ALT-PU-2023-3289-1
Package libxml2 updated to version 2.10.4-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
BDU:2023-03298
Уязвимость функции xmlSchemaFixupComplexType (xmlschemas.c) библиотеки Libxml2, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-03302
Уязвимость функции xmlDictComputeFastKey (dict.c) библиотеки Libxml2, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2023-28484
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/491
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
- [debian-lts-announce] 20230430 [SECURITY] [DLA 3405-1] libxml2 security update
- https://security.netapp.com/advisory/ntap-20230601-0006/
- https://security.netapp.com/advisory/ntap-20240201-0005/
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/491
- https://security.netapp.com/advisory/ntap-20240201-0005/
- https://security.netapp.com/advisory/ntap-20230601-0006/
- [debian-lts-announce] 20230430 [SECURITY] [DLA 3405-1] libxml2 security update
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
Modified: 2025-02-05
CVE-2023-29469
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/510
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
- [debian-lts-announce] 20230430 [SECURITY] [DLA 3405-1] libxml2 security update
- https://security.netapp.com/advisory/ntap-20230601-0006/
- https://security.netapp.com/advisory/ntap-20230601-0006/
- [debian-lts-announce] 20230430 [SECURITY] [DLA 3405-1] libxml2 security update
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/510