diff --git a/SOURCES/libxml2-2.9.13-CVE-2022-49043.patch b/SOURCES/libxml2-2.9.13-CVE-2022-49043.patch new file mode 100644 index 0000000..e39b0eb --- /dev/null +++ b/SOURCES/libxml2-2.9.13-CVE-2022-49043.patch @@ -0,0 +1,34 @@ +From 6bb146a3ea24a9bacfad6fe67268f0404af37d9c Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Wed, 2 Nov 2022 16:13:27 +0100 +Subject: [PATCH] malloc-fail: Fix use-after-free in xmlXIncludeAddNode + +Found with libFuzzer, see #344. +--- + xinclude.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/xinclude.c b/xinclude.c +index 2a0614d7..e32b3419 100644 +--- a/xinclude.c ++++ b/xinclude.c +@@ -614,14 +614,15 @@ xmlXIncludeAddNode(xmlXIncludeCtxtPtr ctxt, xmlNodePtr cur) { + } + URL = xmlSaveUri(uri); + xmlFreeURI(uri); +- xmlFree(URI); + if (URL == NULL) { + xmlXIncludeErr(ctxt, cur, XML_XINCLUDE_HREF_URI, + "invalid value URI %s\n", URI); + if (fragment != NULL) + xmlFree(fragment); ++ xmlFree(URI); + return(-1); + } ++ xmlFree(URI); + + /* + * If local and xml then we need a fragment +-- +2.48.1 + diff --git a/SPECS/libxml2.spec b/SPECS/libxml2.spec index 60da690..8a0640a 100644 --- a/SPECS/libxml2.spec +++ b/SPECS/libxml2.spec @@ -1,6 +1,6 @@ Name: libxml2 Version: 2.9.13 -Release: 6%{?dist} +Release: 6%{?dist}.1 Summary: Library providing XML and HTML support License: MIT @@ -24,6 +24,8 @@ Patch7: libxml2-2.9.13-CVE-2023-29469.patch Patch8: libxml2-2.11.0-fix-CVE-2023-39615.patch # https://issues.redhat.com/browse/RHEL-34457 Patch9: libxml2-2.11.6-CVE-2024-25062.patch +# https://issues.redhat.com/browse/RHEL-76294 +Patch10: libxml2-2.9.13-CVE-2022-49043.patch BuildRequires: cmake-rpm-macros BuildRequires: gcc @@ -152,6 +154,9 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %{python3_sitearch}/libxml2mod.so %changelog +* Tue Feb 11 2025 David King - 2.9.13-6.1 +- Fix CVE-2022-49043 (RHEL-76294) + * Mon Apr 29 2024 David King - 2.9.13-6 - Fix CVE-2024-25062 (RHEL-29196)