UbuntuUpdates.org

Package "libxml2-dev"

Name: libxml2-dev

Description:

GNOME XML library - development files
Latest version: 2.9.14+dfsg-1.1ubuntu0.1
Release: lunar (23.04)
Level: updates
Repository: main
Head package: libxml2
Homepage: http://xmlsoft.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libxml2-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libxml2-dev" in Lunar

Repository Area Version
base main 2.9.14+dfsg-1.1build2
security main 2.9.14+dfsg-1.1ubuntu0.1

Changelog

Version: 2.9.14+dfsg-1.1ubuntu0.1 2023-06-07 14:06:58 UTC

  libxml2 (2.9.14+dfsg-1.1ubuntu0.1) lunar-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2022-2309.patch: reset nsNr in
      xmlCtxReset in parser.c (LP: #1996494).
    - CVE-2022-2309
  * SECURITY UPDATE: Null dereference
    - debian/patches/CVE-2023-28484-*.patch: Fix null-pointer-deref in
      xmlSchemaCheckCOSSTDerivedOK and xmlSchemaFixupComplexType
      when parsing (invalid) XML schemas in
      result/schemas/oss-fuzz-51295_0_0.err,
      test/schemas/oss-fuzz-51295_0.xml,
      test/schemas/oss-fuzz-51295_0.xsd,
      xmlschemas.c.
    - CVE-2023-28484
  * SECURITY UPDATE: Logic or memory errors and double frees
    - debian/patches/CVE-2023-29469.patch: check namelen less equal zero in
      dict.c.
    - CVE-2023-29469

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 06 Jun 2023 13:24:32 -0300
1996494 CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash)
CVE-2022-2309 NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libx
CVE-2023-28484 NULL dereference in xmlSchemaFixupComplexType
CVE-2023-29469 Hashing of empty dict strings isn't deterministic


About   -   Send Feedback to @ubuntu_updates