UbuntuUpdates.org

Package "python3-libxml2"

Name: python3-libxml2

Description:

GNOME XML library - Python3 bindings
Latest version: 2.9.14+dfsg-1.3ubuntu3.2
Release: noble (24.04)
Level: security
Repository: universe
Head package: libxml2
Homepage: http://xmlsoft.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python3-libxml2"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "python3-libxml2" in Noble

Repository Area Version
base universe 2.9.14+dfsg-1.3ubuntu3
updates universe 2.9.14+dfsg-1.3ubuntu3.2

Changelog

Version: 2.9.14+dfsg-1.3ubuntu3.2 2025-02-25 22:07:09 UTC

  libxml2 (2.9.14+dfsg-1.3ubuntu3.2) noble-security; urgency=medium

  * SECURITY UPDATE: use-after-free
    - debian/patches/CVE-2024-56171.patch: Fix use-after-free after
      xmlSchemaItemListAdd.
    - CVE-2024-56171
  * SECURITY UPDATE: stack-based buffer overflow
    - debian/patches/CVE-2025-24928-pre1.patch: Check for NULL node->name
      in xmlSnprintfElements.
    - debian/patches/CVE-2025-24928.patch: Fix stack-buffer-overflow in
      xmlSnprintfElements.
    - CVE-2025-24928
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2025-27113.patch: Fix compilation of explicit
      child axis.
    - CVE-2025-27113

 -- Fabian Toepfer <email address hidden> Thu, 20 Feb 2025 13:28:43 +0100
Source diff to previous version
CVE-2024-56171 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c.
CVE-2025-24928 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation
CVE-2025-27113 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.

Version: 2.9.14+dfsg-1.3ubuntu3.1 2025-01-29 20:07:02 UTC

  libxml2 (2.9.14+dfsg-1.3ubuntu3.1) noble-security; urgency=medium

  * SECURITY UPDATE: use-after-free in xmlXIncludeAddNode
    - debian/patches/CVE-2022-49043.patch: fix UaF in xinclude.c.
    - CVE-2022-49043
  * SECURITY UPDATE: buffer overread in xmllint
    - debian/patches/CVE-2024-34459.patch: fix buffer issue when using
      htmlout option in xmllint.c.
    - CVE-2024-34459

 -- Marc Deslauriers <email address hidden> Tue, 28 Jan 2025 08:19:16 -0500
CVE-2022-49043 xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
CVE-2024-34459 An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result


About   -   Send Feedback to @ubuntu_updates