Security vulnerabilities



openKylin 安全漏洞补丁公告。


Security vulnerability patch.



openKylin 安全漏洞補丁公告。

Bulletin ID ( OKSA-202301-0004 )

2023-01-16 17:58:54
Description :The libxml2 component has a heap-buffer-overflow defect
Security Level :Critical
Affected versions :openKylin-0.7, openKylin-0.7.5, openKylin-0.9
Affected components :libxml2 <= 2.9.10+dfsg-ok1
Status :fixed


Detailed introduction


1. Fixed security vulnerabilities


Description: libxml2 is an open source function library for parsing XML documents. It is written in C language and can be called by many languages, such as C language, C++, XSH. The xml entity encoding function of the libxml2 component has a heap-buffer-overflow defect, which affects the confidentiality and integrity of the system.

2. Affected software packages

libxml2 <= 2.9.10+dfsg-ok1

3. Software package repair version

libxml2 >= 2.9.10+dfsg-ok2

4. Repair method

Method 1: Configure the openKylin software source (mirroring the source configured by default)

deb yangtze main cross pty

deb yangtze-security main cross pty

deb yangtze-updates main cross pty

After the configuration is complete, execute the command to update the software package:

sudo apt update

sudo apt install libxml2

Method 2: Download the software package from the software package download address and install it

sudo dpkg -i libxml2_2.9.10+dfsg-ok2_amd64.deb

5. Software package download address

6. Repair verification

Use the software package query command to check whether the version of the relevant software package is consistent with the repaired version. If the versions are the same, the repair is successful.

dpkg -l libxml2