Release date:
2022-12-08 16:51:02 UTC
Description:
* SECURITY UPDATE: Integer overflows with XML_PARSE_HUGE
- debian/patches/CVE-2022-40303.patch: Impose size limits when
XML_PARSE_HUGE is set and add length checks to core parser functions
- CVE-2022-40303
* SECURITY UPDATE: Dict corruption caused by entity reference cycles
- debian/patches/CVE-2022-40304.patch: Stop storing entity content, orig,
ExternalID and SystemID in a dict since these values are unlikely to
occur multiple times in a document, so they shouldn't have been stored
in a dict in the first place
- CVE-2022-40304
Updated packages:
-
libxml2_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els5_amd64.deb
sha:88b767edc0aa8d5a9cdfd77e20b07589e37d18a7
-
libxml2-dev_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els5_amd64.deb
sha:2e676f39d6a646f2734c38fdf2f0ceab0f7b8be3
-
libxml2-doc_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els5_all.deb
sha:07e5d57508e66610959dd307e482c889d472f3cc
-
libxml2-utils_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els5_amd64.deb
sha:e08697ff4c425559ae7745b3450683329d3b8b0d
-
python-libxml2_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els5_amd64.deb
sha:314c1509a8e2e2ae033ae527e02a59a6d19b5906
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
