{"id":"MGASA-2023-0279","summary":"Updated libxml2 packages fix a security vulnerability","details":"The updated packages fix a security vulnerability:\n\nLibxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability\nallows attackers to cause a Denial of Service (DoS) via supplying a\ncrafted XML file. (CVE-2023-39615).\n","modified":"2026-04-16T00:10:01.072249299Z","published":"2023-09-30T19:15:40Z","upstream":["CVE-2023-39615"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0279.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32304"},{"type":"ADVISORY","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39615"},{"type":"WEB","url":"https://lists.suse.com/pipermail/sle-security-updates/2023-September/016186.html"}],"affected":[{"package":{"name":"libxml2","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/libxml2?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.10-7.8.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0279.json"}},{"package":{"name":"libxml2","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/libxml2?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10.4-1.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0279.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}