Bugzilla – Bug 1224282
VUL-0: CVE-2024-34459: libxml2: libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c
Last modified: 2024-07-08 12:30:08 UTC
+++ This bug was initially created as a clone of Bug #1224281 +++ An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-34459 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8 https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://jira.suse.com/browse/CAR-3459
Working on this one. As soon as I finish it we can close also #1224281 and #1224283.
All codestreams are fixed. Waiting for the updates to popup to send it back to security..
*** Bug 1224283 has been marked as a duplicate of this bug. ***
SUSE-SU-2024:2267-1: An update that solves one vulnerability can now be installed. Category: security (low) Bug References: 1224282 CVE References: CVE-2024-34459 Maintenance Incident: [SUSE:Maintenance:34539](https://smelt.suse.de/incident/34539/) Sources used: openSUSE Leap 15.5 (src): python-libxml2-python-2.9.7-150000.3.70.1 openSUSE Leap 15.6 (src): python-libxml2-python-2.9.7-150000.3.70.1 SUSE Linux Enterprise Micro 5.1 (src): libxml2-2.9.7-150000.3.70.1 SUSE Linux Enterprise Micro 5.2 (src): libxml2-2.9.7-150000.3.70.1, python-libxml2-python-2.9.7-150000.3.70.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): libxml2-2.9.7-150000.3.70.1, python-libxml2-python-2.9.7-150000.3.70.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2279-1: An update that solves one vulnerability can now be installed. Category: security (low) Bug References: 1224282 CVE References: CVE-2024-34459 Maintenance Incident: [SUSE:Maintenance:34535](https://smelt.suse.de/incident/34535/) Sources used: openSUSE Leap 15.4 (src): libxml2-python-2.9.14-150400.5.32.1, libxml2-2.9.14-150400.5.32.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): libxml2-python-2.9.14-150400.5.32.1, libxml2-2.9.14-150400.5.32.1 SUSE Linux Enterprise Micro 5.3 (src): libxml2-python-2.9.14-150400.5.32.1, libxml2-2.9.14-150400.5.32.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): libxml2-python-2.9.14-150400.5.32.1, libxml2-2.9.14-150400.5.32.1 SUSE Linux Enterprise Micro 5.4 (src): libxml2-python-2.9.14-150400.5.32.1, libxml2-2.9.14-150400.5.32.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2288-1: An update that solves one vulnerability can now be installed. Category: security (low) Bug References: 1224282 CVE References: CVE-2024-34459 Maintenance Incident: [SUSE:Maintenance:34538](https://smelt.suse.de/incident/34538/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): libxml2-2.9.4-46.75.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): libxml2-2.9.4-46.75.1, python-libxml2-2.9.4-46.75.1 SUSE Linux Enterprise Server 12 SP5 (src): libxml2-2.9.4-46.75.1, python-libxml2-2.9.4-46.75.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): libxml2-2.9.4-46.75.1, python-libxml2-2.9.4-46.75.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2290-1: An update that solves one vulnerability can now be installed. Category: security (low) Bug References: 1224282 CVE References: CVE-2024-34459 Maintenance Incident: [SUSE:Maintenance:34533](https://smelt.suse.de/incident/34533/) Sources used: openSUSE Leap 15.5 (src): libxml2-2.10.3-150500.5.17.1, libxml2-python-2.10.3-150500.5.17.1 openSUSE Leap 15.6 (src): libxml2-2.10.3-150500.5.17.1, libxml2-python-2.10.3-150500.5.17.1 SUSE Linux Enterprise Micro 5.5 (src): libxml2-2.10.3-150500.5.17.1, libxml2-python-2.10.3-150500.5.17.1 Basesystem Module 15-SP5 (src): libxml2-2.10.3-150500.5.17.1, libxml2-python-2.10.3-150500.5.17.1 Basesystem Module 15-SP6 (src): libxml2-2.10.3-150500.5.17.1, libxml2-python-2.10.3-150500.5.17.1 Python 3 Module 15-SP5 (src): libxml2-python-2.10.3-150500.5.17.1 Python 3 Module 15-SP6 (src): libxml2-python-2.10.3-150500.5.17.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.