MGASA-2019-0047

Advisory lineage Upstream: 3 Downstream: 0
Published: 23 Jan 2019, 15:50
Last modified:16 Apr 2026, 06:23

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

23 Jan 2019, 15:50
Published
Vulnerability first disclosed
16 Apr 2026, 06:23
Last Modified
Vulnerability information updated

Description

Updated libxml2 packages fix security vulnerabilities A flaw was found in libxml2 2.9.8. The xz_decomp function in xzlib.c, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (CVE-2018-9251, CVE-2018-14567). A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application (CVE-2018-14404). The libxml2 package has been updated to version 2.9.9 to fix these issues and other bugs. The perl-XML-LibXML package has been rebuilt against the updated libxml2.

Affected Systems

  • mageialibxml2

    < 2.9.9-1.mga6

  • mageiaperl-XML-LibXML

    < 2.13.200-1.1.mga6

References (4)