Wednesday, January 29, 2025

[USN-7240-1] libxml2 vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmeahzkFAwAAAAAACgkQZWnYVadEvpO8
6w/+M9ADfhuVR12b+tmYqa2ARwB1CpJW7DtegvvEITu+e3VdxhM88A4AsQvnRva9xU/Kpwvtm8Pg
/HoCzMjUp8gnLwWAXqHyCqWITKYEwvbFw5TyjrgqkFS6zwKCkBNpWbjF+e/rcr3yl4wKrOT6d9gG
NwKrJnoIHmHcXOUj0t8D9Ju9TV6Z3X8MSO3bNsuwc/EySGRXZfx7b4+x5K6eQKrNI0S86/H0U4+5
3VrpmR3aWi/LCQllxwiOInZHBzhtXQ6e63C6xdgzMvC1eW2VvuoXJYaU8vTGLXYPkeIduQh/UYWD
6BlnYPcfauTz+4qnjfu0Ld8irYgZnupkI3PMDjFLiMYy3nGDRsyAdD/4+WsS7vDXiI5N1e7TCGHO
KMzAjvky2uxDpfPUTMdjUR/DMzHaGSe763RHzgLznt0Uz7UpP1R6oWlrEfi5sFvXoqTdPiQ8xQDZ
b+aaxA6vUqfPchB5DCAlTHs7rfETUEL/IjKDlbCaZ8V9FqEBas3zjm/14YD9ry+hXY4WwluXBkWX
kwUPF6lNC2UtB5hYoUYatJ6L6F8tZwlu2kMVDx23rUKdC3hr3OznR3MSCKWZZ5xlVQlv7bQ29+8Y
daXBHkbVzMssTFqPsXTwBACxKqiv+8LOQhmaA3Ve5pSpWGlb46wi47/MLqg3XQKJffuqGZM+AiB5
7lU=
=dpJt
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7240-1
January 29, 2025

libxml2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in libxml2.

Software Description:
- libxml2: GNOME XML library

Details:

It was discovered that libxml2 incorrectly handled certain memory
operations. A remote attacker could use this issue to cause libxml2 to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-49043)

It was discovered that the libxml2 xmllint tool incorrectly handled
certain memory operations. If a user or automated system were tricked into
running xmllint on a specially crafted xml file, a remote attacker could
cause xmllint to crash, resulting in a denial of service. (CVE-2024-34459)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libxml2 2.9.14+dfsg-1.3ubuntu3.1

Ubuntu 22.04 LTS
libxml2 2.9.13+dfsg-1ubuntu0.5

Ubuntu 20.04 LTS
libxml2 2.9.10+dfsg-5ubuntu0.20.04.8

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7240-1
CVE-2022-49043, CVE-2024-34459

Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.9.14+dfsg-1.3ubuntu3.1
https://launchpad.net/ubuntu/+source/libxml2/2.9.13+dfsg-1ubuntu0.5
https://launchpad.net/ubuntu/+source/libxml2/2.9.10+dfsg-5ubuntu0.20.04.8

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)