Package "libxml2-utils"
Name: |
libxml2-utils
|
Description: |
XML utilities
|
Latest version: |
2.9.10+dfsg-5ubuntu0.20.04.7 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
main |
Head package: |
libxml2 |
Homepage: |
http://xmlsoft.org |
Links
Download "libxml2-utils"
Other versions of "libxml2-utils" in Focal
Changelog
libxml2 (2.9.10+dfsg-5ubuntu0.20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: use-after-free of ID and IDREF attributes
- debian/patches/CVE-2022-23308.patch: normalize ID attributes in
valid.c.
- CVE-2022-23308
-- Marc Deslauriers <email address hidden> Thu, 10 Mar 2022 12:59:13 -0500
|
Source diff to previous version |
CVE-2022-23308 |
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. |
|
libxml2 (2.9.10+dfsg-5ubuntu0.20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2020-24977.patch: Make sure that truncated UTF-8
sequences don't cause an out-of-bounds array access in xmllint.
- CVE-2020-24977
* SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal
- debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure
that names aren't stored in dictionaries.
- CVE-2021-3516
* SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal
- debian/patches/CVE-2021-3517.patch: Add some checks to validate input is
UTF-8 format, supplementing CVE-2020-24977 fix.
- CVE-2021-3517
* SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess
- debian/patches/CVE-2021-3518.patch: Move from a block list to an allow
list approach to avoid descending into other node types that can't
contain elements.
- CVE-2021-3518
* SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel
- debian/patches/CVE-2021-3537.patch: Check return value of recursive calls
to xmlParseElementChildrenContentDeclPriv and return immediately in case
of errors.
- CVE-2021-3537
* SECURITY UPDATE: Exponential entity expansion
- debian/patches/Patch-for-security-issue-CVE-2021-3541.patch: Add check to
xmlParserEntityCheck to prevent entity exponential.
- CVE-2021-3541
-- Avital Ostromich <email address hidden> Wed, 26 May 2021 19:51:20 -0400
|
CVE-2020-24977 |
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixe |
CVE-2021-3516 |
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trig |
CVE-2021-3517 |
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be |
CVE-2021-3518 |
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with l |
CVE-2021-3537 |
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL der |
|
About
-
Send Feedback to @ubuntu_updates