moderate: libxml2/expat security update
moderate
An update for libxml2/expat is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
libxml2: This package provides debug information for package python3-libxml2. Debug information is useful when developing applications that use this package or when debugging this package.
expat: This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. A start tag is an example of the kind of structures for which you may register handlers.
Security Fix(es):
libxml2: valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.(CVE-2022-23308)
libxml2: A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the xmlBuffer types. A substantial input causes values to calculate buffer sizes to overflow, resulting in an out-of-bounds write.(CVE-2022-29824)
libxml2: bugfix
expat: A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service.(CVE-2022-25313)
expat: An integer overflow flaw was found in expat. This issue affects the encoding name parameter at the parser creation time, which is often hard-coded (rather than user input), takes a value in the gigabytes to trigger, and on a 64-bit machine. This flaw can cause a denial of service.(CVE-2022-25314)
expat: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.B0P2B9.