd4348d702cd1
    Size: 783.46 kB
  2. libxml2-2.9.13-5.el9_3.x86_64.rpm
    MD5: 1863a1340d74b0df0818de887f3d99f8
    SHA-256: 5908683daf10bc69b700dcce566dba08a50e4563c400703a912ecb5f3384ab71
    Size: 745.76 kB
  3. libxml2-devel-2.9.13-5.el9_3.i686.rpm
    MD5: 6c3c3b0e877b8f2a2bc313e793c9a16f
    SHA-256: d0b1c08c6f01d4875490387e3f3ba5b0548382317fcf978ae23155dc343a2369
    Size: 827.27 kB
  4. libxml2-devel-2.9.13-5.el9_3.x86_64.rpm
    MD5: 262fdf766fb02a78b96b77d8b2d6b98d
    SHA-256: fb8a161e97276eeee57bb953633a54cf735218da6797e94c4cccca0bdbdabfb6
    Size: 827.31 kB
  5. python3-libxml2-2.9.13-5.el9_3.x86_64.rpm
    MD5: 178dbdf6a6dd4a2577022136b7c5eec8
    SHA-256: f42fff4a8856662815aba1f97e735b148f33aeb9882257c107e65d68e0c87e7b
    Size: 224.55 kB