214 matches found
MGASA-2025-0034 Updated libxml2 packages fix security vulnerability
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043...
SUSE-SU-2025:0341-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. bsc1236460...
SUSE-SU-2025:0300-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. bsc1236460...
Fedora 40 : libxml2 (2024-9f3765a04b)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9f3765a04b advisory. Update to 2.12.9 Fixes CVE-2024-40896 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...
RHSA-2024:3625 Red Hat Security Advisory: libxml2 security update
Bulletin has no description...
[SECURITY] [DLA 3878-1] libxml2 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3878-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 05, 2024 https://wiki.debian.org/LTS -...
OPENSUSE-SU-2024:13192-1 libxml2-2-2.10.4-3.1 on GA media
These are all security issues fixed in the libxml2-2-2.10.4-3.1 package on the GA media of openSUSE Tumbleweed...
SUSE-SU-2024:0556-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader bsc1219576...
MGASA-2024-0172 Updated libxml2 packages fix a security vulnerability
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. CVE-2024-25062...
SUSE-SU-2023:4537-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode in tree.c bsc1216129...
MGASA-2023-0298 Updated libxml2 packages fix a security vulnerability
libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. CVE-2023-45322...
SUSE-SU-2023:3666-2 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow bsc1214768...
MGASA-2023-0279 Updated libxml2 packages fix a security vulnerability
The updated packages fix a security vulnerability: Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. CVE-2023-39615...
SUSE-SU-2023:3699-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow bsc1214768...
SUSE-SU-2023:3666-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow bsc1214768...
MGASA-2023-0157 Updated libxml2 packages fix security vulnerability
NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code...
[SECURITY] [DLA 3405-1] libxml2 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3405-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz April 30, 2023 https://wiki.debian.org/LTS -...
SUSE-SU-2023:2054-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings bsc1210412. - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType bsc1210411...
SUSE-SU-2023:2048-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings bsc1210412. - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType bsc1210411. - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write ...
CVE-2023-29469
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...