{"id":"MGASA-2019-0047","summary":"Updated libxml2 packages fix security vulnerabilities","details":"A flaw was found in libxml2 2.9.8. The xz_decomp function in xzlib.c, if\n--with-lzma is used, allows remote attackers to cause a denial of service\n(infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR,\nas demonstrated by xmllint (CVE-2018-9251, CVE-2018-14567).\n\nA null pointer dereference vulnerability exists in the\nxpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid\nXPath expression. Applications processing untrusted XSL format inputs\nwith the use of libxml2 library may be vulnerable to denial of service\nattack due to crash of the application (CVE-2018-14404).\n\nThe libxml2 package has been updated to version 2.9.9 to fix these\nissues and other bugs.\n\nThe perl-XML-LibXML package has been rebuilt against the updated libxml2.\n","modified":"2026-04-16T06:23:30.519837644Z","published":"2019-01-23T15:50:09Z","upstream":["CVE-2018-14404","CVE-2018-14567","CVE-2018-9251"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0047.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23410"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/G5AFZARX7BUSU24J2MJ4AHX5OE47UXQA/"},{"type":"WEB","url":"https://usn.ubuntu.com/3739-1/"}],"affected":[{"package":{"name":"libxml2","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/libxml2?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.9-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0047.json"}},{"package":{"name":"perl-XML-LibXML","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/perl-XML-LibXML?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.13.200-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0047.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}