libxml2: Vulnerability permits a denial of service

Federal workplace for Security on Information Technology (BSI) issued an replace on May 22, 2024 for the libxml2 safety vulnerability identified on February 4, 2024. The safety vulnerability impacts Linux, UNIX and Windows working methods and merchandise IBM VIOS, IBM AIX, Red Hat Enterprise Linux, Ubuntu Linux, SUSE Linux, Oracle Linux, Gentoo Linux, EMC Avamar, Open Source libxml2 and Dell NetWorker.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: Red Hat Security Advisory RHSA-2024:3303 (From 23 May 2024). Some helpful assets are listed later on this article.

Security advisory for libxml2 – Risk: average

Risk stage: 3 (average)
CVSS Base Score: 7.5
CVSS provisional rating: 6.5
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of safety vulnerabilities in pc methods. The CVSS normal makes it doable to check potential or precise safety dangers based mostly on numerous metrics to create a precedence checklist for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For non permanent impact, body situations that will change over time are thought of within the take a look at. The severity of the vulnerability mentioned right here is assessed as “average” in keeping with the CVSS with a base rating of seven.5.

libxml2 Bug: A vulnerability permits a denial of service

libxml is a C parser and toolkit developed for the Gnome venture.

A distant, unknown attacker may exploit a vulnerability in libxml2 to launch a denial of service assault.

Vulnerabilities are recognized by a CVE (Common Vulnerabilities and Exposures) serial quantity. CVE-2024-25062 on the market.

Systems affected by the libxml2 vulnerability at a look

Operating methods
Linux, UNIX, Windows

Products
IBM VIOS 3.1 (cpe:/a:ibm:vios)
IBM AIX 7.3 (cpe:/o:ibm:aix)
IBM VIOS 4.1 (cpe:/a:ibm:vios)
IBM AIX 7.2 (cpe:/o:ibm:aix)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
Gentoo Linux (cpe:/o:gentoo:linux)
EMC Avamar (cpe:/a:emc:avamar)
Open supply libxml2 Open supply libxml2 Dell NetWorker digital (cpe:/a:dell:networker)

General suggestions for coping with IT vulnerabilities

1. Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by creating a patch or workaround. If safety patches can be found, set up them instantly.
2. For info, see the sources listed within the subsequent part. This usually comprises extra details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
3. If you’ve any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to commonly verify the desired sources to see if a brand new safety replace is offered.

Manufacturer details about updates, patches and workarounds

Here you will see some hyperlinks with details about bug reviews, safety fixes and workarounds.

Red Hat Security Advisory RHSA-2024:3303 vom 2024-05-23 (22.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:3299 vom 2024-05-22 (22.05.2024)
For extra info, see:

IBM Security Bulletin 7150641 vom 2024-05-09 (09.05.2024)
For extra info, see:

Dell Security Advisory DSA-2024-198 vom 2024-05-08 (07.05.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-2679 vom 2024-05-07 (07.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2679 vom 2024-05-02 (02.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1317 vom 2024-03-18 (18.03.2024)
For extra info, see:

Ubuntu Security Notice USN-6658-2 vom 2024-03-11 (11.03.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0613-1 vom 2024-02-26 (26.02.2024)
For extra info, see:

Ubuntu Security Notice USN-6658-1 vom 2024-02-26 (26.02.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0555-1 vom 2024-02-20 (20.02.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0556-1 vom 2024-02-20 (20.02.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0461-1 vom 2024-02-13 (13.02.2024)
For extra info, see:

Gentoo Linux Security Advisory GLSA-202402-11 vom 2024-02-09 (08.02.2024)
For extra info, see:

GitLab Gnome vom 2024-02-04 (04.02.2024)
For extra info, see:

Red Hat bug tracker as of 2024-02-04 (04.02.2024)
For extra info, see:

Version historical past of this safety alert

This is model 12 of this IT safety discover for libxml2. This doc will likely be up to date as extra updates are introduced. You can examine modifications or additions on this model historical past.

02/04/2024 – First model
02/08/2024 – New updates from Gentoo added
02/13/2024 – New updates from SUSE added
02/20/2024 – New updates from SUSE added
02/26/2024 – New updates from Ubuntu and SUSE added
03/11/2024 – Added new character updates
03/18/2024 – New updates from Red Hat have been added
03/27/2024 – New updates from RedHat
May 2, 2024 – New updates from Red Hat added
May 7, 2024 – Added new updates from Oracle Linux and Dell
May 9, 2024 – New updates from IBM and IBM-APAR added
05/22/2024 – New updates from Red Hat have been added

+++ Editorial notice: This doc relies on present BSI information and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you will see scorching information, present movies and a direct line to the editorial workforce.

kns/roj/information.de