OESA-2022-2082

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2082
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2022-2082.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2022-2082
Upstream
Published
2022-11-11T11:04:35Z
Modified
2025-08-12T05:12:34.946096Z
Summary
libxml2 security update
Details

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library.

Security Fix(es):

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.(CVE-2022-23308)

A flaw was found in libxml2. Parsing a XML document with the XMLPARSEHUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue function didn't have any length limitation.(CVE-2022-40303)

A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted resulting in logic errors, including memory errors like double free.(CVE-2022-40304)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:22.03-LTS / libxml2

Package

Name
libxml2
Purl
pkg:rpm/openEuler/libxml2&distro=openEuler-22.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.12-13.oe2203

Ecosystem specific 

{
    "src": [
        "libxml2-2.9.12-13.oe2203.src.rpm"
    ],
    "noarch": [
        "libxml2-help-2.9.12-13.oe2203.noarch.rpm"
    ],
    "aarch64": [
        "libxml2-2.9.12-13.oe2203.aarch64.rpm",
        "libxml2-devel-2.9.12-13.oe2203.aarch64.rpm",
        "libxml2-debuginfo-2.9.12-13.oe2203.aarch64.rpm",
        "libxml2-debugsource-2.9.12-13.oe2203.aarch64.rpm",
        "python3-libxml2-2.9.12-13.oe2203.aarch64.rpm"
    ],
    "x86_64": [
        "libxml2-debugsource-2.9.12-13.oe2203.x86_64.rpm",
        "libxml2-2.9.12-13.oe2203.x86_64.rpm",
        "libxml2-devel-2.9.12-13.oe2203.x86_64.rpm",
        "libxml2-debuginfo-2.9.12-13.oe2203.x86_64.rpm",
        "python3-libxml2-2.9.12-13.oe2203.x86_64.rpm"
    ]
}