UbuntuUpdates.org

Package "libyang2-dev"

Name: libyang2-dev

Description:

parser toolkit for IETF YANG data modeling - development files
Latest version: 2.1.30-2.1ubuntu0.1
Release: noble (24.04)
Level: security
Repository: main
Head package: libyang2
Homepage: https://github.com/CESNET/libyang/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libyang2-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libyang2-dev" in Noble

Repository Area Version
base main 2.1.30-2.1build1
updates main 2.1.30-2.1ubuntu0.1

Changelog

Version: 2.1.30-2.1ubuntu0.1 2025-09-16 19:07:06 UTC

  libyang2 (2.1.30-2.1ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: NULL pointer deref in lys_parse_mem
    - debian/patches/CVE-2023-26916.patch: schema compile UPDATE do not
      implement 2 same modules in src/schema_compile.c.
    - CVE-2023-26916
  * SECURITY UPDATE: NULL pointer deref in lysp_stmt_validate_value
    - debian/patches/CVE-2023-26917.patch: parser common BUGFIX handle
      missing YANG strings in src/parser_common.c.
    - CVE-2023-26917

 -- Marc Deslauriers <email address hidden> Fri, 12 Sep 2025 12:40:50 -0400
CVE-2023-26916 libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.
CVE-2023-26917 libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c.


About   -   Send Feedback to @ubuntu_updates