Advisories » MGASA-2024-0172

Updated libxml2 packages fix a security vulnerability

Publication date: 09 May 2024
Modification date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-25062

Description

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before
2.12.5. When using the XML Reader interface with DTD validation and
XInclude expansion enabled, processing crafted XML documents can lead to
an xmlValidatePopElement use-after-free. (CVE-2024-25062)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33184
• https://lwn.net/Articles/972329/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062

SRPMS

9/core

• libxml2-2.10.4-1.3.mga9