it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5391-1] libxml2 security update
- Date: Thu, 20 Apr 2023 20:45:49 +0000
- Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/E1ppbA5-000vD5-Ax AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=ss9Y7grLrO/1AFC1aM99F1VpOSmxqfPAlDKcxvZCueo=; b=u0 kS5KkcmNNevZqjEXszXuJl+o0uQgYzc7NuBZ5nAf3rKgdYBPTCw9vgcDEdnfVB6KkYD275JBXXwok rGxVPdHxQTUZmx38w93xlmaV3YmAkxyoDTe7SF+B0zNSB/t5nk05MstS81fbknj2fkpuV/+Co55R5 fR0UzL38JU9t37Z31VHYmf1APUG1gezdt9PjuCC/lcPUNp8eiIOFhM7FKtdEztVmCnXk+/epOsimI fyCUPQP93nnnqrHIE4BriU6eeaiCIxNRRHsOUqpnKi/6W0rAzZAGZYX1xCKiRa76JvPXnNMjny8WY U+/yRJlUfSCAdoMVSpYhNECHSFj26ypA==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Thu, 20 Apr 2023 20:46:15 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <1mQroptYBmC.A.UOD.XSaQkB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5391-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 20, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libxml2
CVE ID : CVE-2023-28484 CVE-2023-29469
Debian Bug : 1034436 1034437
Several vulnerabilities were discovered in libxml2, a library providing
support to read, modify and write XML and HTML files.
CVE-2023-28484
A NULL pointer dereference flaw when parsing invalid XML schemas may
result in denial of service.
CVE-2023-29469
It was reported that when hashing empty strings which aren't
null-terminated, xmlDictComputeFastKey could produce inconsistent
results, which may lead to various logic or memory errors.
For the stable distribution (bullseye), these problems have been fixed in
version 2.9.10+dfsg-6.7+deb11u4.
We recommend that you upgrade your libxml2 packages.
For the detailed security status of libxml2 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/libxml2
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRBo8BfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SJJg//UIK3AxfSJq/tbbIu1hav33WMU6LMM0Jg/eEFB6gY4NFM45GMFn4UuSVb
uenD4Nx5CyRnahhypbxzZdsVO9DjrAGjBpoyjlOHNQPddHRYbujZU0gVHwfam50f
KJjdnkzFwsxkTOwF0UloNwqAvBUp2LG5Eqjz1CPvcbAAyRYIyyYdj3uLRuz/Zv8J
6z/nvDndCsN4RWqioGvaH084Y0QsmkGV7devmEDZ9ybiiGBQ4Dq3H2aTMYwx63Mc
N7kbcGEZiuBT4S5fZXzmlH5lEKjlSbOzhqXyL4UxnrXs7RaAc+qqamokTKyy2hzf
aW7zoEPymSl7Zoix3r8BR4GZs6HlPUhwOdnuRhqqOzF1Q2qmefj5GtlmuhtSmZKa
n8AdLuFEp42Rxii6u8UJZ7RS3lqH70RgMgBKtjLD4TX6RpisSwGzrjKh7AonFLPF
eaEXbABD8/wTePQCbzYNn8xWgkT8A4a3PRnQEwFJO51ajhx772O9XepqSh46INnx
raxFAyOPveHXfi+6msmP7gf5TxNa9FA69eQOoyZJpMxlm8u4DvPNPN75TdA4alMD
g5l41yCec745vFt1lhBHki//CTey7NCi5ElqBKlvoQV7SgIUeHW5U6TWDgWTTfZN
69MWFk14M7ddEP+0cckyTcHun2vid7dm84iEwwbg0dMHcmpDV1Y=
=btNX
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5391-1] libxml2 security update, Salvatore Bonaccorso, 20.04.2023
Archiv bereitgestellt durch MHonArc 2.6.24.