libxml2-2.9.7-18.el8_9

エラータID: AXSA:2024-7397:01

Release date: 
Monday, January 15, 2024 - 13:12
Subject: 
libxml2-2.9.7-18.el8_9
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

* libxml2: crafted xml can cause global buffer overflow (CVE-2023-39615)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-39615
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.

Solution: 

Update packages.

CVEs: 
CVE-2023-39615
** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
Additional Info: 

N/A

Download: 

SRPMS
  1. libxml2-2.9.7-18.el8_9.src.rpm
    MD5: 3f6a44ac6b0dc6ba4b7f1f567e5bc99e
    SHA-256: 5caf760a184e9407ff9adf3df0fc448d371e27566bce4deb499806be238cd6de
    Size: 5.23 MB

Asianux Server 8 for x86_64
  1. libxml2-2.9.7-18.el8_9.i686.rpm
    MD5: 1474497b2e9ee39d754bd2f9df72f476
    SHA-256: a75d08c51f4fb7f9b46174d236199199c755ae22661cce7c9c7fc8f2a6b39886
    Size: 740.21 kB
  2. libxml2-2.9.7-18.el8_9.x86_64.rpm
    MD5: 1d1786ae82ac8eaf52fe77151b9622ee
    SHA-256: 41fee00e8431f2a37bf04584090379c44878a0a32d71a95ca4437e926b6815b4
    Size: 695.85 kB
  3. libxml2-devel-2.9.7-18.el8_9.i686.rpm
    MD5: 43e1660cbb8162c5a7d07c24c5760e68
    SHA-256: c2d0937119bb8627620e96a97ec640461662139817fd05360eea59e917b59016
    Size: 1.04 MB
  4. libxml2-devel-2.9.7-18.el8_9.x86_64.rpm
    MD5: e911da60167ae92b45cdd8e9fd3ab158
    SHA-256: f729b81be92c5d39bf93468447525183f451edc990cadf3c58187e104846db26
    Size: 1.04 MB
  5. python3-libxml2-2.9.7-18.el8_9.x86_64.rpm
    MD5: 28cbb4516feee84201f27f5bcb2d43a4
    SHA-256: 090e739347ca2f0228bdd3e2d9398a06bf485f33143dfd92cc728701ffefbe2a
    Size: 236.61 kB