Release date:
2025-03-06 18:39:13 UTC
Description:
* SECURITY UPDATE: buffer over-read in xmlHTMLPrintFileContext
- debian/patches/CVE-2024-34459.patch: Fix buffer overread with `xmllint
--htmlout` by adding a missing bounds check
- CVE-2024-34459
* SECURITY UPDATE: use-after-free vulnerability in xinclude.c
- debian/patches/CVE-2022-49043.patch: Fix use-after-free in
xmlXIncludeAddNode, free URI after reporting the error to avoid use-after-free
- CVE-2022-49043
* SECURITY UPDATE: stack-based buffer overflow in xmlSnprintfElements in
valid.c
- debian/patches/CVE-2025-24928.patch: Fix stack-buffer-overflow in
xmlSnprintfElements caused by improperly calculating qname length
- CVE-2025-24928
* SECURITY UPDATE: NULL pointer dereference in xmlPatMatch in pattern.c
- debian/patches/CVE-2025-27113.patch: Fix compilation of explicit child
axis to generate XML_OP_ELEM like the case without an axis
- CVE-2025-27113
* SECURITY UPDATE: use-after-free vulnerability in XML schema processing
- debian/patches/CVE-2024-56171.patch: Fix use-after-free after
xmlSchemaItemListAdd in xmlSchemaIDCFillNodeTables and
xmlSchemaBubbleIDCNodeTables
- CVE-2024-56171
Updated packages:
-
libxml2_2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els2_amd64.deb
sha:99e4a0887a96148fff35102f63ae0935c2073d28
-
libxml2-dev_2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els2_amd64.deb
sha:d69560f3cae050a1b974005d8be54215e0e92b9d
-
libxml2-doc_2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els2_all.deb
sha:ea917750444e303b2739a7452961b336a36cfc30
-
libxml2-utils_2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els2_amd64.deb
sha:9802630af14cc345cc69e3835e0e61d1f328eee3
-
python-libxml2_2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els2_amd64.deb
sha:24318b88c2e4757ef9b04dbc1bc27c10fa5f9387
-
python3-libxml2_2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els2_amd64.deb
sha:49ed972a6fb16428ff0180e9e3a492f129708ae5
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
