LibXML2 Update for Slackware Linux
Slackware Linux has released updates to the libxml2 package in response to a critical security issue. This update addresses an integer overflow vulnerability that could potentially allow for out-of-bounds array access, a significant concern for system integrity and security.
Update Details:
- Affected Versions: The new packages are available for both Slackware 15.0 and the -current branch.
- Patch Information: The updated libxml2 package version 2.11.9 for Slackware 15.0 includes a patch that limits the size of 2D arrays to XML_MAX_ITEMS (1e9), thereby preventing the overflow of integer indexes. This fix is crucial for maintaining the stability and security of applications that rely on libxml2 for XML parsing and processing.
Package Availability:
The updated packages can be found at the following links:
- For Slackware 15.0 (i586):
- [libxml2-2.11.9-i586-7_slack15.0.txz](ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libxml2-2.11.9-i586-7_slack15.0.txz)
- For Slackware 15.0 (x86_64):
- [libxml2-2.11.9-x86_64-7_slack15.0.txz](ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libxml2-2.11.9-x86_64-7_slack15.0.txz)
- For Slackware -current (i686):
- [libxml2-2.14.6-i686-1.txz](ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libxml2-2.14.6-i686-1.txz)
- For Slackware -current (x86_64):
- [libxml2-2.14.6-x86_64-1.txz](ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libxml2-2.14.6-x86_64-1.txz)
MD5 Checksums:
To ensure the integrity of the downloaded packages, the following MD5 signatures are provided:
- Slackware 15.0 (i586): `149967f5de1fc280a1739a023b831335`
- Slackware 15.0 (x86_64): `437c8dd2b686028a3422d232ef4db087`
- Slackware -current (i686): `a5528bce437a22a91ab6f52a915af2a2`
- Slackware -current (x86_64): `54e54d8e7d4bc0319503190c582bff55`
Installation Instructions:
To upgrade the package, users should execute the following command as the root user:
This update is crucial for users who rely on libxml2, ensuring that their systems remain secure against potential exploits.
Acknowledgments:
Special thanks to the OSU Open Source Lab for their generous support in providing FTP and rsync hosting for the Slackware project.
For further information and additional resources, users can visit [Slackware's official website](http://slackware.com).
Conclusion:
Maintaining updated packages is essential for the security and stability of any Linux distribution. Slackware users are encouraged to promptly apply this update to mitigate potential risks associated with the identified vulnerability in libxml2
Slackware Linux has released updates to the libxml2 package in response to a critical security issue. This update addresses an integer overflow vulnerability that could potentially allow for out-of-bounds array access, a significant concern for system integrity and security.
Update Details:
- Affected Versions: The new packages are available for both Slackware 15.0 and the -current branch.
- Patch Information: The updated libxml2 package version 2.11.9 for Slackware 15.0 includes a patch that limits the size of 2D arrays to XML_MAX_ITEMS (1e9), thereby preventing the overflow of integer indexes. This fix is crucial for maintaining the stability and security of applications that rely on libxml2 for XML parsing and processing.
Package Availability:
The updated packages can be found at the following links:
- For Slackware 15.0 (i586):
- [libxml2-2.11.9-i586-7_slack15.0.txz](ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libxml2-2.11.9-i586-7_slack15.0.txz)
- For Slackware 15.0 (x86_64):
- [libxml2-2.11.9-x86_64-7_slack15.0.txz](ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libxml2-2.11.9-x86_64-7_slack15.0.txz)
- For Slackware -current (i686):
- [libxml2-2.14.6-i686-1.txz](ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libxml2-2.14.6-i686-1.txz)
- For Slackware -current (x86_64):
- [libxml2-2.14.6-x86_64-1.txz](ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libxml2-2.14.6-x86_64-1.txz)
MD5 Checksums:
To ensure the integrity of the downloaded packages, the following MD5 signatures are provided:
- Slackware 15.0 (i586): `149967f5de1fc280a1739a023b831335`
- Slackware 15.0 (x86_64): `437c8dd2b686028a3422d232ef4db087`
- Slackware -current (i686): `a5528bce437a22a91ab6f52a915af2a2`
- Slackware -current (x86_64): `54e54d8e7d4bc0319503190c582bff55`
Installation Instructions:
To upgrade the package, users should execute the following command as the root user:
bashupgradepkg libxml2-2.11.9-i586-7_slack15.0.txz
This update is crucial for users who rely on libxml2, ensuring that their systems remain secure against potential exploits.
Acknowledgments:
Special thanks to the OSU Open Source Lab for their generous support in providing FTP and rsync hosting for the Slackware project.
For further information and additional resources, users can visit [Slackware's official website](http://slackware.com).
Conclusion:
Maintaining updated packages is essential for the security and stability of any Linux distribution. Slackware users are encouraged to promptly apply this update to mitigate potential risks associated with the identified vulnerability in libxml2
LibXML2 update for Slackware Linux
A security issue has been fixed in libxml2, and new packages are available for Slackware 15.0 and -current to address the issue. The update fixes an integer overflow vulnerability that could lead to out-of-bounds array access.
libxml2 (SSA:2025-251-01)
