[SSA:2023-343-01] libxml2
New libxml2 packages are available for Slackware 14.0, 14.1, 14.2, 15.0,
and -current to fix security issues.
Here are the details from the Slackware 15.0 ChangeLog
patches/packages/libxml2-2.12.2-i586-1_slack15.0.txz: Upgraded.
Add --sysconfdir=/etc option so that this can find the xml catalog.
Thanks to SpiderTux.
Fix the following security issues:
Fix integer overflows with XML_PARSE_HUGE.
Fix dict corruption caused by entity reference cycles.
Hashing of empty dict strings isn't deterministic.
Fix null deref in xmlSchemaFixupComplexType.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-40303
https://www.cve.org/CVERecord?id=CVE-2022-40304
https://www.cve.org/CVERecord?id=CVE-2023-29469
https://www.cve.org/CVERecord?id=CVE-2023-28484
(* Security fix *)
Where to find the new packages
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libxml2-2.12.2-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libxml2-2.12.2-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libxml2-2.12.2-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libxml2-2.12.2-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libxml2-2.12.2-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libxml2-2.12.2-x86_64-1_slack14.2.txz
Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libxml2-2.12.2-i586-1_slack15.0.txz
Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libxml2-2.12.2-x86_64-1_slack15.0.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libxml2-2.12.2-i586-2.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libxml2-2.12.2-x86_64-2.txz
MD5 signatures
Slackware 14.0 package:
781670f0524d4980ef7b48876fc07b35 libxml2-2.12.2-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
6e5084f495e8401e097d49bec5d470d0 libxml2-2.12.2-x86_64-1_slack14.0.txz
Slackware 14.1 package:
1e3a912ba24a2ee014b239ed03302260 libxml2-2.12.2-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
6e0bbf965cca0038a13f6f5faaac690d libxml2-2.12.2-x86_64-1_slack14.1.txz
Slackware 14.2 package:
7f11d69e862d4d42407bf9fbc8b134a8 libxml2-2.12.2-i586-1_slack14.2.txz
Slackware x86_64 14.2 package:
8f06b46fdf685dedd2d56400503e80b6 libxml2-2.12.2-x86_64-1_slack14.2.txz
Slackware 15.0 package:
936f1e6831a94df80e926e173505ad17 libxml2-2.12.2-i586-1_slack15.0.txz
Slackware x86_64 15.0 package:
5691184f8e0b89b5fb4344e9d4b4f732 libxml2-2.12.2-x86_64-1_slack15.0.txz
Slackware -current package:
bfa544daff81a3f89e44dd9f1f6b997e l/libxml2-2.12.2-i586-2.txz
Slackware x86_64 -current package:
e866ccd932b516f53cc5cf3c30e1c70a l/libxml2-2.12.2-x86_64-2.txz
Installation instructions
Upgrade the package as root:
# upgradepkg libxml2-2.12.2-i586-1_slack15.0.txz
- ID
- SSA:2023-343-01
- Severity
- high
- Severity from
- CVE-2022-40304
- URL
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.489213
- Published
-
2023-12-10T01:15:09
(9 months ago) - Modified
-
2023-12-10T01:15:09
(9 months ago) - Rights
- Slackware Linux Security Team
- Other Advisories
-
- ALAS-2023-1743
- ALAS2-2023-1996
- ALAS2-2023-2021
- ALPINE:CVE-2022-40303
- ALPINE:CVE-2022-40304
- ALPINE:CVE-2023-28484
- ALPINE:CVE-2023-29469
- ALSA-2023:0173
- ALSA-2023:0338
- ALSA-2023:4349
- ALSA-2023:4529
- DSA-5271-1
- DSA-5391-1
- ELSA-2023-0173
- ELSA-2023-0338
- ELSA-2023-4349
- ELSA-2023-4529
- FEDORA-2022-a6812b0224
- FEDORA-2022-aeafd24818
- FEDORA-2023-a521b917c8
- FEDORA-2023-dae7cc20ac
- FREEBSD:0BD7F07B-DC22-11ED-BF28-589CFC0F81B0
- FREEBSD:B09D77D0-B27C-48AE-B69B-9641BB68B39E
- GLSA-202210-39
- GLSA-202402-11
- MS:CVE-2022-40303
- RHSA-2023:0173
- RHSA-2023:0338
- RHSA-2023:4349
- RHSA-2023:4529
- RLSA-2023:0173
- RLSA-2023:0338
- RLSA-2023:4529
- RUBYSEC:NOKOGIRI-2QC6-MCVW-92CW
- RUBYSEC:NOKOGIRI-PXVG-2QJ5-37JQ
- SUSE-SU-2022:3692-1
- SUSE-SU-2022:3717-1
- SUSE-SU-2022:3871-1
- SUSE-SU-2023:2048-1
- SUSE-SU-2023:2053-1
- SUSE-SU-2023:2054-1
- SUSE-SU-2023:3665-1
- USN-5760-1
- USN-5760-2
- USN-6028-1
- USN-6028-2
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:slackbuild/slackware/libxml2?arch=x86_64&distro=slackware64-current | slackware | libxml2 | < 2.12.2 | slackware64-current | x86_64 | |
Affected | pkg:slackbuild/slackware/libxml2?arch=x86_64&distro=slackware64-15.0 | slackware | libxml2 | < 2.12.2 | slackware64-15.0 | x86_64 | |
Affected | pkg:slackbuild/slackware/libxml2?arch=x86_64&distro=slackware64-14.2 | slackware | libxml2 | < 2.12.2 | slackware64-14.2 | x86_64 | |
Affected | pkg:slackbuild/slackware/libxml2?arch=x86_64&distro=slackware64-14.1 | slackware | libxml2 | < 2.12.2 | slackware64-14.1 | x86_64 | |
Affected | pkg:slackbuild/slackware/libxml2?arch=x86_64&distro=slackware64-14.0 | slackware | libxml2 | < 2.12.2 | slackware64-14.0 | x86_64 | |
Affected | pkg:slackbuild/slackware/libxml2?arch=i586&distro=slackware-current | slackware | libxml2 | < 2.12.2 | slackware-current | i586 | |
Affected | pkg:slackbuild/slackware/libxml2?arch=i586&distro=slackware-15.0 | slackware | libxml2 | < 2.12.2 | slackware-15.0 | i586 | |
Affected | pkg:slackbuild/slackware/libxml2?arch=i586&distro=slackware-14.2 | slackware | libxml2 | < 2.12.2 | slackware-14.2 | i586 | |
Affected | pkg:slackbuild/slackware/libxml2?arch=i486&distro=slackware-14.1 | slackware | libxml2 | < 2.12.2 | slackware-14.1 | i486 | |
Affected | pkg:slackbuild/slackware/libxml2?arch=i486&distro=slackware-14.0 | slackware | libxml2 | < 2.12.2 | slackware-14.0 | i486 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |