Advisory: CLSA-2021:1640700710
OS: Ubuntu 16.04 ELS
Public date: 2021-12-28
Project: libxml2
Version: 2.9.3+dfsg1-1ubuntu0.7+tuxcare.els1
Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2021-1640700710.html
* SECURITY UPDATE: Out-of-bounds array access - debian/patches/CVE-2021-3517.patch: Validate UTF8 in xmlEncodeEntities - CVE-2021-3517 * SECURITY UPDATE: Use-after-free error - debian/patches/CVE-2021-3518.patch: Fix use-after-free with 'xmllint --xinclude --dropdtd' - CVE-2021-3518 * SECURITY UPDATE: Null pointer dereference while parsing in recovery mode - debian/patches/CVE-2021-3537.patch: Propagate error in xmlParseElementChildrenContentDeclPriv - CVE-2021-3537 * SECURITY UPDATE: Parser fix for the billion laugs attach - debian/patches/CVE-2021-3541.patch: Fix parameter entities expansion in xmlParserEntityCheck - CVE-2021-3541 * SECURITY UPDATE: Miscalculation of available bytes when parsing - debian/patches/CVE-2017-8872.patch: Free input buffer in xmlHaltParser - CVE-2017-8872 * SECURITY UPDATE: Memory leak - debian/patches/CVE-2019-20388.patch: Fix memory leak in xmlSchemaValidateStream - CVE-2019-20388 * SECURITY UPDATE: Out-of-bounds array access - debian/patches/CVE-2020-24977.patch: Fix out-of-bounds read with 'xmllint --htmlout' - CVE-2020-24977 * SECURITY UPDATE: Use-after-free error - debian/patches/CVE-2021-3516.patch: Fix use-after-free with 'xmllint --html --push' - CVE-2021-3516
Update command: apt-get update apt-get --only-upgrade install libxml2*
libxml2_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els1_amd64.deb libxml2-dev_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els1_amd64.deb libxml2-doc_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els1_all.deb libxml2-utils_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els1_amd64.deb python-libxml2_2.9.3+dfsg1-1ubuntu0.7+tuxcare.els1_amd64.deb