Bugzilla – Bug 1176179
VUL-1: CVE-2020-24977: libxml2: global Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c
Last modified: 2023-04-06 15:28:43 UTC
CVE-2020-24977 GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24977 http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-24977.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
Upstream fix commit: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
Factory submission: https://build.opensuse.org/request/show/832832
SUSE-SU-2020:2609-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1159928,1161517,1161521,1172021,1176179 CVE References: CVE-2019-19956,CVE-2019-20388,CVE-2020-24977,CVE-2020-7595 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): libxml2-2.9.4-46.34.1 SUSE Linux Enterprise Server 12-SP5 (src): libxml2-2.9.4-46.34.1, python-libxml2-2.9.4-46.34.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:2612-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1176179 CVE References: CVE-2020-24977 JIRA References: Sources used: SUSE Linux Enterprise Module for Python2 15-SP2 (src): python-libxml2-python-2.9.7-3.25.1 SUSE Linux Enterprise Module for Python2 15-SP1 (src): python-libxml2-python-2.9.7-3.25.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): libxml2-2.9.7-3.25.1, python-libxml2-python-2.9.7-3.25.1 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): libxml2-2.9.7-3.25.1, python-libxml2-python-2.9.7-3.25.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:1430-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1176179 CVE References: CVE-2020-24977 JIRA References: Sources used: openSUSE Leap 15.1 (src): libxml2-2.9.7-lp151.5.15.1, python-libxml2-python-2.9.7-lp151.5.15.1
openSUSE-SU-2020:1465-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1176179 CVE References: CVE-2020-24977 JIRA References: Sources used: openSUSE Leap 15.2 (src): libxml2-2.9.7-lp152.10.3.1, python-libxml2-python-2.9.7-lp152.10.3.1
Released.
SUSE-SU-2021:14729-1: An update that fixes 9 vulnerabilities is now available. Category: security (important) Bug References: 1159928,1161517,1161521,1176179,1185408,1185409,1185410,1185698 CVE References: CVE-2014-0191,CVE-2019-19956,CVE-2019-20388,CVE-2020-24977,CVE-2020-7595,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): libxml2-2.7.6-0.77.36.1, libxml2-python-2.7.6-0.77.36.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): libxml2-2.7.6-0.77.36.1, libxml2-python-2.7.6-0.77.36.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): libxml2-2.7.6-0.77.36.1, libxml2-python-2.7.6-0.77.36.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): libxml2-2.7.6-0.77.36.1, libxml2-python-2.7.6-0.77.36.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.