Fedora has issued an advisory today (May 7): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/ The issue is fixed upstream in 2.9.14.
CC: (none) => nicolas.salgueroStatus comment: (none) => Fixed upstream in 2.9.14
Suggested advisory: ======================== The updated packages fix a security vulnerability: In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. (CVE-2022-29824) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/ ======================== Updated packages in core/updates_testing: ======================== lib(64)xml2_2-2.9.10-7.4.mga8 lib(64)xml2-devel-2.9.10-7.4.mga8 libxml2-python3-2.9.10-7.4.mga8 libxml2-utils-2.9.10-7.4.mga8 from SRPM: libxml2-2.9.10-7.4.mga8.src.rpm
CVE: (none) => CVE-2022-29824Assignee: bugsquad => qa-bugsStatus comment: Fixed upstream in 2.9.14 => (none)Status: NEW => ASSIGNED
mga8, x64 Before updating: $ urpmq --whatrequires lib64xml2_2 | sort -u | wc -l 470 Ran the simple tests from earlier bugs on this package (30094, 29039, 28902). They worked. Installed chromium-browser and checked an XML tutorial site. Updated the four packages: $ python testxml.py Tested OK xmllint --auto <?xml version="1.0"?> <info>abc</info> $ xmlcatalog --create <?xml version="1.0"?> <!DOCTYPE catalog PUBLIC "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN" "http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd"> <catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog"/> No regressions there. $ strace -o chromium.trace chromium-browser Previous session restored. Looked at the XML tutorial site and browsed a bit. $ grep xml2 chromium.trace openat(AT_FDCWD, "/lib64/libxml2.so.2", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/lib64/libxml2.so.2.9.10", O_RDONLY|O_CLOEXEC) = 95 Looks like libxml2 is working as designed.
Whiteboard: (none) => MGA8-64-OKCC: (none) => tarazed25
Validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0177.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED