Security vulnerabilities

PATCH

安全漏洞

openKylin 安全漏洞补丁公告。

PATCH

Security vulnerability patch.

PATCH

安全漏洞

openKylin 安全漏洞補丁公告。

Bulletin ID ( OKSA-202301-0003 )

2023-01-16 17:58:54
Description :The libxml2 component has a heap-use-after-free defect
Security Level :Critical
Affected versions :openKylin-0.7, openKylin0.7.5, openKylin0.9
Affected components :libxml2 <= 2.9.10+dfsg-ok1
Status :fixed

详细介绍

Detailed introduction

詳細介紹

1. Fixed security vulnerabilities

CVE-2021-3516

Description: libxml2 is an open source function library for parsing XML documents. It is written in C language and can be called by many languages, such as C language, C++, XSH. The xmllint tool of the libxml2 component has a heap-use-after-free flaw, which affects the confidentiality and integrity of the system.


2. Affected software packages

libxml2 <= 2.9.10+dfsg-ok1


3. Software package repair version

libxml2 >= 2.9.10+dfsg-ok2


4. Repair method

Method 1: Configure the openKylin software source (mirroring the source configured by default)

deb http://archive.build.openkylin.top/openkylin/ yangtze main cross pty

deb http://archive.build.openkylin.top/openkylin/ yangtze-security main cross pty

deb http://archive.build.openkylin.top/openkylin/ yangtze-updates main cross pty

After the configuration is complete, execute the command to update the software package:

sudo apt update

sudo apt install libxml2

Method 2: Download the software package from the software package download address and install it

sudo dpkg -i libxml2_2.9.10+dfsg-ok2_amd64.deb


5. Software package download address

https://translate.google.com/website?sl=zh-CN&tl=en&hl=zh-CN&client=webapp&u=http://archive.build.openkylin.top/openkylin/pool/main/libx/libxml2/libxml2_2.9.10%2Bdfsg-ok2_amd64.deb


6. Repair verification

Use the software package query command to check whether the version of the relevant software package is consistent with the repaired version. If the versions are the same, the repair is successful.

dpkg -l libxml2