Bug 33238

Assigning to you, David, because you have version updated this often.

Assignee: bugsquad => geiger.david68210

SUSE has issued an advisory on May 29:
https://lwn.net/Articles/975720/

The problem is already fixed in Cauldron (fixed in version 2.12.5).

The following commit also solves the issue (for Mga9):
https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7

CVE: CVE-2024-34459 => CVE-2024-34459, CVE-2024-25062
Summary: libxml2 new security issue CVE-2024-34459 => libxml2 new security issues CVE-2024-34459 and CVE-2024-25062

CVE-2024-25062 was already fixed in bug 33184

Summary: libxml2 new security issues CVE-2024-34459 and CVE-2024-25062 => libxml2 new security issue CVE-2024-34459
Status comment: Fixed upstream in 2.12.7 and patches available from upstream => Fixed upstream in 2.12.7 and patch available from upstream
CVE: CVE-2024-34459, CVE-2024-25062 => CVE-2024-34459

Suggested advisory:
========================

The updated packages fix a security vulnerability:

An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. (CVE-2024-34459)

References:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/
========================

Updated packages in core/updates_testing:
========================
lib(64)xml2_2-2.10.4-1.4.mga9
lib(64)xml2-devel-2.10.4-1.4.mga9
libxml2-python3-2.10.4-1.4.mga9
libxml2-utils-2.10.4-1.4.mga9

from SRPM:
libxml2-2.10.4-1.4.mga9.src.rpm

Source RPM: libxml2-2.12.6-2.mga10.src.rpm => libxml2-2.10.4-1.3.mga9.src.rpm
Whiteboard: MGA9TOO => (none)
Assignee: geiger.david68210 => qa-bugs
Status: NEW => ASSIGNED
Status comment: Fixed upstream in 2.12.7 and patch available from upstream => (none)
Version: Cauldron => 9

RH mageia 9 x86_64

Download the test file in
https://gitlab.gnome.org/GNOME/libxml2/-/issues/720

xmllint --htmlout ~/Descargas/bug_trigger
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
        "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><head><title>xmllint output</title></head>
<body bgcolor="#ffffff"><h1 align="center">xmllint output</h1>
encoding error : input conversion failed due to input error, bytes 0x00 0x10 0x65 0x3E
encoding error : input conversion failed due to input error, bytes 0x00 0x10 0x65 0x3E
I/O error : encoder error
<p>/home/katnatek/Descargas/bug_trigger:2: <b>error</b>: parsing XML declaration: '?&gt;' expected
</p>
<pre>
        &lt;author&gt;John Doe&lt;      &lt;ti
        ^
</pre><p>/home/katnatek/Descargas/bug_trigger:2: <b>error</b>: Start tag expected, '&lt;' not found
</p>
<pre>
        &lt;author&gt;John Doe&lt;      &lt;ti
                ^
</pre></body></html>

 LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date


installing lib64xml2_2-2.10.4-1.4.mga9.x86_64.rpm libxml2-utils-2.10.4-1.4.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/2: lib64xml2_2           ##################################################################################################
      2/2: libxml2-utils         ##################################################################################################
      1/2: removing libxml2-utils-2.10.4-1.3.mga9.x86_64
                                 ##################################################################################################
      2/2: removing lib64xml2_2-2.10.4-1.3.mga9.x86_64
                                 ##################################################################################################

After the update the ouput of the command is the same look as once again the file just happen running with address sanitizer

Run strace chromium-browser show the library is open
openat(AT_FDCWD, "/lib64/libxml2.so.2", O_RDONLY|O_CLOEXEC) = 3

chromium-browser keep working

MGA9-64 Plasma Wayland on HP-Pavillion
No installation issues.
Followed procedure shown in the wiki page:
$ python testxml.py
Tested OK
$ xmllint --auto
<?xml version="1.0"?>
<info>abc</info>
$ xmlcatalog --create
<?xml version="1.0"?>
<!DOCTYPE catalog PUBLIC "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN" "http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd">
<catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog"/>
Run chromium-browser OK, so good to go

Whiteboard: (none) => MGA9-64-OK
CC: (none) => herman.viaene

Thank you, Gentlemen. Validating.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0211.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED