Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Fedora: 2019-d333d01e08 Moderate: mxml Buffer Overflow and Other Issues

fedora
Calendar Grey March 25, 2019
Dist Fedora Esm H88
This latest CentOS patch resolves significant libxml vulnerabilities involving stack smashing and additional threats. Update immediately!
Update to 3.0

Summary

Mini-XML is a small XML parsing library that you can use to read XML

and XML-like data files in your application without requiring large

non-standard libraries.

Update to 3.0. License has changed to ASL 2.0 + exception. See

https://github.com/michaelrsweet/mxml/releases/tag/v3.0 for more info.

* Wed Mar 6 2019 Kevin Fenzi - 3.0-1

- Upgrade to 3.0. Fixes bug #1684794

- CVE-2018-20004 CVE-2018-20592 CVE-2018-20593

* Fri Feb 1 2019 Fedora Release Engineering - 2.11-5

- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Fri Jul 20 2018 Kevin Fenzi - 2.11-4

- Fix FTBFS bug #1604905.

* Fri Jul 13 2018 Fedora Release Engineering - 2.11-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Thu Feb 8 2018 Fedora Release Engineering - 2.11-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[ 1 ] Bug #1662712 - CVE-2018-20592 mxml: Use-after-free in the mxmlAdd function of the mxml-node.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1662712

[ 2 ] Bug #1662709 - CVE-2018-20593 mxml: Stack-based buffer overflow in the scan_file function in mxmldoc.c. [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1662709

[ 3 ] Bug #1660484 - CVE-2018-20004 CVE-2018-20005 mxml: Multiple vulnerabilities [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1660484

[ 4 ] Bug #1684794 - mxml-3.0 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1684794

su -c 'dnf upgrade --advisory FEDORA-2019-d333d01e08' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory security issue update buffer overflow Fedora mxml license change

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 28
Version: 3.0
Release: 1.fc28
URL: Summary : Miniature XML development library

Topics%20covered

Topics Covered

security advisory security issue update buffer overflow Fedora mxml license change

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here