Headline
RHSA-2023:0338: Red Hat Security Advisory: libxml2 security update
An update for libxml2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-40303: libxml2: integer overflows with XML_PARSE_HUGE
- CVE-2022-40304: libxml2: dict corruption caused by entity reference cycles
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-01-23
Updated:
2023-01-23
RHSA-2023:0338 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: libxml2 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
- libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)
- libxml2: dict corruption caused by entity reference cycles (CVE-2022-40304)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The desktop must be restarted (log out, then log back in) for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE
- BZ - 2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles
Red Hat Enterprise Linux for x86_64 9
SRPM
libxml2-2.9.13-3.el9_1.src.rpm
SHA-256: bd036f59a549e7196f8845c150dc593ecfb54a361461c2af06f6809ee39e1efe
x86_64
libxml2-2.9.13-3.el9_1.i686.rpm
SHA-256: bd9e502895f9777c8cfb635cc2242434de4a0f054b6e5c159dce1171a5d658b0
libxml2-2.9.13-3.el9_1.x86_64.rpm
SHA-256: d0df37751c0763741b991401554407105183c950a896f3ae212d74210697eebe
libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm
SHA-256: f47df5f23e18ebd5c0a36561bb538a993b06293b6d3814f27787d27e4cd4275f
libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm
SHA-256: f47df5f23e18ebd5c0a36561bb538a993b06293b6d3814f27787d27e4cd4275f
libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm
SHA-256: a98731236d567e5c20acff70810a50ea2dd8c31327d259c442733c5150958562
libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm
SHA-256: a98731236d567e5c20acff70810a50ea2dd8c31327d259c442733c5150958562
libxml2-debugsource-2.9.13-3.el9_1.i686.rpm
SHA-256: 87b9071f0db70b3059bdf1aedc2c622c3e905d2da91c3d7d2173b1d66a51a9fa
libxml2-debugsource-2.9.13-3.el9_1.i686.rpm
SHA-256: 87b9071f0db70b3059bdf1aedc2c622c3e905d2da91c3d7d2173b1d66a51a9fa
libxml2-debugsource-2.9.13-3.el9_1.x86_64.rpm
SHA-256: 1dcad6d5038f71196c1e96b940d81a7812fe89266cc1e63c34cc663fc87e340f
libxml2-debugsource-2.9.13-3.el9_1.x86_64.rpm
SHA-256: 1dcad6d5038f71196c1e96b940d81a7812fe89266cc1e63c34cc663fc87e340f
libxml2-devel-2.9.13-3.el9_1.i686.rpm
SHA-256: 302f54b4462365caa24dffe2f0bd81be67c747fc7fd0083da64352ebf61098c6
libxml2-devel-2.9.13-3.el9_1.x86_64.rpm
SHA-256: 953372799d81d9b9032b6aadeabf489965a02e927017cfeee379a2f37156fa5e
python3-libxml2-2.9.13-3.el9_1.x86_64.rpm
SHA-256: 634d16da78087b6810eaba122f7035a5d8c22d57b8d6fe385fae81b75036fe2e
python3-libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm
SHA-256: d9f9ea89fe9a6e2534973bebf7fb599d107bb12a2bba7685f23b5abce9bb95f8
python3-libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm
SHA-256: d9f9ea89fe9a6e2534973bebf7fb599d107bb12a2bba7685f23b5abce9bb95f8
python3-libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm
SHA-256: 8aa6eb402e71ad70c78156b371f8428d57b1fdc8e8b98c077697fa907a55b8eb
python3-libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm
SHA-256: 8aa6eb402e71ad70c78156b371f8428d57b1fdc8e8b98c077697fa907a55b8eb
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
libxml2-2.9.13-3.el9_1.src.rpm
SHA-256: bd036f59a549e7196f8845c150dc593ecfb54a361461c2af06f6809ee39e1efe
s390x
libxml2-2.9.13-3.el9_1.s390x.rpm
SHA-256: 00f591d04f8c047a2fde93962e0c1703c83d585912cdd42741889b10e71f3670
libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm
SHA-256: 77caaccbc3789afc5468cd3c042eb07a1c071124baecc6a5903297adeca268d6
libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm
SHA-256: 77caaccbc3789afc5468cd3c042eb07a1c071124baecc6a5903297adeca268d6
libxml2-debugsource-2.9.13-3.el9_1.s390x.rpm
SHA-256: 11d6bc3678c707969b828f25db9647b6d29fa5722d5ee3dfeae0afca5684c078
libxml2-debugsource-2.9.13-3.el9_1.s390x.rpm
SHA-256: 11d6bc3678c707969b828f25db9647b6d29fa5722d5ee3dfeae0afca5684c078
libxml2-devel-2.9.13-3.el9_1.s390x.rpm
SHA-256: 55665eca4d693366b16a22eec14473397ff32fcbb8c2479d46581005d37f8c7e
python3-libxml2-2.9.13-3.el9_1.s390x.rpm
SHA-256: da21f929d0e722c6fb9d00cf9ebe90310c63e32f5bfad9b9c6bd2b3f20e5da4d
python3-libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm
SHA-256: 931ef0a11081e83d085c18295dbd0e112682122bbd02e4dfa3e6b819f7816a57
python3-libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm
SHA-256: 931ef0a11081e83d085c18295dbd0e112682122bbd02e4dfa3e6b819f7816a57
Red Hat Enterprise Linux for Power, little endian 9
SRPM
libxml2-2.9.13-3.el9_1.src.rpm
SHA-256: bd036f59a549e7196f8845c150dc593ecfb54a361461c2af06f6809ee39e1efe
ppc64le
libxml2-2.9.13-3.el9_1.ppc64le.rpm
SHA-256: 5c8b5dee78dcb7bfec6d8628dd5651eddc21c66f78d939eacecfb72166d9f64d
libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm
SHA-256: 25adc17b2a1e83b4e0ade334a6f24bbab0b0ad1b65c9c238ddb32cfee40b0986
libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm
SHA-256: 25adc17b2a1e83b4e0ade334a6f24bbab0b0ad1b65c9c238ddb32cfee40b0986
libxml2-debugsource-2.9.13-3.el9_1.ppc64le.rpm
SHA-256: 860b39b8cd6b43239bee5e53c49fdd9f36ae1b7a009294f8100550c0e263e76c
libxml2-debugsource-2.9.13-3.el9_1.ppc64le.rpm
SHA-256: 860b39b8cd6b43239bee5e53c49fdd9f36ae1b7a009294f8100550c0e263e76c
libxml2-devel-2.9.13-3.el9_1.ppc64le.rpm
SHA-256: 4307c3358c74cab108b9b3af7db019c8f310ed0c5d7a0eaeeb0daeb99b989b21
python3-libxml2-2.9.13-3.el9_1.ppc64le.rpm
SHA-256: 0c4f21a3e045304337f0523e7750fc8da5e2e21ae9aeb59f82fefa5cfed53293
python3-libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm
SHA-256: 7e2dd6bc181546b87f750b3b5ea89af34a5cc0fd05f5efcc4348cf40e0898585
python3-libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm
SHA-256: 7e2dd6bc181546b87f750b3b5ea89af34a5cc0fd05f5efcc4348cf40e0898585
Red Hat Enterprise Linux for ARM 64 9
SRPM
libxml2-2.9.13-3.el9_1.src.rpm
SHA-256: bd036f59a549e7196f8845c150dc593ecfb54a361461c2af06f6809ee39e1efe
aarch64
libxml2-2.9.13-3.el9_1.aarch64.rpm
SHA-256: 1042e15d452d9b40f8c9c7811936e85ecc62d286128037b4e670743da96b973b
libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm
SHA-256: d70adfc8b158695445451eedf058f685dfad00f3fd2b4a17b8386660587a7e7e
libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm
SHA-256: d70adfc8b158695445451eedf058f685dfad00f3fd2b4a17b8386660587a7e7e
libxml2-debugsource-2.9.13-3.el9_1.aarch64.rpm
SHA-256: 51716adc8141e96b39da44271b46c4bdbdb28cb4b77bc694df97879576d7e5f4
libxml2-debugsource-2.9.13-3.el9_1.aarch64.rpm
SHA-256: 51716adc8141e96b39da44271b46c4bdbdb28cb4b77bc694df97879576d7e5f4
libxml2-devel-2.9.13-3.el9_1.aarch64.rpm
SHA-256: 4b5d8c189adbd77499f769c030b9988beebddcfcd3eda04fe4061bf3a782f066
python3-libxml2-2.9.13-3.el9_1.aarch64.rpm
SHA-256: 547d5d5ba8bfa277fc5ffdc7a4e468d756e7c7a95f6d2be4c5eb7243ac6bda79
python3-libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm
SHA-256: 66fd8c3052fad3b28e168e230be500e4068db9a62a67753ff20126abe505625d
python3-libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm
SHA-256: 66fd8c3052fad3b28e168e230be500e4068db9a62a67753ff20126abe505625d
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.
OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...
Red Hat OpenShift Service Mesh Containers for 2.3.2 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server t...
Red Hat Security Advisory 2023-1174-01 - OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.
Red Hat Security Advisory 2023-1079-01 - An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 (Train).
A new image is available for Red Hat Single Sign-On 7.6.2, running on Red Hat OpenShift Container Platform from the release of 3.11 up to the release of 4.12.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-14040: In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. * CVE-2018-14042: In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. * CVE-2019-11358: A Prototype Pollution vulnerability was found in jque...
Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...
An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. W...
Red Hat Security Advisory 2023-0803-01 - An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important.
Red Hat Security Advisory 2023-0804-01 - An update is now available for Red Hat OpenShift GitOps 1.5. Red Hat Product Security has rated this update as having a security impact of Important.
Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.
Red Hat Security Advisory 2023-0634-01 - Logging Subsystem 5.6.1 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-0693-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
Logging Subsystem 5.6.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2022-46175: A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned f...
Red Hat Advanced Cluster Management for Kubernetes 2.7.0 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service. * CVE-2022-30629: A flaw was found in the crypto/tls golang pa...
Red Hat Security Advisory 2023-0468-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.
Red Hat Security Advisory 2023-0466-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.
An update is now available for Red Hat OpenShift GitOps 1.5.9 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22482: ArgoCD: JWT audience claim is not verified
An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22482: ArgoCD: JWT audience claim is not verified * CVE-2023-22736: argocd: Controller reconciles apps outside configured namespaces when sharding is enabled
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
An update for libxml2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40303: libxml2: integer overflows with XML_PARSE_HUGE * CVE-2022-40304: libxml2: dict corruption caused by entity reference cycles
An update for libxml2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40303: libxml2: integer overflows with XML_PARSE_HUGE * CVE-2022-40304: libxml2: dict corruption caused by entity reference cycles
Apple Security Advisory 2022-12-13-5 - macOS Monterey 12.6.2 addresses bypass, code execution, and integer overflow vulnerabilities.
Apple Security Advisory 2022-12-13-5 - macOS Monterey 12.6.2 addresses bypass, code execution, and integer overflow vulnerabilities.
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-22721: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody * CVE-2022-23943: httpd: mod_sed: Read/write beyond bounds * CVE-2022-26377: httpd: mod_proxy_ajp: Possible request smuggling * CVE-2...
Ubuntu Security Notice 5760-2 - USN-5760-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause a crash.
Ubuntu Security Notice 5760-2 - USN-5760-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause a crash.
Ubuntu Security Notice 5760-1 - It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause a crash. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code.
Ubuntu Security Notice 5760-1 - It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause a crash. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code.
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
Apple Security Advisory 2022-11-09-2 - macOS Ventura 13.0.1 addresses code execution and integer overflow vulnerabilities.
Apple Security Advisory 2022-11-09-2 - macOS Ventura 13.0.1 addresses code execution and integer overflow vulnerabilities.
Apple Security Advisory 2022-11-09-1 - iOS 16.1.1 and iPadOS 16.1.1 addresses code execution and integer overflow vulnerabilities.
Apple Security Advisory 2022-11-09-1 - iOS 16.1.1 and iPadOS 16.1.1 addresses code execution and integer overflow vulnerabilities.
Debian Linux Security Advisory 5271-1 - Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files.
Gentoo Linux Security Advisory 202210-39 - Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution. Versions less than 2.10.3 are affected.
Gentoo Linux Security Advisory 202210-39 - Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution. Versions less than 2.10.3 are affected.