Issued at: 2023-10-06
Updated at: 2023-10-06
Synopsis
Moderate: libxml2 security update
Description
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484)
* libxml2: Hashing of empty dict strings isn't deterministic (CVE-2023-29469)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected products
Rocky Linux 8 aarch64
Rocky Linux 8 x86_64
Fixes
2185984
2185994
CVEs
CVE-2023-28484
CVE-2023-29469
Affected packages
Rocky Linux 8 aarch64 - BaseOS
libxml2-0:2.9.7-16.el8_8.1.aarch64.rpm
libxml2-0:2.9.7-16.el8_8.1.src.rpm
libxml2-debuginfo-0:2.9.7-16.el8_8.1.aarch64.rpm
libxml2-debugsource-0:2.9.7-16.el8_8.1.aarch64.rpm
python3-libxml2-0:2.9.7-16.el8_8.1.aarch64.rpm
python3-libxml2-debuginfo-0:2.9.7-16.el8_8.1.aarch64.rpm
Rocky Linux 8 aarch64 - AppStream
libxml2-devel-0:2.9.7-16.el8_8.1.aarch64.rpm
Rocky Linux 8 x86_64 - BaseOS
libxml2-0:2.9.7-16.el8_8.1.i686.rpm
libxml2-0:2.9.7-16.el8_8.1.src.rpm
libxml2-0:2.9.7-16.el8_8.1.x86_64.rpm
libxml2-debuginfo-0:2.9.7-16.el8_8.1.i686.rpm
libxml2-debuginfo-0:2.9.7-16.el8_8.1.x86_64.rpm
libxml2-debugsource-0:2.9.7-16.el8_8.1.i686.rpm
libxml2-debugsource-0:2.9.7-16.el8_8.1.x86_64.rpm
python3-libxml2-0:2.9.7-16.el8_8.1.x86_64.rpm
python3-libxml2-debuginfo-0:2.9.7-16.el8_8.1.x86_64.rpm
Rocky Linux 8 x86_64 - AppStream
libxml2-devel-0:2.9.7-16.el8_8.1.i686.rpm
libxml2-devel-0:2.9.7-16.el8_8.1.x86_64.rpm