Headline
RHSA-2022:5250: Red Hat Security Advisory: libxml2 security update
An update for libxml2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-29824: libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write
概述
Moderate: libxml2 security update
类型/严重性
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
标题
An update for libxml2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
- libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write (CVE-2022-29824)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
解决方案
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The desktop must be restarted (log out, then log back in) for this update to take effect.
受影响的产品
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
修复
- BZ - 2082158 - CVE-2022-29824 libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write
参考
- https://access.redhat.com/security/updates/classification/#moderate
Red Hat Enterprise Linux for x86_64 9
SRPM
libxml2-2.9.13-1.el9_0.1.src.rpm
SHA-256: a8a49986a8335e3e1271b0e72f48a9c01e4e2f3049949cf96ddc24b0381a2a3f
x86_64
libxml2-2.9.13-1.el9_0.1.i686.rpm
SHA-256: b50e3cf1e20b0f91282dc866e4409e4012dcda8d21f9882b190862a53b0043d2
libxml2-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: c83ba95fa21dab71003dabe0ea92fa4cdea3dcb96f704d4f5edbf80ef17d01c9
libxml2-debuginfo-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 3adbac3aa5379f83563e0955bfea61de772b812aa61d166c5625b8bf5e8834b0
libxml2-debuginfo-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 3adbac3aa5379f83563e0955bfea61de772b812aa61d166c5625b8bf5e8834b0
libxml2-debuginfo-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: ec21552f25fae1e1001e5ae601f87e06f8c8aaee57431261f8e7813dfd72f645
libxml2-debuginfo-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: ec21552f25fae1e1001e5ae601f87e06f8c8aaee57431261f8e7813dfd72f645
libxml2-debugsource-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 2cb3586a46ff8d68a0a5e16f4fb4eb6fa97025202cc1dacdf9f8f2d2621df46a
libxml2-debugsource-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 2cb3586a46ff8d68a0a5e16f4fb4eb6fa97025202cc1dacdf9f8f2d2621df46a
libxml2-debugsource-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: ef887f8d3509829bd7edf63a3c5fd36ccc941a46834c6fe75c8e7b7f260affec
libxml2-debugsource-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: ef887f8d3509829bd7edf63a3c5fd36ccc941a46834c6fe75c8e7b7f260affec
libxml2-devel-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 031f5aafcbbc0ddfc35d93141268431471b2d3d570daa11a8052ca8ddf19051b
libxml2-devel-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: 9995ab30b650be76289b99fe30ccd3ab46b7fe23dcedf8501bf090102da5e3f5
python3-libxml2-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: 0265e8d6e55db03105a0c41f085f64ef14e9ea55ecf6b045255e0fa04bcd8a3e
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 27072405f15dde13008238aaae2225726418b03cb4960f4f23615c9cd55c1c88
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 27072405f15dde13008238aaae2225726418b03cb4960f4f23615c9cd55c1c88
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: 8e87261e226da0f59fdf3b6c8a6dab74eda04f99dbd5f69b1b9b1e16e1c32380
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: 8e87261e226da0f59fdf3b6c8a6dab74eda04f99dbd5f69b1b9b1e16e1c32380
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
libxml2-2.9.13-1.el9_0.1.src.rpm
SHA-256: a8a49986a8335e3e1271b0e72f48a9c01e4e2f3049949cf96ddc24b0381a2a3f
x86_64
libxml2-2.9.13-1.el9_0.1.i686.rpm
SHA-256: b50e3cf1e20b0f91282dc866e4409e4012dcda8d21f9882b190862a53b0043d2
libxml2-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: c83ba95fa21dab71003dabe0ea92fa4cdea3dcb96f704d4f5edbf80ef17d01c9
libxml2-debuginfo-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 3adbac3aa5379f83563e0955bfea61de772b812aa61d166c5625b8bf5e8834b0
libxml2-debuginfo-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 3adbac3aa5379f83563e0955bfea61de772b812aa61d166c5625b8bf5e8834b0
libxml2-debuginfo-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: ec21552f25fae1e1001e5ae601f87e06f8c8aaee57431261f8e7813dfd72f645
libxml2-debuginfo-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: ec21552f25fae1e1001e5ae601f87e06f8c8aaee57431261f8e7813dfd72f645
libxml2-debugsource-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 2cb3586a46ff8d68a0a5e16f4fb4eb6fa97025202cc1dacdf9f8f2d2621df46a
libxml2-debugsource-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 2cb3586a46ff8d68a0a5e16f4fb4eb6fa97025202cc1dacdf9f8f2d2621df46a
libxml2-debugsource-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: ef887f8d3509829bd7edf63a3c5fd36ccc941a46834c6fe75c8e7b7f260affec
libxml2-debugsource-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: ef887f8d3509829bd7edf63a3c5fd36ccc941a46834c6fe75c8e7b7f260affec
libxml2-devel-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 031f5aafcbbc0ddfc35d93141268431471b2d3d570daa11a8052ca8ddf19051b
libxml2-devel-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: 9995ab30b650be76289b99fe30ccd3ab46b7fe23dcedf8501bf090102da5e3f5
python3-libxml2-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: 0265e8d6e55db03105a0c41f085f64ef14e9ea55ecf6b045255e0fa04bcd8a3e
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 27072405f15dde13008238aaae2225726418b03cb4960f4f23615c9cd55c1c88
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 27072405f15dde13008238aaae2225726418b03cb4960f4f23615c9cd55c1c88
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: 8e87261e226da0f59fdf3b6c8a6dab74eda04f99dbd5f69b1b9b1e16e1c32380
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: 8e87261e226da0f59fdf3b6c8a6dab74eda04f99dbd5f69b1b9b1e16e1c32380
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
libxml2-2.9.13-1.el9_0.1.src.rpm
SHA-256: a8a49986a8335e3e1271b0e72f48a9c01e4e2f3049949cf96ddc24b0381a2a3f
s390x
libxml2-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: 36cf4002d62841ef9bc65ce26a416d46111938546f36fadfad799639588654c1
libxml2-debuginfo-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: d84d7a2d376cb260820b41d84b06c42e57afd3a599a19d0b71f5f00b329eb41f
libxml2-debuginfo-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: d84d7a2d376cb260820b41d84b06c42e57afd3a599a19d0b71f5f00b329eb41f
libxml2-debugsource-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: ba47259bc768e0bac3a3c058d06f0f961add085c0241c6c207ce4f33d1611731
libxml2-debugsource-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: ba47259bc768e0bac3a3c058d06f0f961add085c0241c6c207ce4f33d1611731
libxml2-devel-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: a92612a976826269f68402869fa02e95bf63eb946c4b4d2b2e97594c96e787b5
python3-libxml2-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: 717b9beaa65dc7b0f4b41a9f823253bf804e60f9fad2d35b94467d4634f044ec
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: 6cb72f4b6ec0f81bde71970cba23beeb94f7c858638486b8674bd36181b17143
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: 6cb72f4b6ec0f81bde71970cba23beeb94f7c858638486b8674bd36181b17143
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
libxml2-2.9.13-1.el9_0.1.src.rpm
SHA-256: a8a49986a8335e3e1271b0e72f48a9c01e4e2f3049949cf96ddc24b0381a2a3f
s390x
libxml2-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: 36cf4002d62841ef9bc65ce26a416d46111938546f36fadfad799639588654c1
libxml2-debuginfo-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: d84d7a2d376cb260820b41d84b06c42e57afd3a599a19d0b71f5f00b329eb41f
libxml2-debuginfo-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: d84d7a2d376cb260820b41d84b06c42e57afd3a599a19d0b71f5f00b329eb41f
libxml2-debugsource-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: ba47259bc768e0bac3a3c058d06f0f961add085c0241c6c207ce4f33d1611731
libxml2-debugsource-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: ba47259bc768e0bac3a3c058d06f0f961add085c0241c6c207ce4f33d1611731
libxml2-devel-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: a92612a976826269f68402869fa02e95bf63eb946c4b4d2b2e97594c96e787b5
python3-libxml2-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: 717b9beaa65dc7b0f4b41a9f823253bf804e60f9fad2d35b94467d4634f044ec
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: 6cb72f4b6ec0f81bde71970cba23beeb94f7c858638486b8674bd36181b17143
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: 6cb72f4b6ec0f81bde71970cba23beeb94f7c858638486b8674bd36181b17143
Red Hat Enterprise Linux for Power, little endian 9
SRPM
libxml2-2.9.13-1.el9_0.1.src.rpm
SHA-256: a8a49986a8335e3e1271b0e72f48a9c01e4e2f3049949cf96ddc24b0381a2a3f
ppc64le
libxml2-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: b07740b2754d4b2aa5193e17722118ea88733de20e4cad6d3ebec2b23556226e
libxml2-debuginfo-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: 0dfb8c1d464d56c6508896a86ab7bd62c41bfde8936607f789421c16c969aa77
libxml2-debuginfo-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: 0dfb8c1d464d56c6508896a86ab7bd62c41bfde8936607f789421c16c969aa77
libxml2-debugsource-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: d9a400085d7792f0995566324694839ab9e560266eb1a7e17112daebe23851b0
libxml2-debugsource-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: d9a400085d7792f0995566324694839ab9e560266eb1a7e17112daebe23851b0
libxml2-devel-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: b14c8c520902cd50732c2d18ee8595a1dff5f56d7e124541128751dc389f26ab
python3-libxml2-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: 5eccb4fbc8ffd181a9056ce296a6de874ca4f0aa1a720664c6ccedd96f605884
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: 3e5896f32b607602961d94c9a14da3effa91fe80dc3d9738af86aa5011ca3750
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: 3e5896f32b607602961d94c9a14da3effa91fe80dc3d9738af86aa5011ca3750
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
libxml2-2.9.13-1.el9_0.1.src.rpm
SHA-256: a8a49986a8335e3e1271b0e72f48a9c01e4e2f3049949cf96ddc24b0381a2a3f
ppc64le
libxml2-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: b07740b2754d4b2aa5193e17722118ea88733de20e4cad6d3ebec2b23556226e
libxml2-debuginfo-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: 0dfb8c1d464d56c6508896a86ab7bd62c41bfde8936607f789421c16c969aa77
libxml2-debuginfo-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: 0dfb8c1d464d56c6508896a86ab7bd62c41bfde8936607f789421c16c969aa77
libxml2-debugsource-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: d9a400085d7792f0995566324694839ab9e560266eb1a7e17112daebe23851b0
libxml2-debugsource-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: d9a400085d7792f0995566324694839ab9e560266eb1a7e17112daebe23851b0
libxml2-devel-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: b14c8c520902cd50732c2d18ee8595a1dff5f56d7e124541128751dc389f26ab
python3-libxml2-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: 5eccb4fbc8ffd181a9056ce296a6de874ca4f0aa1a720664c6ccedd96f605884
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: 3e5896f32b607602961d94c9a14da3effa91fe80dc3d9738af86aa5011ca3750
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: 3e5896f32b607602961d94c9a14da3effa91fe80dc3d9738af86aa5011ca3750
Red Hat Enterprise Linux for ARM 64 9
SRPM
libxml2-2.9.13-1.el9_0.1.src.rpm
SHA-256: a8a49986a8335e3e1271b0e72f48a9c01e4e2f3049949cf96ddc24b0381a2a3f
aarch64
libxml2-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: fdcad18680c3ace9d93e200bd3d35ce26271b5bf72bec6e79b8fbf48574b5728
libxml2-debuginfo-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 70c1b0b8a3a4634e25792e77252af77b3bef23cf7c11271c48f22ed94295b058
libxml2-debuginfo-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 70c1b0b8a3a4634e25792e77252af77b3bef23cf7c11271c48f22ed94295b058
libxml2-debugsource-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 2530a07163c81d7b075ff9957107f807aad67efe70c6c4662d0a054d44a344f6
libxml2-debugsource-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 2530a07163c81d7b075ff9957107f807aad67efe70c6c4662d0a054d44a344f6
libxml2-devel-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 697351f10f7945b62c486a001495b4dfe0fd866ca25461d6b4855523219bfaa7
python3-libxml2-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 71b559be2fdacae9c3fce43ef62472925f4e0d9bc4813f5edd92a485b3a191bb
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 61b79aa081a8060ab200d286c4685d24150cbf8e71a44bf9f0785c9a3851d5b4
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 61b79aa081a8060ab200d286c4685d24150cbf8e71a44bf9f0785c9a3851d5b4
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
libxml2-2.9.13-1.el9_0.1.src.rpm
SHA-256: a8a49986a8335e3e1271b0e72f48a9c01e4e2f3049949cf96ddc24b0381a2a3f
aarch64
libxml2-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: fdcad18680c3ace9d93e200bd3d35ce26271b5bf72bec6e79b8fbf48574b5728
libxml2-debuginfo-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 70c1b0b8a3a4634e25792e77252af77b3bef23cf7c11271c48f22ed94295b058
libxml2-debuginfo-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 70c1b0b8a3a4634e25792e77252af77b3bef23cf7c11271c48f22ed94295b058
libxml2-debugsource-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 2530a07163c81d7b075ff9957107f807aad67efe70c6c4662d0a054d44a344f6
libxml2-debugsource-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 2530a07163c81d7b075ff9957107f807aad67efe70c6c4662d0a054d44a344f6
libxml2-devel-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 697351f10f7945b62c486a001495b4dfe0fd866ca25461d6b4855523219bfaa7
python3-libxml2-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 71b559be2fdacae9c3fce43ef62472925f4e0d9bc4813f5edd92a485b3a191bb
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 61b79aa081a8060ab200d286c4685d24150cbf8e71a44bf9f0785c9a3851d5b4
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 61b79aa081a8060ab200d286c4685d24150cbf8e71a44bf9f0785c9a3851d5b4
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
libxml2-2.9.13-1.el9_0.1.src.rpm
SHA-256: a8a49986a8335e3e1271b0e72f48a9c01e4e2f3049949cf96ddc24b0381a2a3f
ppc64le
libxml2-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: b07740b2754d4b2aa5193e17722118ea88733de20e4cad6d3ebec2b23556226e
libxml2-debuginfo-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: 0dfb8c1d464d56c6508896a86ab7bd62c41bfde8936607f789421c16c969aa77
libxml2-debuginfo-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: 0dfb8c1d464d56c6508896a86ab7bd62c41bfde8936607f789421c16c969aa77
libxml2-debugsource-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: d9a400085d7792f0995566324694839ab9e560266eb1a7e17112daebe23851b0
libxml2-debugsource-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: d9a400085d7792f0995566324694839ab9e560266eb1a7e17112daebe23851b0
libxml2-devel-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: b14c8c520902cd50732c2d18ee8595a1dff5f56d7e124541128751dc389f26ab
python3-libxml2-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: 5eccb4fbc8ffd181a9056ce296a6de874ca4f0aa1a720664c6ccedd96f605884
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: 3e5896f32b607602961d94c9a14da3effa91fe80dc3d9738af86aa5011ca3750
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.ppc64le.rpm
SHA-256: 3e5896f32b607602961d94c9a14da3effa91fe80dc3d9738af86aa5011ca3750
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
libxml2-2.9.13-1.el9_0.1.src.rpm
SHA-256: a8a49986a8335e3e1271b0e72f48a9c01e4e2f3049949cf96ddc24b0381a2a3f
x86_64
libxml2-2.9.13-1.el9_0.1.i686.rpm
SHA-256: b50e3cf1e20b0f91282dc866e4409e4012dcda8d21f9882b190862a53b0043d2
libxml2-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: c83ba95fa21dab71003dabe0ea92fa4cdea3dcb96f704d4f5edbf80ef17d01c9
libxml2-debuginfo-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 3adbac3aa5379f83563e0955bfea61de772b812aa61d166c5625b8bf5e8834b0
libxml2-debuginfo-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 3adbac3aa5379f83563e0955bfea61de772b812aa61d166c5625b8bf5e8834b0
libxml2-debuginfo-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: ec21552f25fae1e1001e5ae601f87e06f8c8aaee57431261f8e7813dfd72f645
libxml2-debuginfo-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: ec21552f25fae1e1001e5ae601f87e06f8c8aaee57431261f8e7813dfd72f645
libxml2-debugsource-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 2cb3586a46ff8d68a0a5e16f4fb4eb6fa97025202cc1dacdf9f8f2d2621df46a
libxml2-debugsource-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 2cb3586a46ff8d68a0a5e16f4fb4eb6fa97025202cc1dacdf9f8f2d2621df46a
libxml2-debugsource-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: ef887f8d3509829bd7edf63a3c5fd36ccc941a46834c6fe75c8e7b7f260affec
libxml2-debugsource-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: ef887f8d3509829bd7edf63a3c5fd36ccc941a46834c6fe75c8e7b7f260affec
libxml2-devel-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 031f5aafcbbc0ddfc35d93141268431471b2d3d570daa11a8052ca8ddf19051b
libxml2-devel-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: 9995ab30b650be76289b99fe30ccd3ab46b7fe23dcedf8501bf090102da5e3f5
python3-libxml2-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: 0265e8d6e55db03105a0c41f085f64ef14e9ea55ecf6b045255e0fa04bcd8a3e
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 27072405f15dde13008238aaae2225726418b03cb4960f4f23615c9cd55c1c88
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.i686.rpm
SHA-256: 27072405f15dde13008238aaae2225726418b03cb4960f4f23615c9cd55c1c88
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: 8e87261e226da0f59fdf3b6c8a6dab74eda04f99dbd5f69b1b9b1e16e1c32380
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.x86_64.rpm
SHA-256: 8e87261e226da0f59fdf3b6c8a6dab74eda04f99dbd5f69b1b9b1e16e1c32380
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
libxml2-2.9.13-1.el9_0.1.src.rpm
SHA-256: a8a49986a8335e3e1271b0e72f48a9c01e4e2f3049949cf96ddc24b0381a2a3f
aarch64
libxml2-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: fdcad18680c3ace9d93e200bd3d35ce26271b5bf72bec6e79b8fbf48574b5728
libxml2-debuginfo-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 70c1b0b8a3a4634e25792e77252af77b3bef23cf7c11271c48f22ed94295b058
libxml2-debuginfo-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 70c1b0b8a3a4634e25792e77252af77b3bef23cf7c11271c48f22ed94295b058
libxml2-debugsource-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 2530a07163c81d7b075ff9957107f807aad67efe70c6c4662d0a054d44a344f6
libxml2-debugsource-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 2530a07163c81d7b075ff9957107f807aad67efe70c6c4662d0a054d44a344f6
libxml2-devel-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 697351f10f7945b62c486a001495b4dfe0fd866ca25461d6b4855523219bfaa7
python3-libxml2-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 71b559be2fdacae9c3fce43ef62472925f4e0d9bc4813f5edd92a485b3a191bb
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 61b79aa081a8060ab200d286c4685d24150cbf8e71a44bf9f0785c9a3851d5b4
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.aarch64.rpm
SHA-256: 61b79aa081a8060ab200d286c4685d24150cbf8e71a44bf9f0785c9a3851d5b4
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
libxml2-2.9.13-1.el9_0.1.src.rpm
SHA-256: a8a49986a8335e3e1271b0e72f48a9c01e4e2f3049949cf96ddc24b0381a2a3f
s390x
libxml2-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: 36cf4002d62841ef9bc65ce26a416d46111938546f36fadfad799639588654c1
libxml2-debuginfo-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: d84d7a2d376cb260820b41d84b06c42e57afd3a599a19d0b71f5f00b329eb41f
libxml2-debuginfo-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: d84d7a2d376cb260820b41d84b06c42e57afd3a599a19d0b71f5f00b329eb41f
libxml2-debugsource-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: ba47259bc768e0bac3a3c058d06f0f961add085c0241c6c207ce4f33d1611731
libxml2-debugsource-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: ba47259bc768e0bac3a3c058d06f0f961add085c0241c6c207ce4f33d1611731
libxml2-devel-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: a92612a976826269f68402869fa02e95bf63eb946c4b4d2b2e97594c96e787b5
python3-libxml2-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: 717b9beaa65dc7b0f4b41a9f823253bf804e60f9fad2d35b94467d4634f044ec
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: 6cb72f4b6ec0f81bde71970cba23beeb94f7c858638486b8674bd36181b17143
python3-libxml2-debuginfo-2.9.13-1.el9_0.1.s390x.rpm
SHA-256: 6cb72f4b6ec0f81bde71970cba23beeb94f7c858638486b8674bd36181b17143
Related news
Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally.
Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21235: A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands o...
Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
libxml2 suffers from an integer overflow vulnerability in xmlParseNameComplex.
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-31150: nodejs16: CRLF injection in node-undici * CVE-2022-31151: nodejs/undici: Cookie headers uncleared on cross-origin redirect * CV...
Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.
The Migration Toolkit for Containers (MTC) 1.7.4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28500: nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions * CVE-2021-23337: nodejs-lodash: command injection via template * CVE-2022-0512: nodejs-url-parse: authorization bypass through user-controlled key * CVE-2022-0639: npm-url-parse: Authorization Bypass Through User-Controlled Key * CVE-2022-0686: npm-url-parse: Authorization bypass thr...
Red Hat Security Advisory 2022-6348-01 - Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include bug fixes and container upgrades.
Submariner 0.13 packages that fix security issues and bugs, as well as adds various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions...
Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23440: nodejs-set-value: type confusion allows bypass of CVE-2019-10747 * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-...
Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.
Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.
Red Hat Security Advisory 2022-5909-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-5908-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.
Openshift Logging Bug Fix Release (5.2.13) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Openshift Logging Bug Fix Release (5.3.10) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1365: cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group
Red Hat Security Advisory 2022-5531-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs.
Red Hat Security Advisory 2022-5556-01 - Logging Subsystem 5.4.3 has security updates. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-5704-01 - Updated images are now available for Red Hat Advanced Cluster Security. Issues addressed include a privilege escalation vulnerability.
Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug fixes and feature improvements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29173: go-tuf: No protection against rollback attacks for roles other than root
Red Hat Security Advisory 2022-5673-01 - Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview. Issues addressed include a code execution vulnerability.
Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41103: containerd: insufficiently restricted permissions on container root and plugin directories * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).
Logging Subsystem 5.4.3 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24450: nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
Red Hat Security Advisory 2022-5250-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Issues addressed include integer overflow and out of bounds write vulnerabilities.
An update for libxml2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29824: libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write
libxml2 is vulnerable to a heap buffer overflow when xmlBufAdd is called on a very large buffer.
Ubuntu Security Notice 5422-1 - Shinji Sato discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.