Lucene search
UbuntuUSN-5760-2HistoryDec 05, 2022 - 12:00 a.m.
libxml2 vulnerabilities
2022-12-0500:00:00
ubuntu.com
31
ubuntu 16.04 esm
ubuntu 14.04 esm
libxml2
gnome xml library
vulnerabilities
xml files
sensitive information
crash
execute arbitrary code
cve-2022-40303
cve-2022-40304
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
75.8%
Releases
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Packages
- libxml2 - GNOME XML library
Details
USN-5760-1 fixed vulnerabilities in libxml2. This update provides the
corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to expose sensitive information
or cause a crash. (CVE-2022-40303)
It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2022-40304)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 16.04 | noarch | libxml2 | < 2.9.3+dfsg1-1ubuntu0.7+esm4 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libxml2 | < 2.9.3+dfsg1-1ubuntu0.7 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libxml2-dbg | < 2.9.3+dfsg1-1ubuntu0.7 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libxml2-dbgsym | < 2.9.3+dfsg1-1ubuntu0.7 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libxml2-dev | < 2.9.3+dfsg1-1ubuntu0.7 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libxml2-dev-dbgsym | < 2.9.3+dfsg1-1ubuntu0.7 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libxml2-doc | < 2.9.3+dfsg1-1ubuntu0.7 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libxml2-udeb | < 2.9.3+dfsg1-1ubuntu0.7 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libxml2-udeb-dbgsym | < 2.9.3+dfsg1-1ubuntu0.7 | UNKNOWN |
| Ubuntu | 16.04 | noarch | libxml2-utils | < 2.9.3+dfsg1-1ubuntu0.7 | UNKNOWN |
Related
debian
debian
[SECURITY] [DLA 3172-1] libxml2 security update
2022-10-30 15:57:58
[SECURITY] [DSA 5271-1] libxml2 security update
2022-11-05 19:46:29
nessus
nessus
EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2023-1041)
2023-01-05 00:00:00
RHEL 9 : libxml2 (RHSA-2023:0338)
2023-01-23 00:00:00
Oracle Linux 9 : libxml2 (ELSA-2023-0338)
2023-01-24 00:00:00
aix
aix
AIX is vulnerable to arbitrary code execution due to libxml2
2023-02-08 13:18:47
ibm
ibm
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Gnome ibxml2 arbitrary code execution vulnerabilities( CVE-2022-40304, CVE-2022-40303)
2023-07-06 17:15:52
osv
osv
Moderate: libxml2 security update
2023-01-23 00:00:00
Moderate: libxml2 security update
2023-01-16 00:00:00
Moderate: libxml2 security update
2023-01-16 09:03:23
openvas
openvas
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1365)
2023-02-10 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1510)
2023-03-09 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1016)
2023-01-09 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: libxml2-2.10.3-1.fc36
2022-10-25 13:13:35
[SECURITY] Fedora 37 Update: libxml2-2.10.3-2.fc37
2022-11-13 01:14:11
[SECURITY] Fedora 36 Update: xmlsec1-1.2.33-3.fc36
2022-10-25 13:13:36
apple
apple
About the security content of iOS 16.1.1 and iPadOS 16.1.1
2022-11-09 00:00:00
About the security content of macOS Ventura 13.0.1
2022-11-09 00:00:00
About the security content of macOS Big Sur 11.7.2
2022-12-13 00:00:00
amazon
amazon
Medium: libxml2
2023-03-17 16:34:00
Medium: libxml2
2023-04-27 16:19:00
almalinux
almalinux
Moderate: libxml2 security update
2023-01-23 00:00:00
Moderate: libxml2 security update
2023-01-16 00:00:00
suse
suse
Security update for libxml2 (important)
2022-10-21 00:00:00
Security update for libxml2 (important)
2022-11-04 00:00:00
redos
redos
ROS-20221110-01
2022-11-10 00:00:00
hivepro
hivepro
Apple addresses the macOS code execution flaws
2022-11-11 13:49:02
cloudlinux
cloudlinux
libxml2: Fix of 2 CVEs
2022-12-08 17:47:57
rocky
rocky
libxml2 security update
2023-01-16 09:03:23
libxml2 security update
2023-01-23 14:30:36
gentoo
gentoo
libxml2: Multiple Vulnerabilities
2022-10-31 00:00:00
mageia
mageia
Updated libxml2 packages fix security vulnerability
2022-11-08 22:44:28
redhat
redhat
(RHSA-2023:0173) Moderate: libxml2 security update
2023-01-16 09:03:23
(RHSA-2023:0338) Moderate: libxml2 security update
2023-01-23 14:30:36
(RHSA-2024:0413) Moderate: libxml2 security update
2024-01-24 14:40:23
oraclelinux
oraclelinux
libxml2 security update
2023-01-16 00:00:00
libxml2 security update
2023-01-24 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package libxml2 version 1:2.9.10-alt6.p9.1
2023-02-13 00:00:00
github
github
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
2022-10-18 18:12:31
cloudfoundry
cloudfoundry
USN-5760-1: libxml2 vulnerabilities | Cloud Foundry
2023-01-26 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0546
2022-12-05 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0499
2022-12-06 00:00:00
Important Photon OS Security Update - PHSA-2022-0293
2022-12-06 00:00:00
ubuntu
ubuntu
libxml2 vulnerabilities
2022-12-05 00:00:00
slackware
slackware
[slackware-security] libxml2
2023-12-10 01:15:09
alpinelinux
alpinelinux
CVE-2022-40304
2022-11-23 18:15:12
CVE-2022-40303
2022-11-23 00:15:11
ubuntucve
ubuntucve
CVE-2022-40303
2022-11-23 00:00:00
CVE-2022-40304
2022-11-23 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-10-19 02:12:32
Double Free
2022-10-19 02:10:03
cbl_mariner
cbl_mariner
CVE-2022-40304 affecting package libxml2 for versions less than 2.10.3-1
2022-12-09 00:19:55
CVE-2022-40304 affecting package libxml2 2.9.14-2
2022-12-06 23:44:35
CVE-2022-40303 affecting package libxml2 2.9.14-2
2022-12-06 23:44:35
cve
cve
CVE-2022-40303
2022-11-23 00:15:11
CVE-2022-40304
2022-11-23 18:15:12
debiancve
debiancve
CVE-2022-40304
2022-11-23 18:15:12
CVE-2022-40303
2022-11-23 00:15:11
redhatcve
redhatcve
CVE-2022-40304
2022-10-19 20:47:20
CVE-2022-40303
2022-10-19 19:17:28
f5
f5
K000139594: libxml2 vulnerability CVE-2022-40304
2024-05-15 00:00:00
K000139917: Libxml2 vulnerability CVE-2022-40303
2024-06-05 00:00:00
prion
prion
Integer overflow
2022-11-23 00:15:00
Double free
2022-11-23 18:15:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2356
2024-02-20 10:05:34
nvd
nvd
CVE-2022-40304
2022-11-23 18:15:12
CVE-2022-40303
2022-11-23 00:15:11
cvelist
cvelist
CVE-2022-40304
2022-11-23 00:00:00
CVE-2022-40303
2022-11-22 00:00:00
trellix
trellix
The Bug Report – November 2022 Edition
2022-12-07 00:00:00
The Bug Report – November 2022 Edition
2022-12-07 00:00:00
packetstorm
packetstorm
libxml2 xmlParseNameComplex Integer Overflow
2022-11-14 00:00:00
zdt
zdt
libxml2 xmlParseNameComplex Integer Overflow Vulnerability
2022-11-16 00:00:00
ics
ics
Siemens SIMATIC and SIPLUS
2024-06-13 12:00:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
75.8%
Related for USN-5760-2