Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

Slackware 15.0: 2023-343-01 critical: libxml2 integer overflow

slackware
Calendar Grey December 10, 2023
Dist Slackware Esm H88
Latest libxml2 patches address serious security flaws in various Slackware releases; provides essential configuration information.
New libxml2 packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libxml2-2.12.2-i586-1_slack15.0.txz: Upgraded. Add --sysconfdir=/etc option so that this can find the xml catalog. Thanks to SpiderTux. Fix the following security issues: Fix integer overflows with XML_PARSE_HUGE. Fix dict corruption caused by entity reference cycles. Hashing of empty dict strings isn't deterministic. Fix null deref in xmlSchemaFixupComplexType. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-40303 https://www.cve.org/CVERecord?id=CVE-2022-40304 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://www.cve.org/CVERecord?id=CVE-2023-28484 (* Security fix *)

Topics%20covered

Topics Covered

security advisory software patch critical update Slackware integer overflow libxml2

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware 14.1:
Updated package for Slackware x86_64 14.1:
Updated package for Slackware 14.2:
Updated package for Slackware x86_64 14.2:
Updated package for Slackware 15.0:
Updated package for Slackware x86_64 15.0:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 14.0 package: 781670f0524d4980ef7b48876fc07b35 libxml2-2.12.2-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 6e5084f495e8401e097d49bec5d470d0 libxml2-2.12.2-x86_64-1_slack14.0.txz
Slackware 14.1 package: 1e3a912ba24a2ee014b239ed03302260 libxml2-2.12.2-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 6e0bbf965cca0038a13f6f5faaac690d libxml2-2.12.2-x86_64-1_slack14.1.txz
Slackware 14.2 package: 7f11d69e862d4d42407bf9fbc8b134a8 libxml2-2.12.2-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 8f06b46fdf685dedd2d56400503e80b6 libxml2-2.12.2-x86_64-1_slack14.2.txz
Slackware 15.0 package: 936f1e6831a94df80e926e173505ad17 libxml2-2.12.2-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: 5691184f8e0b89b5fb4344e9d4b4f732 libxml2-2.12.2-x86_64-1_slack15.0.txz
Slackware -current package: bfa544daff81a3f89e44dd9f1f6b997e l/libxml2-2.12.2-i586-2.txz
Slackware x86_64 -current package: e866ccd932b516f53cc5cf3c30e1c70a l/libxml2-2.12.2-x86_64-2.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory software patch critical update Slackware integer overflow libxml2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg libxml2-2.12.2-i586-1_slack15.0.txz

Related News

Your message here