Headline
RHSA-2023:4529: Red Hat Security Advisory: libxml2 security update
An update for libxml2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-28484: A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.
- CVE-2023-29469: A flaw was found in libxml2. This issue occurs when hashing empty strings which aren’t null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.
Synopsis
Moderate: libxml2 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
- libxml2: NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484)
- libxml2: Hashing of empty dict strings isn’t deterministic (CVE-2023-29469)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The desktop must be restarted (log out, then log back in) for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.8 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
Fixes
- BZ - 2185984 - CVE-2023-29469 libxml2: Hashing of empty dict strings isn’t deterministic
- BZ - 2185994 - CVE-2023-28484 libxml2: NULL dereference in xmlSchemaFixupComplexType
Red Hat Enterprise Linux for x86_64 8
SRPM
libxml2-2.9.7-16.el8_8.1.src.rpm
SHA-256: 82ac374ec38e54e98211c34fd0dfe3b30c0cb0b03d80adfdde7ac32516d622da
x86_64
libxml2-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 53c3852eb67011dce979b2cc609a507feb0b1d6d47e7aa5d55fb00dd3fdf057b
libxml2-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 4bb1768face48e4f236fbaa17b9a3445eeea4ee7d8672e0a76f7686324841c32
libxml2-debuginfo-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 3471b8090cbd5ad3b88fe1b592bc824d2cf888559404a430f9c7b7da7fc37119
libxml2-debuginfo-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 3471b8090cbd5ad3b88fe1b592bc824d2cf888559404a430f9c7b7da7fc37119
libxml2-debuginfo-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 1d29dee7efe2d040f4dfc8a7ce21c830c9b9e426b66e03e88038f8a1a887b9b6
libxml2-debuginfo-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 1d29dee7efe2d040f4dfc8a7ce21c830c9b9e426b66e03e88038f8a1a887b9b6
libxml2-debugsource-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 4718e7058d70d71cfb528699561da254fcb0a8700e115b8c14847db7c71bfc19
libxml2-debugsource-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 4718e7058d70d71cfb528699561da254fcb0a8700e115b8c14847db7c71bfc19
libxml2-debugsource-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 08022f9c149b9d4e7418cb85b4a102b62f125f19b817203edf7f78503f4088f7
libxml2-debugsource-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 08022f9c149b9d4e7418cb85b4a102b62f125f19b817203edf7f78503f4088f7
libxml2-devel-2.9.7-16.el8_8.1.i686.rpm
SHA-256: d627df8b9c3cd580b3ccb3b30af9f46b96a5046d146bef63e65e4f48565cc408
libxml2-devel-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 0a9d1ba81865c6cd91435c5e10272b6e206e492bcc9332b8805a26885b5fc610
python3-libxml2-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: fae6010f77431e8866198825641e73f6ee38aee9184df0bf59a1c4bb19045589
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 45d560458e15d5ebca0213cc83a5d48a53c0aa5fc6f78cdc991cc5b4ea7e3d4d
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 45d560458e15d5ebca0213cc83a5d48a53c0aa5fc6f78cdc991cc5b4ea7e3d4d
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 1911daa00f9768638783acdd8833f20103ac66e5c91b9d7b156b50000818a79e
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 1911daa00f9768638783acdd8833f20103ac66e5c91b9d7b156b50000818a79e
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8
SRPM
libxml2-2.9.7-16.el8_8.1.src.rpm
SHA-256: 82ac374ec38e54e98211c34fd0dfe3b30c0cb0b03d80adfdde7ac32516d622da
x86_64
libxml2-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 53c3852eb67011dce979b2cc609a507feb0b1d6d47e7aa5d55fb00dd3fdf057b
libxml2-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 4bb1768face48e4f236fbaa17b9a3445eeea4ee7d8672e0a76f7686324841c32
libxml2-debuginfo-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 3471b8090cbd5ad3b88fe1b592bc824d2cf888559404a430f9c7b7da7fc37119
libxml2-debuginfo-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 3471b8090cbd5ad3b88fe1b592bc824d2cf888559404a430f9c7b7da7fc37119
libxml2-debuginfo-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 1d29dee7efe2d040f4dfc8a7ce21c830c9b9e426b66e03e88038f8a1a887b9b6
libxml2-debuginfo-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 1d29dee7efe2d040f4dfc8a7ce21c830c9b9e426b66e03e88038f8a1a887b9b6
libxml2-debugsource-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 4718e7058d70d71cfb528699561da254fcb0a8700e115b8c14847db7c71bfc19
libxml2-debugsource-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 4718e7058d70d71cfb528699561da254fcb0a8700e115b8c14847db7c71bfc19
libxml2-debugsource-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 08022f9c149b9d4e7418cb85b4a102b62f125f19b817203edf7f78503f4088f7
libxml2-debugsource-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 08022f9c149b9d4e7418cb85b4a102b62f125f19b817203edf7f78503f4088f7
libxml2-devel-2.9.7-16.el8_8.1.i686.rpm
SHA-256: d627df8b9c3cd580b3ccb3b30af9f46b96a5046d146bef63e65e4f48565cc408
libxml2-devel-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 0a9d1ba81865c6cd91435c5e10272b6e206e492bcc9332b8805a26885b5fc610
python3-libxml2-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: fae6010f77431e8866198825641e73f6ee38aee9184df0bf59a1c4bb19045589
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 45d560458e15d5ebca0213cc83a5d48a53c0aa5fc6f78cdc991cc5b4ea7e3d4d
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 45d560458e15d5ebca0213cc83a5d48a53c0aa5fc6f78cdc991cc5b4ea7e3d4d
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 1911daa00f9768638783acdd8833f20103ac66e5c91b9d7b156b50000818a79e
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 1911daa00f9768638783acdd8833f20103ac66e5c91b9d7b156b50000818a79e
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
libxml2-2.9.7-16.el8_8.1.src.rpm
SHA-256: 82ac374ec38e54e98211c34fd0dfe3b30c0cb0b03d80adfdde7ac32516d622da
s390x
libxml2-2.9.7-16.el8_8.1.s390x.rpm
SHA-256: dc94869df33ed2df8cf19d3f99b0a1be1ae007958f720f3376f8d26b121d4b82
libxml2-debuginfo-2.9.7-16.el8_8.1.s390x.rpm
SHA-256: e6bfcc814401185410b66c6f1fe1414880f95ba1a6f93f06c53a21ba3bce6713
libxml2-debuginfo-2.9.7-16.el8_8.1.s390x.rpm
SHA-256: e6bfcc814401185410b66c6f1fe1414880f95ba1a6f93f06c53a21ba3bce6713
libxml2-debugsource-2.9.7-16.el8_8.1.s390x.rpm
SHA-256: 021926a53ba24f53c322d78e60ea37b13b5588c19b7435e336c85713f9d5a6ec
libxml2-debugsource-2.9.7-16.el8_8.1.s390x.rpm
SHA-256: 021926a53ba24f53c322d78e60ea37b13b5588c19b7435e336c85713f9d5a6ec
libxml2-devel-2.9.7-16.el8_8.1.s390x.rpm
SHA-256: 21ef6783b0378cc671b4a5ec55de90d08bddf867d19e820eddc335d34b2697d0
python3-libxml2-2.9.7-16.el8_8.1.s390x.rpm
SHA-256: 4e93ad65aa994153b63b9aca132e962dee7a7cb255e77964673320705f48526b
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.s390x.rpm
SHA-256: 11ca4d9fdf878db34ba2163f31fd3835d1b4e9c68fa8ea2094261de7faaff98b
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.s390x.rpm
SHA-256: 11ca4d9fdf878db34ba2163f31fd3835d1b4e9c68fa8ea2094261de7faaff98b
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8
SRPM
libxml2-2.9.7-16.el8_8.1.src.rpm
SHA-256: 82ac374ec38e54e98211c34fd0dfe3b30c0cb0b03d80adfdde7ac32516d622da
s390x
libxml2-2.9.7-16.el8_8.1.s390x.rpm
SHA-256: dc94869df33ed2df8cf19d3f99b0a1be1ae007958f720f3376f8d26b121d4b82
libxml2-debuginfo-2.9.7-16.el8_8.1.s390x.rpm
SHA-256: e6bfcc814401185410b66c6f1fe1414880f95ba1a6f93f06c53a21ba3bce6713
libxml2-debuginfo-2.9.7-16.el8_8.1.s390x.rpm
SHA-256: e6bfcc814401185410b66c6f1fe1414880f95ba1a6f93f06c53a21ba3bce6713
libxml2-debugsource-2.9.7-16.el8_8.1.s390x.rpm
SHA-256: 021926a53ba24f53c322d78e60ea37b13b5588c19b7435e336c85713f9d5a6ec
libxml2-debugsource-2.9.7-16.el8_8.1.s390x.rpm
SHA-256: 021926a53ba24f53c322d78e60ea37b13b5588c19b7435e336c85713f9d5a6ec
libxml2-devel-2.9.7-16.el8_8.1.s390x.rpm
SHA-256: 21ef6783b0378cc671b4a5ec55de90d08bddf867d19e820eddc335d34b2697d0
python3-libxml2-2.9.7-16.el8_8.1.s390x.rpm
SHA-256: 4e93ad65aa994153b63b9aca132e962dee7a7cb255e77964673320705f48526b
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.s390x.rpm
SHA-256: 11ca4d9fdf878db34ba2163f31fd3835d1b4e9c68fa8ea2094261de7faaff98b
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.s390x.rpm
SHA-256: 11ca4d9fdf878db34ba2163f31fd3835d1b4e9c68fa8ea2094261de7faaff98b
Red Hat Enterprise Linux for Power, little endian 8
SRPM
libxml2-2.9.7-16.el8_8.1.src.rpm
SHA-256: 82ac374ec38e54e98211c34fd0dfe3b30c0cb0b03d80adfdde7ac32516d622da
ppc64le
libxml2-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 56364381c37151c560caa7be742e81ae27f2a9bee7b0c62fbd20b5a16959106e
libxml2-debuginfo-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 02ac643a0067654878b9d1871107ce816aee7d6d4fa03e44ba9f536a985eea1b
libxml2-debuginfo-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 02ac643a0067654878b9d1871107ce816aee7d6d4fa03e44ba9f536a985eea1b
libxml2-debugsource-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 5e5a00e41a58d3a90a559185f7c90be1e38552efcde4f5e024574a1cc528d83d
libxml2-debugsource-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 5e5a00e41a58d3a90a559185f7c90be1e38552efcde4f5e024574a1cc528d83d
libxml2-devel-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 53695f7860651e86ee8b0c6b55095bbd977161bbc6057d74d4eba41cb492958e
python3-libxml2-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 22ffdf7636a423c30083e534ae6eac61ea543b5747820c0ace1ceddf231f71d8
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: c968888f105b5dd08351e0a64175198a3c621ae0f21112c1f3c544a4946aa5f9
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: c968888f105b5dd08351e0a64175198a3c621ae0f21112c1f3c544a4946aa5f9
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8
SRPM
libxml2-2.9.7-16.el8_8.1.src.rpm
SHA-256: 82ac374ec38e54e98211c34fd0dfe3b30c0cb0b03d80adfdde7ac32516d622da
ppc64le
libxml2-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 56364381c37151c560caa7be742e81ae27f2a9bee7b0c62fbd20b5a16959106e
libxml2-debuginfo-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 02ac643a0067654878b9d1871107ce816aee7d6d4fa03e44ba9f536a985eea1b
libxml2-debuginfo-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 02ac643a0067654878b9d1871107ce816aee7d6d4fa03e44ba9f536a985eea1b
libxml2-debugsource-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 5e5a00e41a58d3a90a559185f7c90be1e38552efcde4f5e024574a1cc528d83d
libxml2-debugsource-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 5e5a00e41a58d3a90a559185f7c90be1e38552efcde4f5e024574a1cc528d83d
libxml2-devel-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 53695f7860651e86ee8b0c6b55095bbd977161bbc6057d74d4eba41cb492958e
python3-libxml2-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 22ffdf7636a423c30083e534ae6eac61ea543b5747820c0ace1ceddf231f71d8
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: c968888f105b5dd08351e0a64175198a3c621ae0f21112c1f3c544a4946aa5f9
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: c968888f105b5dd08351e0a64175198a3c621ae0f21112c1f3c544a4946aa5f9
Red Hat Enterprise Linux Server - TUS 8.8
SRPM
libxml2-2.9.7-16.el8_8.1.src.rpm
SHA-256: 82ac374ec38e54e98211c34fd0dfe3b30c0cb0b03d80adfdde7ac32516d622da
x86_64
libxml2-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 53c3852eb67011dce979b2cc609a507feb0b1d6d47e7aa5d55fb00dd3fdf057b
libxml2-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 4bb1768face48e4f236fbaa17b9a3445eeea4ee7d8672e0a76f7686324841c32
libxml2-debuginfo-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 3471b8090cbd5ad3b88fe1b592bc824d2cf888559404a430f9c7b7da7fc37119
libxml2-debuginfo-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 3471b8090cbd5ad3b88fe1b592bc824d2cf888559404a430f9c7b7da7fc37119
libxml2-debuginfo-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 1d29dee7efe2d040f4dfc8a7ce21c830c9b9e426b66e03e88038f8a1a887b9b6
libxml2-debuginfo-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 1d29dee7efe2d040f4dfc8a7ce21c830c9b9e426b66e03e88038f8a1a887b9b6
libxml2-debugsource-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 4718e7058d70d71cfb528699561da254fcb0a8700e115b8c14847db7c71bfc19
libxml2-debugsource-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 4718e7058d70d71cfb528699561da254fcb0a8700e115b8c14847db7c71bfc19
libxml2-debugsource-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 08022f9c149b9d4e7418cb85b4a102b62f125f19b817203edf7f78503f4088f7
libxml2-debugsource-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 08022f9c149b9d4e7418cb85b4a102b62f125f19b817203edf7f78503f4088f7
libxml2-devel-2.9.7-16.el8_8.1.i686.rpm
SHA-256: d627df8b9c3cd580b3ccb3b30af9f46b96a5046d146bef63e65e4f48565cc408
libxml2-devel-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 0a9d1ba81865c6cd91435c5e10272b6e206e492bcc9332b8805a26885b5fc610
python3-libxml2-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: fae6010f77431e8866198825641e73f6ee38aee9184df0bf59a1c4bb19045589
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 45d560458e15d5ebca0213cc83a5d48a53c0aa5fc6f78cdc991cc5b4ea7e3d4d
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 45d560458e15d5ebca0213cc83a5d48a53c0aa5fc6f78cdc991cc5b4ea7e3d4d
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 1911daa00f9768638783acdd8833f20103ac66e5c91b9d7b156b50000818a79e
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 1911daa00f9768638783acdd8833f20103ac66e5c91b9d7b156b50000818a79e
Red Hat Enterprise Linux for ARM 64 8
SRPM
libxml2-2.9.7-16.el8_8.1.src.rpm
SHA-256: 82ac374ec38e54e98211c34fd0dfe3b30c0cb0b03d80adfdde7ac32516d622da
aarch64
libxml2-2.9.7-16.el8_8.1.aarch64.rpm
SHA-256: 851d087ef29641a1097b66b79a1190ea7ff9bc2bd2897cd81acbe480cd609840
libxml2-debuginfo-2.9.7-16.el8_8.1.aarch64.rpm
SHA-256: b53ea1a9ad591848327803a0445572b7d53f88fc391f1c3fa91c43e81aae51dc
libxml2-debuginfo-2.9.7-16.el8_8.1.aarch64.rpm
SHA-256: b53ea1a9ad591848327803a0445572b7d53f88fc391f1c3fa91c43e81aae51dc
libxml2-debugsource-2.9.7-16.el8_8.1.aarch64.rpm
SHA-256: af1be8ec8b31da5919a8d846607ce07d92c9a2c41854187d622370782c78dd66
libxml2-debugsource-2.9.7-16.el8_8.1.aarch64.rpm
SHA-256: af1be8ec8b31da5919a8d846607ce07d92c9a2c41854187d622370782c78dd66
libxml2-devel-2.9.7-16.el8_8.1.aarch64.rpm
SHA-256: 15db3f80f206b18aff4e3c3691e2fcd411bfac7f8eec08aeed5052536b4894a5
python3-libxml2-2.9.7-16.el8_8.1.aarch64.rpm
SHA-256: 065982bf900b7ca04753bc64a6572ecd4376544860615b9157f03fb4443cb1ef
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.aarch64.rpm
SHA-256: b81984e934b61a699a34ba094ff4438eb420beb1b0f1234c5166bdf723071949
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.aarch64.rpm
SHA-256: b81984e934b61a699a34ba094ff4438eb420beb1b0f1234c5166bdf723071949
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8
SRPM
libxml2-2.9.7-16.el8_8.1.src.rpm
SHA-256: 82ac374ec38e54e98211c34fd0dfe3b30c0cb0b03d80adfdde7ac32516d622da
aarch64
libxml2-2.9.7-16.el8_8.1.aarch64.rpm
SHA-256: 851d087ef29641a1097b66b79a1190ea7ff9bc2bd2897cd81acbe480cd609840
libxml2-debuginfo-2.9.7-16.el8_8.1.aarch64.rpm
SHA-256: b53ea1a9ad591848327803a0445572b7d53f88fc391f1c3fa91c43e81aae51dc
libxml2-debuginfo-2.9.7-16.el8_8.1.aarch64.rpm
SHA-256: b53ea1a9ad591848327803a0445572b7d53f88fc391f1c3fa91c43e81aae51dc
libxml2-debugsource-2.9.7-16.el8_8.1.aarch64.rpm
SHA-256: af1be8ec8b31da5919a8d846607ce07d92c9a2c41854187d622370782c78dd66
libxml2-debugsource-2.9.7-16.el8_8.1.aarch64.rpm
SHA-256: af1be8ec8b31da5919a8d846607ce07d92c9a2c41854187d622370782c78dd66
libxml2-devel-2.9.7-16.el8_8.1.aarch64.rpm
SHA-256: 15db3f80f206b18aff4e3c3691e2fcd411bfac7f8eec08aeed5052536b4894a5
python3-libxml2-2.9.7-16.el8_8.1.aarch64.rpm
SHA-256: 065982bf900b7ca04753bc64a6572ecd4376544860615b9157f03fb4443cb1ef
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.aarch64.rpm
SHA-256: b81984e934b61a699a34ba094ff4438eb420beb1b0f1234c5166bdf723071949
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.aarch64.rpm
SHA-256: b81984e934b61a699a34ba094ff4438eb420beb1b0f1234c5166bdf723071949
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8
SRPM
libxml2-2.9.7-16.el8_8.1.src.rpm
SHA-256: 82ac374ec38e54e98211c34fd0dfe3b30c0cb0b03d80adfdde7ac32516d622da
ppc64le
libxml2-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 56364381c37151c560caa7be742e81ae27f2a9bee7b0c62fbd20b5a16959106e
libxml2-debuginfo-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 02ac643a0067654878b9d1871107ce816aee7d6d4fa03e44ba9f536a985eea1b
libxml2-debuginfo-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 02ac643a0067654878b9d1871107ce816aee7d6d4fa03e44ba9f536a985eea1b
libxml2-debugsource-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 5e5a00e41a58d3a90a559185f7c90be1e38552efcde4f5e024574a1cc528d83d
libxml2-debugsource-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 5e5a00e41a58d3a90a559185f7c90be1e38552efcde4f5e024574a1cc528d83d
libxml2-devel-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 53695f7860651e86ee8b0c6b55095bbd977161bbc6057d74d4eba41cb492958e
python3-libxml2-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: 22ffdf7636a423c30083e534ae6eac61ea543b5747820c0ace1ceddf231f71d8
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: c968888f105b5dd08351e0a64175198a3c621ae0f21112c1f3c544a4946aa5f9
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.ppc64le.rpm
SHA-256: c968888f105b5dd08351e0a64175198a3c621ae0f21112c1f3c544a4946aa5f9
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8
SRPM
libxml2-2.9.7-16.el8_8.1.src.rpm
SHA-256: 82ac374ec38e54e98211c34fd0dfe3b30c0cb0b03d80adfdde7ac32516d622da
x86_64
libxml2-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 53c3852eb67011dce979b2cc609a507feb0b1d6d47e7aa5d55fb00dd3fdf057b
libxml2-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 4bb1768face48e4f236fbaa17b9a3445eeea4ee7d8672e0a76f7686324841c32
libxml2-debuginfo-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 3471b8090cbd5ad3b88fe1b592bc824d2cf888559404a430f9c7b7da7fc37119
libxml2-debuginfo-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 3471b8090cbd5ad3b88fe1b592bc824d2cf888559404a430f9c7b7da7fc37119
libxml2-debuginfo-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 1d29dee7efe2d040f4dfc8a7ce21c830c9b9e426b66e03e88038f8a1a887b9b6
libxml2-debuginfo-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 1d29dee7efe2d040f4dfc8a7ce21c830c9b9e426b66e03e88038f8a1a887b9b6
libxml2-debugsource-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 4718e7058d70d71cfb528699561da254fcb0a8700e115b8c14847db7c71bfc19
libxml2-debugsource-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 4718e7058d70d71cfb528699561da254fcb0a8700e115b8c14847db7c71bfc19
libxml2-debugsource-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 08022f9c149b9d4e7418cb85b4a102b62f125f19b817203edf7f78503f4088f7
libxml2-debugsource-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 08022f9c149b9d4e7418cb85b4a102b62f125f19b817203edf7f78503f4088f7
libxml2-devel-2.9.7-16.el8_8.1.i686.rpm
SHA-256: d627df8b9c3cd580b3ccb3b30af9f46b96a5046d146bef63e65e4f48565cc408
libxml2-devel-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 0a9d1ba81865c6cd91435c5e10272b6e206e492bcc9332b8805a26885b5fc610
python3-libxml2-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: fae6010f77431e8866198825641e73f6ee38aee9184df0bf59a1c4bb19045589
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 45d560458e15d5ebca0213cc83a5d48a53c0aa5fc6f78cdc991cc5b4ea7e3d4d
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.i686.rpm
SHA-256: 45d560458e15d5ebca0213cc83a5d48a53c0aa5fc6f78cdc991cc5b4ea7e3d4d
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 1911daa00f9768638783acdd8833f20103ac66e5c91b9d7b156b50000818a79e
python3-libxml2-debuginfo-2.9.7-16.el8_8.1.x86_64.rpm
SHA-256: 1911daa00f9768638783acdd8833f20103ac66e5c91b9d7b156b50000818a79e
Related news
Gentoo Linux Security Advisory 202402-11 - Multiple denial of service vulnerabilities have been found in libxml2. Versions greater than or equal to 2.12.5 are affected.
Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
The Migration Toolkit for Containers (MTC) 1.8.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.
Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulne...
OpenShift API for Data Protection (OADP) 1.1.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream cou...
Red Hat Security Advisory 2023-5175-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2023-5174-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.
Red Hat OpenShift Service Mesh 2.2.10 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35941: A flaw was found in Envoy, where a malicious client can construct credentials with permanent validity in a specific scenario. This issue is caused by some rare scenarios, such as the combination of host and expiration time, in which the HMAC payload can always be valid in the OAuth2 filter's HMAC check. * CVE-2023-35944: A flaw was found in Envoy that allows for mixed-case sche...
An update is now available for Red Hat OpenShift GitOps 1.8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-40029: A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via i...
An update is now available for Red Hat OpenShift GitOps 1.9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-40029: A flaw was found in the ArgoCD package, used by Red Hat GitOps, that allows cluster secrets to be managed declaratively using the `kubectl apply` functionality, resulting in the full secret body being stored in `kubectl.kubernetes.io/last-applied-configuration` annotation. Since ArgoCD has included the ability to manage cluster labels and annotations via i...
Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.
Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37466: A flaw was found in the vm2 Promise handler sanitization, which allows attackers to esc...
Red Hat Security Advisory 2023-4921-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.5 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4889-01 - The DevWorkspace Operator extends OpenShift to provide DevWorkspace support. Issues addressed include a code execution vulnerability.
Red Hat DevWorkspace Operator 0.22 has been released. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-38408: A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-...
Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.
This is the multiarch release of the AMQ Broker 7.11.1 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4065: No description is available for this CVE. * CVE-2023-4066: No description is available for this CVE.
Red Hat Security Advisory 2023-4694-01 - Red Hat OpenStack Platform (RHOSP) 16.2.z (Train) director Operator containers are now available. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-4664-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.3 images. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4628-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4654-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-28331: A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affect...
Red Hat Security Advisory 2023-4650-01 - Multicluster Engine for Kubernetes 2.2.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37903: A flaw was found in the vm2 custom inspect function, which allows attackers to escape t...
Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.
Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.
Red Hat Security Advisory 2023-4529-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards.
Red Hat Security Advisory 2023-4529-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards.
Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
Ubuntu Security Notice 6028-2 - USN-6028-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 23.04. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash.
Ubuntu Security Notice 6028-2 - USN-6028-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 23.04. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash.
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
Debian Linux Security Advisory 5391-1 - Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files.
Debian Linux Security Advisory 5391-1 - Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files.
Ubuntu Security Notice 6028-1 - It was discovered that lixml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash.
Ubuntu Security Notice 6028-1 - It was discovered that lixml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash.