Mageia 2022-0177: libxml2 security update | LinuxSecurity.com

Advisories

What Are You Looking For?

Popular Tags

Contribute

Advisories This Week: 172

MGASA-2022-0177 - Updated libxml2 packages fix security vulnerability

Publication date: 12 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0177.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-29824

In libxml2 before 2.9.14, several buffer handling functions in buf.c
(xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This
can result in out-of-bounds memory writes. Exploitation requires a victim
to open a crafted, multi-gigabyte XML file. Other software using libxml2's
buffer functions, for example libxslt through 1.1.35, is affected as well.
(CVE-2022-29824)

References:
- https://bugs.mageia.org/show_bug.cgi?id=30394
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824

SRPMS:
- 8/core/libxml2-2.9.10-7.4.mga8

Mageia 2022-0177: libxml2 security update

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows

Summary

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. (CVE-2022-29824)

References

- https://bugs.mageia.org/show_bug.cgi?id=30394

- https://lists.fedoraproject.org/archives/list/[email protected]/thread/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824

Resolution

MGASA-2022-0177 - Updated libxml2 packages fix security vulnerability

SRPMS

- 8/core/libxml2-2.9.10-7.4.mga8

Severity
Publication date: 12 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0177.html
Type: security
CVE: CVE-2022-29824

News

Advisories

HOWTOs

Features

Business VPNs: Now More Important Than Ever
Linux Log Analysis
Does Linux Need a Firewall & How To Configure the Linux Firewall with firewall-cmd
What You Need to Know when Considering a VPN on Linux
What Are Checksums & Why Should You Be Using Them?

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy