Fix CVE-2024-25062 (RHEL-29196)

Resolves: RHEL-29196

libxml2-2.11.6-CVE-2024-25062.patch

@@ -0,0 +1,29 @@
+From 2b0aac140d739905c7848a42efc60bfe783a39b7 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 14 Oct 2023 22:45:54 +0200
+Subject: [PATCH] [CVE-2024-25062] xmlreader: Don't expand XIncludes when
+ backtracking
+
+Fixes a use-after-free if XML Reader if used with DTD validation and
+XInclude expansion.
+
+Fixes #604.
+---
+ xmlreader.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/xmlreader.c b/xmlreader.c
+index 979385a13..fefd68e0b 100644
+--- a/xmlreader.c
++++ b/xmlreader.c
+@@ -1443,6 +1443,7 @@ node_found:
+      * Handle XInclude if asked for
+      */
+     if ((reader->xinclude) && (reader->in_xinclude == 0) &&
++        (reader->state != XML_TEXTREADER_BACKTRACK) &&
+         (reader->node != NULL) &&
+ 	(reader->node->type == XML_ELEMENT_NODE) &&
+ 	(reader->node->ns != NULL) &&
+-- 
+GitLab
+

libxml2.spec

@@ -1,6 +1,6 @@
 Name:           libxml2
 Version:        2.9.13
-Release:        5%{?dist}
+Release:        6%{?dist}
 Summary:        Library providing XML and HTML support
 
 License:        MIT
@@ -22,6 +22,8 @@ Patch6:         libxml2-2.9.13-CVE-2023-28484.2.patch
 Patch7:         libxml2-2.9.13-CVE-2023-29469.patch
 # https://issues.redhat.com/browse/RHEL-5180
 Patch8:         libxml2-2.11.0-fix-CVE-2023-39615.patch
+# https://issues.redhat.com/browse/RHEL-34457
+Patch9:         libxml2-2.11.6-CVE-2024-25062.patch
 
 BuildRequires:  cmake-rpm-macros
 BuildRequires:  gcc
@@ -150,6 +152,9 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz
 %{python3_sitearch}/libxml2mod.so
 
 %changelog
+* Mon Apr 29 2024 David King <amigadave@amigadave.com> - 2.9.13-6
+- Fix CVE-2024-25062 (RHEL-29196)
+
 * Thu Sep 14 2023 David King <amigadave@amigadave.com> - 2.9.13-5
 - Fix CVE-2023-39615 (RHEL-5180)