1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202210-03 ] libxml2: Multiple Vulnerabilities

    From glsamaker@gentoo.org@21:1/5 to All on Sun Oct 16 17:00:01 2022
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202210-03
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: High
    Title: libxml2: Multiple Vulnerabilities
    Date: October 16, 2022
    Bugs: #833809, #842261, #865727
    ID: 202210-03

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Multiple vulnerabilities have been discovered in libxml2, the worst of
    which could result in arbitrary code execution.

    Background
    ==========

    libxml2 is the XML C parser and toolkit developed for the GNOME project.

    Affected packages
    =================

    -------------------------------------------------------------------
    Package / Vulnerable / Unaffected
    -------------------------------------------------------------------
    1 dev-libs/libxml2 < 2.10.2 >= 2.10.2

    Description
    ===========

    Multiple vulnerabilities have been discovered in libxml2. Please review
    the CVE identifiers referenced below for details.

    Impact
    ======

    Please review the referenced CVE identifiers for details.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All libxml2 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.10.2"

    References
    ==========

    [ 1 ] CVE-2022-23308
    https://nvd.nist.gov/vuln/detail/CVE-2022-23308
    [ 2 ] CVE-2022-29824
    https://nvd.nist.gov/vuln/detail/CVE-2022-29824

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202210-03

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2022 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmNMF9AACgkQFMQkOaVy +9mh1w//clg0k9nSrtSymZ7wojnBNgrDOPPL45rHPKAag38y+QxDBcNyUfQyjVNe 95BzM7ZYmlKvs7IxeFQK9rA5ATnrjmLj2pgObLdSHm4El3bvwJWKGAspaK2Izzvw ixu53RVSU+rBv1TbMzj8s5dXChvg8/Txsc5T2TsoaLbAACstWmZQK0vG1EkETh6h nk4hVSfrBhjUSqlgcGFrLXD81z6WPXWTbk15kGih9PfVxoMq1IXTrCTLtX62Fw75 SDUQPOzlsPEY2TiHcA+FuJNbay6dPD54ZZFnonnq41KbXho8nOcVaMwHer3pFPYB 6jSGGuK5dBIl9j4jEIlDDuIc81Y6MDjL2rPaCH8/EaAyv9FxR5/B4bpHMeDrKYel EJXZtXHNySu7ti6mbtexm9cVSkF5vsYlgVbQfJJB8AeZIjj8sfB2VtKb7Qy3F+rY Kk0nNgzUyVr8tmnWcimgDb2OkCoIdCpA2F8afMLp5atosnYmjxc98dq/Lg3711yL YGLNGFDmvhvfgsKHRHiWrhS+x/7yVMYE+FX/pfNDIVmnzE8VKCzktyF5XI4mmjXP ow8UH/G16ViS0Yb9ziePQW0xh29zUx7vn8al0pISJJ2cRNHPB4qUa+uXHZPsjsQ4 LhnjXcx5l3ioXBQgyZhZ7N4TJBBEwflTylwVBeGASs6XhNXMVco=
    =oMrG
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)