|
|
Subscribe / Log in / New account

Ubuntu alert USN-7240-1 (libxml2)



From:
              Marc Deslauriers <marc.deslauriers@canonical.com>


To:
              "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com>


Subject:
              [USN-7240-1] libxml2 vulnerabilities


Date:
              Wed, 29 Jan 2025 14:53:29 -0500


Message-ID:
              <4d26e781-4f0e-4944-851c-031c362b7a6b@canonical.com>


==========================================================================
Ubuntu Security Notice USN-7240-1
January 29, 2025

libxml2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in libxml2.

Software Description:
- libxml2: GNOME XML library

Details:

It was discovered that libxml2 incorrectly handled certain memory
operations. A remote attacker could use this issue to cause libxml2 to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-49043)

It was discovered that the libxml2 xmllint tool incorrectly handled
certain memory operations. If a user or automated system were tricked into
running xmllint on a specially crafted xml file, a remote attacker could
cause xmllint to crash, resulting in a denial of service. (CVE-2024-34459)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   libxml2                         2.9.14+dfsg-1.3ubuntu3.1

Ubuntu 22.04 LTS
   libxml2                         2.9.13+dfsg-1ubuntu0.5

Ubuntu 20.04 LTS
   libxml2                         2.9.10+dfsg-5ubuntu0.20.04.8

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7240-1
   CVE-2022-49043, CVE-2024-34459

Package Information:
   https://launchpad.net/ubuntu/+source/libxml2/2.9.14+dfsg-...
   https://launchpad.net/ubuntu/+source/libxml2/2.9.13+dfsg-...
   https://launchpad.net/ubuntu/+source/libxml2/2.9.10+dfsg-...





Attachment: OpenPGP_signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmeahzkFAwAAAAAACgkQZWnYVadEvpO8
6w/+M9ADfhuVR12b+tmYqa2ARwB1CpJW7DtegvvEITu+e3VdxhM88A4AsQvnRva9xU/Kpwvtm8Pg
/HoCzMjUp8gnLwWAXqHyCqWITKYEwvbFw5TyjrgqkFS6zwKCkBNpWbjF+e/rcr3yl4wKrOT6d9gG
NwKrJnoIHmHcXOUj0t8D9Ju9TV6Z3X8MSO3bNsuwc/EySGRXZfx7b4+x5K6eQKrNI0S86/H0U4+5
3VrpmR3aWi/LCQllxwiOInZHBzhtXQ6e63C6xdgzMvC1eW2VvuoXJYaU8vTGLXYPkeIduQh/UYWD
6BlnYPcfauTz+4qnjfu0Ld8irYgZnupkI3PMDjFLiMYy3nGDRsyAdD/4+WsS7vDXiI5N1e7TCGHO
KMzAjvky2uxDpfPUTMdjUR/DMzHaGSe763RHzgLznt0Uz7UpP1R6oWlrEfi5sFvXoqTdPiQ8xQDZ
b+aaxA6vUqfPchB5DCAlTHs7rfETUEL/IjKDlbCaZ8V9FqEBas3zjm/14YD9ry+hXY4WwluXBkWX
kwUPF6lNC2UtB5hYoUYatJ6L6F8tZwlu2kMVDx23rUKdC3hr3OznR3MSCKWZZ5xlVQlv7bQ29+8Y
daXBHkbVzMssTFqPsXTwBACxKqiv+8LOQhmaA3Ve5pSpWGlb46wi47/MLqg3XQKJffuqGZM+AiB5
7lU=
=dpJt
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds