Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 17 articles for you...
100

SUSE Micro 6.1: 2025:20364-1 moderate: xml heap under-read

* bsc#1241453 * bsc#1241551 Cross-References: * CVE-2025-32414 . # Security update for libxml2 Announcement ID: SUSE-SU-2025:20364-1 Release Date: 2025-05-28T09:00:31Z Rating: moderate References: * bsc#1241453 * bsc#1241551 Cross-References: * CVE-2025-32414 * CVE-2025-32415 CVSS scores: * CVE-2025-32414 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2025-32414 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-32414 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32414 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-32415 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-32415 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-32415 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2025-32414: Fixed out-of-bounds read when parsing text via the Python API (bsc#1241551). * CVE-2025-32415: Fixed heap-based buffer under-read via crafted XML documents (bsc#1241453). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-126=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libxml2-2-debuginfo-2.11.6-slfo.1.1_3.1 * libxml2-2-2.11.6-slfo.1.1_3.1 * libxml2-debugsource-2.11.6-slfo.1.1_3.1 * libxml2-tools-debuginfo-2.11.6-slfo.1.1_3.1 * libxml2-tools-2.11.6-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-32414.html * https://www.suse.com/security/cve/CVE-2025-32415.html * https://bugzilla.suse.com/show_bug.cgi?id=1241453 * https://bugzilla.suse.com/show_bug.cgi?id=1241551 . This patch resolves libxml2 security issues in SUSE Linux Micro 6.1, featuring essential corrections for XML processing.. libxml2 vulnerabilities, SUSE security updates, buffer under-read fixes, XML parser security. . LinuxSecurity.com Team

Calendar%202 Jun 02, 2025 SuSE
172

Ubuntu 24.10: USN-7199-1 critical: libxmltok denial of service

Several security issues were fixed in libxmltok.. ========================================================================== Ubuntu Security Notice USN-7199-1 January 13, 2025 libxmltok vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in libxmltok. Software Description: - libxmltok: XML Parser Toolkit, runtime libraries Details: It was discovered that Expat, contained within the xmltok library, incorrectly handled malformed XML data. If a user or application were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2019-15903) It was discovered that Expat, contained within the xmltok library, incorrectly handled XML data containing a large number of colons, which could lead to excessive resource consumption. If a user or application were tricked into opening a crafted XML file, an attacker could possibly use this issue to cause a denial of service. (CVE-2018-20843) It was discovered that Expat, contained within the xmltok library, incorrectly handled certain input, which could lead to an integer overflow. If a user or application were tricked into opening a crafted XML file, an attacker could possibly use this issue to cause a denial of service. (CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 libxmltok1t64 1.2-4.1ubuntu3.1 Ubuntu 24.04 LTS libxmltok1t64 1.2-4.1ubuntu2.24.0.4.1+esm2 Available with Ubuntu Pro Ubuntu 22.04 LTS libxmltok1 1.2-4ubuntu0.22.04.1~esm4 Available with Ubuntu Pro Ubuntu 20.04 LTS libxmltok1 1.2-4ubuntu0.20.04.1~esm4 Available with Ubuntu Pro Ubuntu 18.04 LTS libxmltok1 1.2-4ubuntu0.18.04.1~esm4 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7199-1 CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2018-20843, CVE-2019-15903, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827 Package Information: https://launchpad.net/ubuntu/+source/libxmltok/1.2-4.1ubuntu3.1 . Recent assessments show security vulnerabilities in libxmltok affecting Ubuntu releases. Users should upgrade to patched versions to enhance security and stability. libxmltok vulnerabilities, Ubuntu security updates, XML data exploit. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 13, 2025 Critical Ubuntu
89

Fedora 40 mingw-expat: 2024-cdde5c873d critical: DoS via XML_ResumeParser

Update to 2.6.4. Backport fix for CVE-2024-50602.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-cdde5c873d 2024-11-19 01:21:30.375425 -------------------------------------------------------------------------------- Name : mingw-expat Product : Fedora 40 Version : 2.6.4 Release : 1.fc40 URL : http://www.libexpat.org/ Summary : MinGW Windows port of expat XML parser library Description : This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. A start tag is an example of the kind of structures for which you may register handlers. -------------------------------------------------------------------------------- Update Information: Update to 2.6.4. Backport fix for CVE-2024-50602. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 9 2024 Sandro Mani - 2.6.4-1 - Update to 2.6.4 * Tue Nov 5 2024 Sandro Mani - 2.6.3-2 - Backport patch for CVE-2024-50602 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2322195 - CVE-2024-50602 mingw-expat: DoS via XML_ResumeParser [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2322195 [ 2 ] Bug #2322230 - CVE-2024-50602 mingw-expat: DoS via XML_ResumeParser [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2322230 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-cdde5c873d' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Fedora's mingw-libxml2 has been upgraded to 2.9.10, incorporating a crucial patch that resolves a severe security vulnerability for enhanced reliability.. mingw-expat, Fedora 40, update, security advisory, XML parser. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Nov 19, 2024 Critical Fedora
89

Fedora 41: 2024-c5d55d5845 Critical: mingw-expat Parsing Issues

Update to expat-2.6.3.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-c5d55d5845 2024-09-13 20:43:08.472730 -------------------------------------------------------------------------------- Name : mingw-expat Product : Fedora 41 Version : 2.6.3 Release : 1.fc41 URL : http://www.libexpat.org/ Summary : MinGW Windows port of expat XML parser library Description : This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. A start tag is an example of the kind of structures for which you may register handlers. -------------------------------------------------------------------------------- Update Information: Update to expat-2.6.3. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 5 2024 Sandro Mani - 2.6.3-1 - Update to 2.6.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2308682 - CVE-2024-45490 mingw-expat: Negative Length Parsing Vulnerability in libexpat [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2308682 [ 2 ] Bug #2308684 - CVE-2024-45490 mingw-expat: Negative Length Parsing Vulnerability in libexpat [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2308684 [ 3 ] Bug #2310142 - CVE-2024-45491 mingw-expat: Integer Overflow or Wraparound [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2310142 [ 4 ] Bug #2310145 - CVE-2024-45491 mingw-expat: Integer Overflow or Wraparound [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2310145 [ 5 ] Bug #2310148 - CVE-2024-45492 mingw-expat: integer overflow [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2310148 [ 6 ] Bug #2310151 - CVE-2024-45492 mingw-expat: integer overflow [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2310151 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-c5d55d5845' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Upgrade to mingw-expat version 2.6.3 addresses significant vulnerabilities for improved safety in Fedora environments.. mingw-expat, Fedora security, expat XML parser, integer overflow, negative length issue. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Sep 13, 2024 Critical Fedora
100

SUSE: 2024:1657-1 Moderate Security Advisory for Python3 XML Parser

* bsc#1219559 Cross-References: * CVE-2023-52425 . # Security update for python3 Announcement ID: SUSE-SU-2024:1657-1 Rating: moderate References: * bsc#1219559 Cross-References: * CVE-2023-52425 CVSS scores: * CVE-2023-52425 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52425 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * Web and Scripting Module 12 An update that solves one vulnerability can now be installed. ## Description: This update for python3 fixes the following issues: * CVE-2023-52425: Fixed etree XMLPullParser tests for Expat > =2.6.0 with reparse deferral (bsc#1219559). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2024-1657=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-1657=1 * SUSE Linux EnterpriseHigh Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-1657=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-1657=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-1657=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * python3-base-3.4.10-25.127.1 * python3-base-debugsource-3.4.10-25.127.1 * python3-debuginfo-3.4.10-25.127.1 * python3-base-debuginfo-3.4.10-25.127.1 * libpython3_4m1_0-3.4.10-25.127.1 * python3-3.4.10-25.127.1 * libpython3_4m1_0-debuginfo-3.4.10-25.127.1 * python3-curses-3.4.10-25.127.1 * python3-debugsource-3.4.10-25.127.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * python3-dbm-debuginfo-3.4.10-25.127.1 * python3-base-debugsource-3.4.10-25.127.1 * python3-debuginfo-3.4.10-25.127.1 * python3-base-debuginfo-3.4.10-25.127.1 * python3-devel-3.4.10-25.127.1 * python3-debugsource-3.4.10-25.127.1 * python3-dbm-3.4.10-25.127.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * python3-devel-debuginfo-3.4.10-25.127.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * python3-base-3.4.10-25.127.1 * python3-base-debugsource-3.4.10-25.127.1 * python3-curses-debuginfo-3.4.10-25.127.1 * python3-tk-3.4.10-25.127.1 * python3-debuginfo-3.4.10-25.127.1 * python3-base-debuginfo-3.4.10-25.127.1 * python3-devel-3.4.10-25.127.1 * python3-tk-debuginfo-3.4.10-25.127.1 * libpython3_4m1_0-3.4.10-25.127.1 * python3-3.4.10-25.127.1 * libpython3_4m1_0-debuginfo-3.4.10-25.127.1 * python3-curses-3.4.10-25.127.1 * python3-debugsource-3.4.10-25.127.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * python3-base-debuginfo-32bit-3.4.10-25.127.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.127.1 * libpython3_4m1_0-32bit-3.4.10-25.127.1 * python3-devel-debuginfo-3.4.10-25.127.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * python3-base-3.4.10-25.127.1 * python3-base-debugsource-3.4.10-25.127.1 * python3-curses-debuginfo-3.4.10-25.127.1 * python3-tk-3.4.10-25.127.1 * python3-debuginfo-3.4.10-25.127.1 * python3-base-debuginfo-3.4.10-25.127.1 * python3-devel-3.4.10-25.127.1 * python3-tk-debuginfo-3.4.10-25.127.1 * libpython3_4m1_0-3.4.10-25.127.1 * python3-3.4.10-25.127.1 * libpython3_4m1_0-debuginfo-3.4.10-25.127.1 * python3-curses-3.4.10-25.127.1 * python3-debugsource-3.4.10-25.127.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * python3-devel-debuginfo-3.4.10-25.127.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * python3-base-debuginfo-32bit-3.4.10-25.127.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.127.1 * libpython3_4m1_0-32bit-3.4.10-25.127.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * python3-base-3.4.10-25.127.1 * python3-base-debugsource-3.4.10-25.127.1 * python3-curses-debuginfo-3.4.10-25.127.1 * python3-tk-3.4.10-25.127.1 * python3-debuginfo-3.4.10-25.127.1 * python3-base-debuginfo-3.4.10-25.127.1 * python3-devel-3.4.10-25.127.1 * python3-devel-debuginfo-3.4.10-25.127.1 * python3-tk-debuginfo-3.4.10-25.127.1 * libpython3_4m1_0-3.4.10-25.127.1 * python3-3.4.10-25.127.1 * libpython3_4m1_0-debuginfo-3.4.10-25.127.1 * python3-curses-3.4.10-25.127.1 * python3-debugsource-3.4.10-25.127.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * python3-base-debuginfo-32bit-3.4.10-25.127.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.127.1 * libpython3_4m1_0-32bit-3.4.10-25.127.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52425.html * https://bugzilla.suse.com/show_bug.cgi?id=1219559 . SUSE Security Notice: Refresh for python3 totackle moderate risks and enhance protection.. SUSE Security Advisory, Python3 Update, IT Security Updates. . LinuxSecurity.com Team

Calendar%202 May 15, 2024 SuSE
89

Fedora 40 mingw-expat Update: Critical Fix for CVE-2024-28757 Here

Update to 2.6.1, backport fix for CVE-2024-28757.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-afb73e6f62 2024-03-23 00:20:56.400435 -------------------------------------------------------------------------------- Name : mingw-expat Product : Fedora 40 Version : 2.6.1 Release : 1.fc40 URL : http://www.libexpat.org/ Summary : MinGW Windows port of expat XML parser library Description : This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. A start tag is an example of the kind of structures for which you may register handlers. -------------------------------------------------------------------------------- Update Information: Update to 2.6.1, backport fix for CVE-2024-28757. -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 10 2024 Sandro Mani - 2.6.1-1 - Update to 2.6.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2268768 - TRIAGE CVE-2024-28757 mingw-expat: libexpat: XML Entity Expansion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2268768 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-afb73e6f62' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The Fedora 38 release for mingw-libxml2 resolves CVE-2024-28789 by implementing a backported solution to improve XML parsing integrity.. Fedora Security,Mingw Expat Update,Critical Security Advisory,XML Parser Fix,Open Source Security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 23, 2024 Critical Fedora
197

Debian 10 Buster: DLA-3704-1 Moderate: Xerces-C Integer Overflow

Even Rouault discovered that xerces-c, a validating XML parser library for C++, was vulnerable to integer overflow via crafted .xsd files, which can lead to out-of-bounds access. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3704-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Guilhem Moulin December 31, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : xerces-c Version : 3.2.2+debian-1+deb10u2 CVE ID : CVE-2018-1311 CVE-2023-37536 Debian Bug : 947431 Even Rouault discovered that xerces-c, a validating XML parser library for C++, was vulnerable to integer overflow via crafted .xsd files, which can lead to out-of-bounds access. In addition, this version replaces RedHat's patch for CVE-2018-1311 (which contained a memory leak) with the upstream fix from v3.2.5. For Debian 10 buster, these problems have been fixed in version 3.2.2+debian-1+deb10u2. We recommend that you upgrade your xerces-c packages. For the detailed security status of xerces-c please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/xerces-c Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Strengthen xerces-c to tackle integer overflow from crafted .xsd files, preventing out-of-bounds access.. Xerces-C Security Update, Debian Security Advisory, Integer Overflow Fix, XML Parser Vulnerability. . LinuxSecurity.com Team

Calendar%202 Dec 31, 2023 Debian LTS
89

Fedora 39: 2023-817ecc703f critical: xerces-c Remote Access Fix

Update to 3.2.5, fixing CVE-2018-1311 and CVE-2023-37536. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-817ecc703f 2023-12-31 02:26:36.418718 -------------------------------------------------------------------------------- Name : xerces-c Product : Fedora 39 Version : 3.2.5 Release : 1.fc39 URL : https://xerces.apache.org/xerces-c/ Summary : Validating XML Parser Description : Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0 recommendation and associated standards: XML 1.0 (Third Edition), XML 1.1 (First Edition), DOM Level 1, 2, 3 Core, DOM Level 2.0 Traversal and Range, DOM Level 3.0 Load and Save, SAX 1.0 and SAX 2.0, Namespaces in XML, Namespaces in XML 1.1, XML Schema, XML Inclusions). -------------------------------------------------------------------------------- Update Information: Update to 3.2.5, fixing CVE-2018-1311 and CVE-2023-37536 -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 22 2023 Kalev Lember - 3.2.5-1 - Update to 3.2.5, fixing CVE-2018-1311 and CVE-2023-37536 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1788472 - CVE-2018-1311 xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs https://bugzilla.redhat.com/show_bug.cgi?id=1788472 [ 2 ] Bug #2243426 - CVE-2023-37536 xerces-c: An integer overflow issue that allows remote attackers to cause out-of-bound access via HTTP request https://bugzilla.redhat.com/show_bug.cgi?id=2243426 -------------------------------------------------------------------------------- This update canbe installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-817ecc703f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Fedora 39 launch brings critical enhancements for libxml2, focused on improving security and efficiency of XML processing.. Xerces C,Fedora Security,XML Parser Updates,Remote Access Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Dec 31, 2023 Critical Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200