Release date:
2025-03-06 18:37:24 UTC
Description:
* SECURITY UPDATE: buffer over-read in xmlHTMLPrintFileContext
- debian/patches/CVE-2024-34459.patch: Fix buffer overread with `xmllint
--htmlout` by adding a missing bounds check
- CVE-2024-34459
* SECURITY UPDATE: use-after-free vulnerability in xinclude.c
- debian/patches/CVE-2022-49043.patch: Fix use-after-free in
xmlXIncludeAddNode, free URI after reporting the error to avoid use-after-free
- CVE-2022-49043
* SECURITY UPDATE: stack-based buffer overflow in xmlSnprintfElements in
valid.c
- debian/patches/CVE-2025-24928.patch: Fix stack-buffer-overflow in
xmlSnprintfElements caused by improperly calculating qname length
- CVE-2025-24928
* SECURITY UPDATE: NULL pointer dereference in xmlPatMatch in pattern.c
- debian/patches/CVE-2025-27113.patch: Fix compilation of explicit child
axis to generate XML_OP_ELEM like the case without an axis
- CVE-2025-27113
* SECURITY UPDATE: use-after-free vulnerability in XML schema processing
- debian/patches/CVE-2024-56171.patch: Fix use-after-free after
xmlSchemaItemListAdd in xmlSchemaIDCFillNodeTables and
xmlSchemaBubbleIDCNodeTables
- CVE-2024-56171
Updated packages:
-
libxml2_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els8_amd64.deb
sha:4f2deffd9e950fbb513c62ab0b6ae7752bd39f1c
-
libxml2-dev_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els8_amd64.deb
sha:17618ab020c27af4cc298d36acd7b80a8c8f1deb
-
libxml2-doc_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els8_all.deb
sha:d34c631dffd20b6caf5f0e24ada6c5156ffa4aa8
-
libxml2-utils_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els8_amd64.deb
sha:ce0ee694593e228f485ec35138b21009c3190f28
-
python-libxml2_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els8_amd64.deb
sha:19360b39fd8bce486cac91c59f403e8617921957
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
