Advisories ยป MGASA-2020-0101

Updated libxml2_2 packages fix security vulnerabilities

Publication date: 24 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-20388 , CVE-2020-7595

Description

Updated libxml2 packages fix security vulnerabilities:

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an
xmlSchemaValidateStream memory leak (CVE-2019-20388).

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite
loop in a certain end-of-file situation (CVE-2020-7595).
                

References

SRPMS

7/core