libxml2-2-2.10.3-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12419 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libxml2-2-2.10.3-1.1 on GA media These are all security issues fixed in the libxml2-2-2.10.3-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12419 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12419 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-40303/ SUSE CVE CVE-2022-40303 page https://www.suse.com/security/cve/CVE-2022-40304/ SUSE CVE CVE-2022-40304 page openSUSE Tumbleweed libxml2-2-2.10.3-1.1 libxml2-2-32bit-2.10.3-1.1 libxml2-devel-2.10.3-1.1 libxml2-devel-32bit-2.10.3-1.1 libxml2-doc-2.10.3-1.1 libxml2-tools-2.10.3-1.1 libxml2-2-2.10.3-1.1 as a component of openSUSE Tumbleweed libxml2-2-32bit-2.10.3-1.1 as a component of openSUSE Tumbleweed libxml2-devel-2.10.3-1.1 as a component of openSUSE Tumbleweed libxml2-devel-32bit-2.10.3-1.1 as a component of openSUSE Tumbleweed libxml2-doc-2.10.3-1.1 as a component of openSUSE Tumbleweed libxml2-tools-2.10.3-1.1 as a component of openSUSE Tumbleweed An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. CVE-2022-40303 openSUSE Tumbleweed:libxml2-2-2.10.3-1.1 openSUSE Tumbleweed:libxml2-2-32bit-2.10.3-1.1 openSUSE Tumbleweed:libxml2-devel-2.10.3-1.1 openSUSE Tumbleweed:libxml2-devel-32bit-2.10.3-1.1 openSUSE Tumbleweed:libxml2-doc-2.10.3-1.1 openSUSE Tumbleweed:libxml2-tools-2.10.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-40303.html CVE-2022-40303 https://bugzilla.suse.com/1204366 SUSE Bug 1204366 https://bugzilla.suse.com/1204807 SUSE Bug 1204807 https://bugzilla.suse.com/1205549 SUSE Bug 1205549 https://bugzilla.suse.com/1206241 SUSE Bug 1206241 https://bugzilla.suse.com/1206248 SUSE Bug 1206248 An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. CVE-2022-40304 openSUSE Tumbleweed:libxml2-2-2.10.3-1.1 openSUSE Tumbleweed:libxml2-2-32bit-2.10.3-1.1 openSUSE Tumbleweed:libxml2-devel-2.10.3-1.1 openSUSE Tumbleweed:libxml2-devel-32bit-2.10.3-1.1 openSUSE Tumbleweed:libxml2-doc-2.10.3-1.1 openSUSE Tumbleweed:libxml2-tools-2.10.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-40304.html CVE-2022-40304 https://bugzilla.suse.com/1204367 SUSE Bug 1204367 https://bugzilla.suse.com/1205069 SUSE Bug 1205069 https://bugzilla.suse.com/1205549 SUSE Bug 1205549 https://bugzilla.suse.com/1206241 SUSE Bug 1206241 https://bugzilla.suse.com/1206248 SUSE Bug 1206248 https://bugzilla.suse.com/1208343 SUSE Bug 1208343