Advisories » MGASA-2020-0271

Updated libxml2 packages fix security vulnerability

Publication date: 04 Jul 2020
Modification date: 04 Jul 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-19956

Description

Updated libxml2 packages fix security vulnerability:

The fix for CVE-2019-19956 introduced regressions which can cause invalid
xmlns references in output and memory leaks, possibly leading to more
serious security issues.  The broken fix has been reverted.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26753
• https://lists.opensuse.org/opensuse-updates/2020-06/msg00026.html
• https://advisories.mageia.org/MGASA-2020-0020.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956

SRPMS

7/core

• libxml2-2.9.9-2.4.mga7