Release Info

Advisory: CLSA-2021:1640700669

OS: Oracle Linux 6 ELS

Public date: 2021-12-28 00:00:00

Project: libxml2

Version: 2.7.6-21.0.1.el6_8.1.tuxcare.ol.els1

Errata link: https://errata.cloudlinux.com/ol6/CLSA-2021-1640700669.html

Changelog

- CVE-2021-3517.patch: validate UTF8 in xmlEncodeEntities - CVE-2021-3518.patch: fix user-after-free with 'xmllint --xinclude --dropdtd' - CVE-2021-3537.patch: propagate error in xmlParseElementChildrenContentDeclPriv - CVE-2021-3541.patch: parser fix for the billion laughs attack - CVE-2021-3516.patch: fix use-after-free with 'xmllint --html --push' - CVE-2017-8872.patch: free input buffer in xmlHaltParser - CVE-2019-20388.patch: fix memory leak in xmlSchemaValidateStream - CVE-2020-24977.patch: fix out-of-bounds read with 'xmllint --htmlout'

Update

Update command: yum update libxml2*

Packages list

libxml2-python-2.7.6-21.0.1.el6_8.1.tuxcare.ol.els1.x86_64.rpm libxml2-devel-2.7.6-21.0.1.el6_8.1.tuxcare.ol.els1.x86_64.rpm libxml2-static-2.7.6-21.0.1.el6_8.1.tuxcare.ol.els1.x86_64.rpm libxml2-2.7.6-21.0.1.el6_8.1.tuxcare.ol.els1.x86_64.rpm libxml2-2.7.6-21.0.1.el6_8.1.tuxcare.ol.els1.i686.rpm libxml2-devel-2.7.6-21.0.1.el6_8.1.tuxcare.ol.els1.i686.rpm

CVEs

CVE-2021-3537
CVE-2021-3541
CVE-2021-3518
CVE-2021-3516
CVE-2021-3517
CVE-2020-24977
CVE-2017-8872
CVE-2019-20388