Mageia 10: 2024-0015 Critical: libxml App Crashes Due to XML Parsing

mageia

January 17, 2024

The updated packages fix a security vulnerability: StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application e...

Summary

The updated packages fix a security vulnerability: StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace. (CVE-2023-34194)

References

- https://bugs.mageia.org/show_bug.cgi?id=32703

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/

- https://www.cve.org/CVERecord?id=CVE-2023-34194

Topics Covered

security advisory critical vulnerability XML parsing Mageia application exit

Resolution

SRPMS

- 9/core/tinyxml-2.6.2-14.1.mga9

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 17 Jan 2024

URL: https://advisories.mageia.org/MGASA-2024-0014.html

Type: security

CVE: CVE-2023-34194

Topics Covered

security advisory critical vulnerability XML parsing Mageia application exit

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 10: 2024-0015 Critical: libxml App Crashes Due to XML Parsing

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 10: 2024-0015 Critical: libxml App Crashes Due to XML Parsing

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!