Advisory: CLSA-2022:1670518262
OS: Ubuntu 16.04 ELS
Public date: 2022-12-08 00:00:00
Project: libxml2
Version: 2.9.3+dfsg1-1ubuntu0.7+tuxcare.els5
Errata link: https://errata.tuxcare.com/els_os/ubuntu16.04els/CLSA-2022-1670518262.html
* SECURITY UPDATE: Integer overflows with XML_PARSE_HUGE - debian/patches/CVE-2022-40303.patch: Impose size limits when XML_PARSE_HUGE is set and add length checks to core parser functions - CVE-2022-40303 * SECURITY UPDATE: Dict corruption caused by entity reference cycles - debian/patches/CVE-2022-40304.patch: Stop storing entity content, orig, ExternalID and SystemID in a dict since these values are unlikely to occur multiple times in a document, so they shouldn't have been stored in a dict in the first place - CVE-2022-40304
Update command: apt-get update apt-get --only-upgrade install libxml2*
libxml2_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els5_amd64.deb libxml2-dev_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els5_amd64.deb libxml2-doc_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els5_all.deb libxml2-utils_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els5_amd64.deb python-libxml2_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els5_amd64.deb