Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Gentoo Linux Security Advisory 202402-11[6]
- Authored by Gentoo[7] | Site security.gentoo.org[8]
-
Gentoo Linux Security Advisory 202402-11 - Multiple denial of service vulnerabilities have been found in libxml2. Versions greater than or equal to 2.12.5 are affected.
- systems | linux[9], gentoo[10]
- advisories | CVE-2023-28484[11], CVE-2023-29469[12], CVE-2023-45322[13], CVE-2024-25062[14]
- SHA-256 |
ec389e9cd73d613a43c9949652fe1e63bd3df4b903e63661926fccc3941548fd
- Download[15] | Favorite[16] | View[17]
Change Mirror[18] Download[19]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202402-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libxml2: Multiple Vulnerabilities
Date: February 09, 2024
Bugs: #904202, #905399, #915351, #923806
ID: 202402-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple denial of service vulnerabilities have been found in libxml2.
Background
==========
libxml2 is the XML C parser and toolkit developed for the GNOME project.
Affected packages
=================
Package Vulnerable Unaffected
---------------- ------------ ------------
dev-libs/libxml2 < 2.12.5 >= 2.12.5
Description
===========
Multiple vulnerabilities have been discovered in libxml2. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All libxml2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.12.5"
If you cannot update to libxml2-2.12 yet you can update to the latest
2.11 version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.11.7 =dev-libs/libxml2-2.11*"
References
==========
[ 1 ] CVE-2023-28484
https://nvd.nist.gov/vuln/detail/CVE-2023-28484
[ 2 ] CVE-2023-29469
https://nvd.nist.gov/vuln/detail/CVE-2023-29469
[ 3 ] CVE-2023-45322
https://nvd.nist.gov/vuln/detail/CVE-2023-45322
[ 4 ] CVE-2024-25062
https://nvd.nist.gov/vuln/detail/CVE-2024-25062
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202402-11
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed toCette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
File Tags
- ActiveX[25] (932)
- Advisory[26] (84,116)
- Arbitrary[27] (16,529)
- BBS[28] (2,859)
- Bypass[29] (1,811)
- CGI[30] (1,031)
- Code Execution[31] (7,539)
- Conference[32] (686)
- Cracker[33] (844)
- CSRF[34] (3,366)
- DoS[35] (24,273)
- Encryption[36] (2,380)
- Exploit[37] (52,508)
- File Inclusion[38] (4,242)
- File Upload[39] (982)
- Firewall[40] (822)
- Info Disclosure[41] (2,824)
- Intrusion Detection[42] (904)
- Java[43] (3,112)
- JavaScript[44] (884)
- Kernel[45] (6,915)
- Local[46] (14,635)
- Magazine[47] (586)
- Overflow[48] (12,966)
- Perl[49] (1,430)
- PHP[50] (5,170)
- Proof of Concept[51] (2,362)
- Protocol[52] (3,682)
- Python[53] (1,588)
- Remote[54] (31,220)
- Root[55] (3,612)
- Rootkit[56] (518)
- Ruby[57] (616)
- Scanner[58] (1,647)
- Security Tool[59] (7,957)
- Shell[60] (3,226)
- Shellcode[61] (1,216)
- Sniffer[62] (898)
- Spoof[63] (2,236)
- SQL Injection[64] (16,472)
- TCP[65] (2,420)
- Trojan[66] (688)
- UDP[67] (896)
- Virus[68] (668)
- Vulnerability[69] (32,388)
- Web[70] (9,823)
- Whitepaper[71] (3,764)
- x86[72] (966)
- XSS[73] (18,096)
- Other[74]
File Archives
- February 2024[75]
- January 2024[76]
- December 2023[77]
- November 2023[78]
- October 2023[79]
- September 2023[80]
- August 2023[81]
- July 2023[82]
- June 2023[83]
- May 2023[84]
- April 2023[85]
- March 2023[86]
- Older[87]
Systems
- AIX[88] (429)
- Apple[89] (2,060)
- BSD[90] (375)
- CentOS[91] (57)
- Cisco[92] (1,926)
- Debian[93] (6,962)
- Fedora[94] (1,693)
- FreeBSD[95] (1,246)
- Gentoo[96] (4,441)
- HPUX[97] (880)
- iOS[98] (369)
- iPhone[99] (108)
- IRIX[100] (220)
- Juniper[101] (69)
- Linux[102] (48,534)
- Mac OS X[103] (691)
- Mandriva[104] (3,105)
- NetBSD[105] (256)
- OpenBSD[106] (487)
- RedHat[107] (15,056)
- Slackware[108] (941)
- Solaris[109] (1,611)
- SUSE[110] (1,444)
- Ubuntu[111] (9,273)
- UNIX[112] (9,365)
- UnixWare[113] (187)
- Windows[114] (6,622)
- Other[115]
- Services
- Security Services[126]
- Hosting By
- Rokasec[127]
Read more https://packetstormsecurity.com/files/177072/glsa-202402-11.txt