CLSA-2022-1670518262

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1670518262.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2022-1670518262

Upstream

CVE-2022-40303

CVE-2022-40304

Published

2022-12-08T16:51:02Z

Modified

2026-06-04T09:45:53.179643502Z

Summary

Fix CVE(s): CVE-2022-40303, CVE-2022-40304

Details

SECURITY UPDATE: Integer overflows with XMLPARSEHUGE
- debian/patches/CVE-2022-40303.patch: Impose size limits when XMLPARSEHUGE is set and add length checks to core parser functions
- CVE-2022-40303
SECURITY UPDATE: Dict corruption caused by entity reference cycles
- debian/patches/CVE-2022-40304.patch: Stop storing entity content, orig, ExternalID and SystemID in a dict since these values are unlikely to occur multiple times in a document, so they shouldn't have been stored in a dict in the first place
- CVE-2022-40304

References

https://errata.cloudlinux.com/ubuntu16-els/CLSA-2022-1670518262

Affected packages

TuxCare:Ubuntu:16.04 / libxml2

Package

Name: libxml2
Purl: pkg:deb/tuxcare/libxml2?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.3+dfsg1-1ubuntu0.7+tuxcare.els5

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1670518262.json"

TuxCare:Ubuntu:16.04 / libxml2-dev

Package

Name: libxml2-dev
Purl: pkg:deb/tuxcare/libxml2-dev?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.3+dfsg1-1ubuntu0.7+tuxcare.els5

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1670518262.json"

TuxCare:Ubuntu:16.04 / libxml2-doc

Package

Name: libxml2-doc
Purl: pkg:deb/tuxcare/libxml2-doc?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.3+dfsg1-1ubuntu0.7+tuxcare.els5

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1670518262.json"

TuxCare:Ubuntu:16.04 / libxml2-utils

Package

Name: libxml2-utils
Purl: pkg:deb/tuxcare/libxml2-utils?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.3+dfsg1-1ubuntu0.7+tuxcare.els5

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1670518262.json"

TuxCare:Ubuntu:16.04 / python-libxml2

Package

Name: python-libxml2
Purl: pkg:deb/tuxcare/python-libxml2?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.3+dfsg1-1ubuntu0.7+tuxcare.els5

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2022-1670518262.json"