摘要:
tinyxml security update
安全等级: High
公告ID: KylinSec-SA-2024-4944
发布日期: 2025年2月25日
关联CVE: CVE-2023-34194
TinyXML parses an XML document, and builds from that a Document Object Model (DOM) that can be read, modified, and saved. XML is a very structured and convenient format. All those random file formats created to store application data can all be replaced with XML. One parser for everything.
Security Fix(es):
StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.(CVE-2023-34194)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2023-34194 | KY3.5.2 | tinyxml | Fixed |
| CVE-2023-34194 | KY3.5.3 | tinyxml | Fixed |
| CVE-2023-34194 | V6 | tinyxml | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| tinyxml | x86_64 | 2.6.2-24.ks6 |
| tinyxml-devel | x86_64 | 2.6.2-24.ks6 |
| tinyxml | aarch64 | 2.6.2-24.ks6 |
| tinyxml-devel | aarch64 | 2.6.2-24.ks6 |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| tinyxml | x86_64 | 2.6.2-24.ky3_5 |
| tinyxml-devel | x86_64 | 2.6.2-24.ky3_5 |
| tinyxml | aarch64 | 2.6.2-24.ky3_5 |
| tinyxml-devel | aarch64 | 2.6.2-24.ky3_5 |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| tinyxml | x86_64 | 2.6.2-24.ky3_5 |
| tinyxml-devel | x86_64 | 2.6.2-24.ky3_5 |
| tinyxml | aarch64 | 2.6.2-24.ky3_5 |
| tinyxml-devel | aarch64 | 2.6.2-24.ky3_5 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
