Univention Bugzilla – Bug 52117
(ES 4.3) libxml2
Last modified: 2020-11-30 12:23:54 CET
Provide libxml2 version 2.9.4+dfsg1-2.2+deb9u3 for UCS 4.3 First imported at bug #52004 This update addresses the following issues: * Out-of-bounds read in htmlParseTryOrFinish (CVE-2017-8872) * denial of service in xz_head function in xzlib.c (CVE-2017-18258) * NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service (CVE-2018-14404) * Infinite loop when --with-lzma is used allows for denial of service via crafted XML file (CVE-2018-14567) * memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956) * memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388) * infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595) * GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1). (CVE-2020-24977)
libxml2: Installiert: 2.9.4+dfsg1-2.2+deb9u3 Installationskandidat: 2.9.4+dfsg1-2.2+deb9u3 Versionstabelle: *** 2.9.4+dfsg1-2.2+deb9u3 500 500 http://192.168.0.10/build2 ucs_4.3-0-extsec4.3/amd64/ Packages
CLOSED: Released as extsec4.3 update