Advisories

What Are You Looking For?

Popular Tags

MGASA-2022-0177 - Updated libxml2 packages fix security vulnerability

Publication date: 12 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0177.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-29824

In libxml2 before 2.9.14, several buffer handling functions in buf.c
(xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This
can result in out-of-bounds memory writes. Exploitation requires a victim
to open a crafted, multi-gigabyte XML file. Other software using libxml2's
buffer functions, for example libxslt through 1.1.35, is affected as well.
(CVE-2022-29824)

References:
- https://bugs.mageia.org/show_bug.cgi?id=30394
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824

SRPMS:
- 8/core/libxml2-2.9.10-7.4.mga8

Mageia 2022-0177: libxml2 security update

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows

Summary

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. (CVE-2022-29824)

References

- https://bugs.mageia.org/show_bug.cgi?id=30394

- https://lists.fedoraproject.org/archives/list/[email protected]/thread/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824

Resolution

MGASA-2022-0177 - Updated libxml2 packages fix security vulnerability

SRPMS

- 8/core/libxml2-2.9.10-7.4.mga8

Severity

Publication date: 12 May 2022

URL: https://advisories.mageia.org/MGASA-2022-0177.html

Type: security

CVE: CVE-2022-29824

News

Advisories

HOWTOs

About Us

Powered By

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.

Learn More About Our Cookie Policy

Advisories

What Are You Looking For?

Popular Tags

Mageia 2022-0177: libxml2 security update

Summary

References

Resolution

SRPMS

News

Advisories

HOWTOs

Features

Complete Guide to Keylogging in Linux: Part 1

What You Need to Know about the Sysrv-K Cryptomining Botnet in Less than a Minute

Strengthen Your Linux Endpoint Security & Zero Trust Strategy with Defense-in-Depth & Endpoint Encryption

Call for Contributors with Knowledge of Linux Firewalls!

How To Create a Transparent Proxy through the Tor Network to Protect Your Privacy Online with archtorify & kalitorify

About Us

Powered By

Advisories

What Are You Looking For?

Popular Tags

Mageia 2022-0177: libxml2 security update

Summary

References

Resolution

SRPMS

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

Complete Guide to Keylogging in Linux: Part 1

What You Need to Know about the Sysrv-K Cryptomining Botnet in Less than a Minute

Strengthen Your Linux Endpoint Security & Zero Trust Strategy with Defense-in-Depth & Endpoint Encryption

Call for Contributors with Knowledge of Linux Firewalls!

How To Create a Transparent Proxy through the Tor Network to Protect Your Privacy Online with archtorify & kalitorify

About Us

Powered By