Important CentOS libxml2 Security Update

Metadata

high
unknown
libxml2-2.7.6-21.el6_8.1.i686.rpm, libxml2-2.7.6-21.el6_8.1.src.rpm, libxml2-2.7.6-21.el6_8.1.x86_64.rpm, libxml2-2.9.1-6.el7_2.3.i686.rpm, libxml2-2.9.1-6.el7_2.3.src.rpm, libxml2-2.9.1-6.el7_2.3.x86_64.rpm, libxml2-devel-2.7.6-21.el6_8.1.i686.rpm, libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm, libxml2-devel-2.9.1-6.el7_2.3.i686.rpm, libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm, libxml2-python-2.7.6-21.el6_8.1.i686.rpm, libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm, libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm, libxml2-static-2.7.6-21.el6_8.1.i686.rpm, libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm, libxml2-static-2.9.1-6.el7_2.3.i686.rpm, libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
rhn.redhat.com, lists.centos.org, lists.centos.org
2016-06-23
2018-01-18 11:12
2017-07-27 19:11
2017-04-01 19:09
2017-01-05 20:14

Description


An update for libxml2 is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

[Updated 18 July 2016]
This advisory has been updated to push packages into the Red Hat Enterprise Linux 6 Desktop channels. The packages included in this revised update have not been changed in any way from the packages included in the original advisory.

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2016-1834, CVE-2016-1840)

Multiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash.
(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 libxml2 libxml2-2.7.6-21.el6_8.1.src.rpm
libxml2 libxml2-2.7.6-21.el6_8.1.x86_64.rpm
libxml2 libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python libxml2-python-2.7.6-21.el6_8.1.i686.rpm
libxml2-static libxml2-static-2.7.6-21.el6_8.1.i686.rpm
libxml2-static libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
7 libxml2 libxml2-2.9.1-6.el7_2.3.src.rpm
libxml2 libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2 libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm