Advisory: CLSA-2022:1641903536
OS: CentOS 6 ELS
Public date: 2021-12-28 00:00:00
Project: libxml2
Version: 2.7.6-21.el6_8.1.tuxcare.els1
Errata link: https://errata.cloudlinux.com/els6/CLSA-2021-1640697315.html
- CVE-2021-3517.patch: validate UTF8 in xmlEncodeEntities - CVE-2021-3518.patch: fix user-after-free with 'xmllint --xinclude --dropdtd' - CVE-2021-3537.patch: propagate error in xmlParseElementChildrenContentDeclPriv - CVE-2021-3541.patch: parser fix for the billion laughs attack - CVE-2021-3516.patch: fix use-after-free with 'xmllint --html --push' - CVE-2017-8872.patch: free input buffer in xmlHaltParser - CVE-2019-20388.patch: fix memory leak in xmlSchemaValidateStream - CVE-2020-24977.patch: fix out-of-bounds read with 'xmllint --htmlout'
Update command: yum update libxml2*
libxml2-2.7.6-21.el6_8.1.tuxcare.els1.x86_64.rpm libxml2-devel-2.7.6-21.el6_8.1.tuxcare.els1.i686.rpm libxml2-2.7.6-21.el6_8.1.tuxcare.els1.i686.rpm libxml2-python-2.7.6-21.el6_8.1.tuxcare.els1.x86_64.rpm libxml2-static-2.7.6-21.el6_8.1.tuxcare.els1.x86_64.rpm libxml2-devel-2.7.6-21.el6_8.1.tuxcare.els1.x86_64.rpm