[CLSA-2026:1783006034] Fix CVE(s): CVE-2026-11979
Type:
security
Severity:
Important
Release date:
2026-07-02 15:27:30 UTC
Description:
* SECURITY UPDATE: stack-based buffer overflows in the xmlcatalog utility interactive --shell mode - debian/patches/CVE-2026-11979.patch: Add bounds checks in usershell() in xmlcatalog.c so the command, arg and argv fixed-size stack buffers are not overflowed by an overly long --shell input line - CVE-2026-11979
CVEs fixed:
Updated packages:
  • libxml2_2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els8_amd64.deb
    sha:4232b925ed9700f58526b61b6d5efef3b2d776ab
  • libxml2-dev_2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els8_amd64.deb
    sha:aa1de8f62992e7a83c481613c6f2b57e54e20f0a
  • libxml2-doc_2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els8_all.deb
    sha:1c082df01ec620ec619adfbf945647eacc40e40a
  • libxml2-utils_2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els8_amd64.deb
    sha:060c9d028d18e0123a36e553f741e1f021f3c41b
  • python-libxml2_2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els8_amd64.deb
    sha:e88a9be879830588bd9de793391433747d1fffae
  • python3-libxml2_2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els8_amd64.deb
    sha:8c02e92eca31bd08b6ce48ece1b7f67e625c2264
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.