RedHat has issued an advisory on May 2: https://lwn.net/Articles/972329/
Source RPM: (none) => libxml2-2.10.4-1.2.mga9.src.rpmCVE: (none) => CVE-2024-25062
Suggested advisory: ======================== The updated packages fix a security vulnerability: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. (CVE-2024-25062) References: https://lwn.net/Articles/972329/ ======================== Updated packages in core/updates_testing: ======================== lib(64)xml2_2-2.10.4-1.3.mga9 lib(64)xml2-devel-2.10.4-1.3.mga9 libxml2-python3-2.10.4-1.3.mga9 libxml2-utils-2.10.4-1.3.mga9 from SRPM: libxml2-2.10.4-1.3.mga9.src.rpm
Status: NEW => ASSIGNEDAssignee: bugsquad => qa-bugs
MGA9-64 Plasma Wayland on HP-Pavillion No installation issues. Ref bug 32364 for testing, but I don't have a vlc channel list. $ xmllint --auto <?xml version="1.0"?> <info>abc</info> $ xmlcatalog --create <?xml version="1.0"?> <!DOCTYPE catalog PUBLIC "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN" "http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd"> <catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog"/> Run chromium ald that works OK. Good to go AFAICS.
Whiteboard: (none) => MGA9-64-OKCC: (none) => herman.viaene
CC: (none) => andrewsfarm
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
CC: (none) => tarazed25Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0172.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED