UbuntuUpdates.org

Package "libxml2"

Name: libxml2

Description:

GNOME XML library

Latest version: 2.9.4+dfsg1-6.1ubuntu1.6
Release: bionic (18.04)
Level: security
Repository: main
Homepage: http://xmlsoft.org

Links


Download "libxml2"


Other versions of "libxml2" in Bionic

Repository Area Version
base main 2.9.4+dfsg1-6.1ubuntu1
updates main 2.9.4+dfsg1-6.1ubuntu1.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.9.4+dfsg1-6.1ubuntu1.6 2022-05-16 19:06:23 UTC

  libxml2 (2.9.4+dfsg1-6.1ubuntu1.6) bionic-security; urgency=medium

  * SECURITY UPDATE: Integer overflows
    - debian/patches/CVE-2022-29824.patch: Fix integer overflows in
      xmlBuf and xmlBuffer in tree.c, buf.c.
    - CVE-2022-29824

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 10 May 2022 11:18:33 -0300

Source diff to previous version
CVE-2022-29824 In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can re

Version: 2.9.4+dfsg1-6.1ubuntu1.5 2022-03-14 12:06:22 UTC

  libxml2 (2.9.4+dfsg1-6.1ubuntu1.5) bionic-security; urgency=medium

  * SECURITY UPDATE: use-after-free of ID and IDREF attributes
    - debian/patches/CVE-2022-23308.patch: normalize ID attributes in
      valid.c.
    - CVE-2022-23308

 -- Marc Deslauriers <email address hidden> Thu, 10 Mar 2022 13:00:02 -0500

Source diff to previous version
CVE-2022-23308 valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

Version: 2.9.4+dfsg1-6.1ubuntu1.4 2021-06-17 16:06:21 UTC

  libxml2 (2.9.4+dfsg1-6.1ubuntu1.4) bionic-security; urgency=medium

  * debian/patches/fix-error-handler-bug.patch: Add extra missing commit to
    previous CVE-2017-8872 fix, halt immediately when the error handler
    attempts to stop the parser.
  * SECURITY UPDATE: memory leak
    - debian/patches/CVE-2019-20388.patch: Memory leak in
      xmlSchemaValidateStream function in xmlschemas.c.
    - CVE-2019-20388
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2020-24977.patch: Make sure that truncated UTF-8
      sequences don't cause an out-of-bounds array access in xmllint.
    - CVE-2020-24977
  * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal
    - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure
      that names aren't stored in dictionaries.
    - CVE-2021-3516
  * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal
    - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is
      UTF-8 format, supplementing CVE-2020-24977 fix.
    - CVE-2021-3517
  * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess
    - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow
      list approach to avoid descending into other node types that can't
      contain elements.
    - CVE-2021-3518
  * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel
    - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls
      to xmlParseElementChildrenContentDeclPriv and return immediately in case
      of errors.
    - CVE-2021-3537

 -- Avital Ostromich <email address hidden> Thu, 22 Apr 2021 19:26:37 -0400

Source diff to previous version
CVE-2017-8872 The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information di
CVE-2019-20388 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
CVE-2020-24977 GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixe
CVE-2021-3516 There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trig
CVE-2021-3517 There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be
CVE-2021-3518 There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with l
CVE-2021-3537 A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL der

Version: 2.9.4+dfsg1-6.1ubuntu1.3 2020-02-10 14:06:30 UTC

  libxml2 (2.9.4+dfsg1-6.1ubuntu1.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Memory leak
    - debian/patches/CVE-2019-19956.patch: fix memory leak in
      xmlParseBalancedChunkMemoryRecover checking if doc is NULL in parser.c.
    - CVE-2019-19956
  * SECURITY UPDATE: Denial of service though an infinite loop
    - debian/patches/CVE-2020-7595.patch: fix infinite loop in
      xmlStringLenDecodeEntities adding checks to ctxt->instate if
      it is == XML_PARSER_EOF in parser.c.
    - CVE-2020-7595

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 05 Feb 2020 14:08:34 -0300

Source diff to previous version
CVE-2019-19956 xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
CVE-2020-7595 xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

Version: 2.9.4+dfsg1-6.1ubuntu1.2 2018-08-14 20:06:33 UTC

  libxml2 (2.9.4+dfsg1-6.1ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: XXE attacks
    - debian/patches/CVE-2016-9318.patch: fix in parser.c.
    - CVE-2016-9318
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-18258.patch: fix in xzlib.c.
    - CVE-2017-18258
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14404.patch: fix in xpath.c.
    - CVE-2018-14404
  * SECURITY UPDATE: Infinite loop in LZMA decompression
    - debian/patches/CVE-2018-14567.patch: fix in xzlib.c.
    - CVE-2018-14567
  * SECURITY UPDATE: Infinite recursion/Denial of service
    - debian/patches/CVE-2017-16932.patch: fix in parser.c and
      add some error check files result/errors/759579.xml,
      result/errors/759579.xml.err, result/errors/759579.xml.str,
      test/errors/759579.xml.
    - CVE-2017-16932

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 10 Aug 2018 15:30:23 -0300

CVE-2016-9318 libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current docume
CVE-2017-18258 The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA
CVE-2018-14404 A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath e
CVE-2017-16932 parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.



About   -   Send Feedback to @ubuntu_updates