Advisories » MGASA-2023-0298

Updated libxml2 packages fix a security vulnerability

Publication date: 22 Oct 2023
Modification date: 22 Oct 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-45322

Description

libxml2 through 2.11.5 has a use-after-free that can only occur after a
certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c.
(CVE-2023-45322)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32364
• https://www.openwall.com/lists/oss-security/2023/10/06/5
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322

SRPMS

9/core

• libxml2-2.10.4-1.2.mga9

8/core

• libxml2-2.9.10-7.9.mga8