| Summary: | libxml2 new security issue CVE-2024-25062 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, herman.viaene, sysadmin-bugs, tarazed25 |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | libxml2-2.10.4-1.2.mga9.src.rpm | CVE: | CVE-2024-25062 |
| Status comment: | |||
|
Description
Nicolas Salguero
2024-05-06 09:43:11 CEST
Nicolas Salguero
2024-05-06 09:43:29 CEST
Source RPM:
(none) =>
libxml2-2.10.4-1.2.mga9.src.rpm Suggested advisory: ======================== The updated packages fix a security vulnerability: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. (CVE-2024-25062) References: https://lwn.net/Articles/972329/ ======================== Updated packages in core/updates_testing: ======================== lib(64)xml2_2-2.10.4-1.3.mga9 lib(64)xml2-devel-2.10.4-1.3.mga9 libxml2-python3-2.10.4-1.3.mga9 libxml2-utils-2.10.4-1.3.mga9 from SRPM: libxml2-2.10.4-1.3.mga9.src.rpm Status:
NEW =>
ASSIGNED MGA9-64 Plasma Wayland on HP-Pavillion No installation issues. Ref bug 32364 for testing, but I don't have a vlc channel list. $ xmllint --auto <?xml version="1.0"?> <info>abc</info> $ xmlcatalog --create <?xml version="1.0"?> <!DOCTYPE catalog PUBLIC "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN" "http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd"> <catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog"/> Run chromium ald that works OK. Good to go AFAICS. Whiteboard:
(none) =>
MGA9-64-OK
katnatek
2024-05-07 03:22:31 CEST
CC:
(none) =>
andrewsfarm Validating. Keywords:
(none) =>
validated_update
Len Lawrence
2024-05-08 17:25:07 CEST
CC:
(none) =>
tarazed25 An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0172.html Status:
ASSIGNED =>
RESOLVED |