Fedora 39: FEDORA-2024-d5ea2b345 critical: libxml DoS Vulnerabilities
fedora
January 12, 2024
Bugfix release
Summary
TinyXML is a simple, small, C++ XML parser that can be easily integrating
into other programs. Have you ever found yourself writing a text file parser
every time you needed to save human readable data or serialize objects?
TinyXML solves the text I/O file once and for all.
(Or, as a friend said, ends the Just Another Text File Parser problem.)
Update Information:
Bugfix release. Includes security fixes for CVE-2021-42260 and CVE-2023-34194 and a fix for incorrect text element encoding (upstream isssue #51).
Topics Covered
Change Log
* Wed Jan 3 2024 Dominik Mierzejewski
References
[ 1 ] Bug #2253716 - CVE-2021-42260 tinyxml: infinite loop causes crash
https://bugzilla.redhat.com/show_bug.cgi?id=2253716
[ 2 ] Bug #2254376 - CVE-2023-34194 tinyxml: reachable assertion may lead to denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=2254376
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-c9dc0ac419' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: tinyxml
Product: Fedora 38
Version: 2.6.2
Release: 28.fc38
URL: Summary : A simple, small, C++ XML parser
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!