1224283 – VUL-0: CVE-2024-34459: python-libxml2: libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c

Bug 1224283 - VUL-0: CVE-2024-34459: python-libxml2: libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c

Summary: VUL-0: CVE-2024-34459: python-libxml2: libxml2: buffer over-read in xmlHTMLPr...

Status:	RESOLVED DUPLICATE of bug 1224282

Alias:	None

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Minor
Target Milestone:	---
Assignee:	David Anes
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/405285/
Whiteboard:
Keywords:

Depends on:
Blocks:	CVE-2024-34459
	Show dependency tree / graph

Clone This Bug

Reported:	2024-05-15 11:05 UTC by Camila Camargo de Matos
Modified:	2024-07-01 14:59 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Camila Camargo de Matos 2024-05-15 11:05:00 UTC

+++ This bug was initially created as a clone of Bug #1224281 +++

An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-34459
https://www.cve.org/CVERecord?id=CVE-2024-34459
https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7
https://bugzilla.redhat.com/show_bug.cgi?id=2280532
https://jira.suse.com/browse/CAR-3459

Comment 4 David Anes 2024-07-01 12:03:27 UTC

Should be fixed everywhere, waiting for the updates to popup...

Comment 5 David Anes 2024-07-01 12:04:52 UTC

Fixed via bsc#1224282 

Can we mark this as a duplicate of that one, Camila? They are effectively the same package.

Comment 6 Camila Camargo de Matos 2024-07-01 14:59:38 UTC

(In reply to David Anes from comment #5)
> Fixed via bsc#1224282 
> 
> Can we mark this as a duplicate of that one, Camila? They are effectively
> the same package.

Yes. I will mark this as a duplicate. Thanks!

*** This bug has been marked as a duplicate of bug 1224282 ***