Important CentOS libxml2 Security Update

Metadata

critical
10.0
libxml2-2.7.6-21.el6_8.1.i686.rpm, libxml2-2.7.6-21.el6_8.1.src.rpm, libxml2-2.7.6-21.el6_8.1.x86_64.rpm, libxml2-2.9.1-6.el7_2.3.i686.rpm, libxml2-2.9.1-6.el7_2.3.src.rpm, libxml2-2.9.1-6.el7_2.3.x86_64.rpm, libxml2-devel-2.7.6-21.el6_8.1.i686.rpm, libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm, libxml2-devel-2.9.1-6.el7_2.3.i686.rpm, libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm, libxml2-python-2.7.6-21.el6_8.1.i686.rpm, libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm, libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm, libxml2-static-2.7.6-21.el6_8.1.i686.rpm, libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm, libxml2-static-2.9.1-6.el7_2.3.i686.rpm, libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449
rhn.redhat.com, lists.centos.org, lists.centos.org
2016-06-23
2017-07-27 19:11
ALAS-2016-719
CVE-2016-4449 libxml2
CVE-2016-4448 libxml2
CVE-2016-1837 libxml2
CVE-2016-1839 libxml2
CVE-2016-3627 libxml2
CVE-2016-1833 libxml2
CVE-2016-1836 libxml2
CVE-2016-1834 libxml2
CVE-2016-1838 libxml2
CVE-2016-1835 libxml2
CVE-2016-4447 libxml2
CVE-2016-1840 libxml2
CVE-2016-3705 libxml2
CVE-2016-1762 libxml2
Denial of service or RCE from libxml2 and libxslt
CVE-2016-1838
CVE-2016-3627
CVE-2016-1762
CVE-2016-4447
CVE-2016-1833
CVE-2016-4449
CVE-2016-1835
CVE-2016-1839
CVE-2016-1840
CVE-2016-1834
CVE-2016-4448
CVE-2016-3705
CVE-2016-1837
CVE-2016-1836
2017-04-01 19:09
2017-01-05 20:14

Description


An update for libxml2 is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

[Updated 18 July 2016]
This advisory has been updated to push packages into the Red Hat Enterprise Linux 6 Desktop channels. The packages included in this revised update have not been changed in any way from the packages included in the original advisory.

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2016-1834, CVE-2016-1840)

Multiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash.
(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 libxml2 libxml2-2.7.6-21.el6_8.1.src.rpm
libxml2 libxml2-2.7.6-21.el6_8.1.x86_64.rpm
libxml2 libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python libxml2-python-2.7.6-21.el6_8.1.i686.rpm
libxml2-static libxml2-static-2.7.6-21.el6_8.1.i686.rpm
libxml2-static libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
7 libxml2 libxml2-2.9.1-6.el7_2.3.src.rpm
libxml2 libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2 libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm