AIX is vulnerable to arbitrary code execution due to libxml2 (CVE-2022-40303 and CVE-2022-40304)

IBM SECURITY ADVISORY First Issued: Wed Feb 8 13:18:47 CST 2023 |Updated: Thu May 4 13:36:14 CDT 2023 |Update: Corrected the affected upper fileset levels for AIX 7.2 TL5 to | show that SP06 is affected. Corrected the affected upper fileset | levels for AIX 7.3 TL1 to show that SP02 is affected...

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation as part of the Watson NLP functionality CVE-2015-20107. GNOME libxml2 is used by IBM Robotic Process Automation as part of container base images,...

Security fix for the ALT Linux 10 package libxml2 version 1:2.9.12-alt1.p10.1

1:2.9.12-alt1.p10.1 built Feb. 2, 2023 Alexander Danilov in task 314068 Jan. 24, 2023 Alexander Danilov - Applied security fixes from upstream Fixes: CVE-2022-23308, CVE-2022-29824, CVE-2022-40303, CVE-2022-40304...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1271)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : libxml2 (EulerOS-SA-2023-1271)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed ...

USN-5760-1: libxml2 vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash. CVE-2022-2309 It was discovered that libxml2...

Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libxml2, expat, libtasn1 and systemd

Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.7-x packageslibxml2, expat, libtasn1 and systemd that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2022-40303 DESCRIPTION: Gnome libxml2 could allow a remo...

AlmaLinux 9 : libxml2 (ALSA-2023:0338)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0338 advisory. - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several intege...

Amazon Linux 2022 : python3-lxml (ALAS2022-2023-264)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2023-264 advisory. NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier ar...

libxml2 security update

2.9.13-3 - Fix CVE-2022-40303 2136564 - Fix CVE-2022-40304 2136569...

Oracle Linux 9 : libxml2 (ELSA-2023-0338)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0338 advisory. - Fix CVE-2022-40303 2136564 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...

libxml2: integer overflows with XML_PARSE_HUGE

A flaw was found in libxml2. Parsing a XML document with the XMLPARSEHUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue function didn't have any length limitation...

Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

RLSA-2023:0338 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: integer overflows with XMLPARSEHUGE CVE-2022-40303 libxml2: dict corruption caused by entity reference cycles CVE-2022-40304 For more details about the security issues,...

libxml2 security update

An update is available for libxml2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libxml2 library is a development toolbox providing the implementation of...

RHEL 9 : libxml2 (RHSA-2023:0338)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0338 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: integer overflo...

ALSA-2023:0338 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: integer overflows with XMLPARSEHUGE CVE-2022-40303 libxml2: dict corruption caused by entity reference cycles CVE-2022-40304 For more details about the security issues,...

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: integer overflows with XMLPARSEHUGE CVE-2022-40303 libxml2: dict corruption caused by entity reference cycles CVE-2022-40304 For more details about the security issues,...

The vulnerability of the Libxml2 library, related to pointer dereferencing errors, allows attackers to trigger a denial-of-service attack.

The vulnerability of the Libxml2 library is related to pointer dereferencing errors. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

Oracle Enterprise Manager Ops Center UCE Patches (Oct 2021 CPU)

The 12.4.0.0 versions of Enterprise Manager Ops Center installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory. - Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager component: Networking Apache HTTP...