[CLSA-2021:1640697686] Fix of CVE: CVE-2021-3517, CVE-2017-8872, CVE-2019-20388, CVE-2021-3537, CVE-2021-3541, CVE-2021-3516, CVE-2020-24977, CVE-2021-3518
Type:
security
Severity:
moderate
Release date:
2021-12-28
Description:
- CVE-2021-3517.patch: validate UTF8 in xmlEncodeEntities - CVE-2021-3518.patch: fix user-after-free with 'xmllint --xinclude --dropdtd' - CVE-2021-3537.patch: propagate error in xmlParseElementChildrenContentDeclPriv - CVE-2021-3541.patch: parser fix for the billion laughs attack - CVE-2021-3516.patch: fix use-after-free with 'xmllint --html --push' - CVE-2017-8872.patch: free input buffer in xmlHaltParser - CVE-2019-20388.patch: fix memory leak in xmlSchemaValidateStream - CVE-2020-24977.patch: fix out-of-bounds read with 'xmllint --htmlout'
Updated packages:
  • libxml2-2.7.6-21.el6_8.1.tuxcare.els1.x86_64.rpm
    sha:6e4bf025db71b163889f0790462442a95ef85abf
  • libxml2-static-2.7.6-21.el6_8.1.tuxcare.els1.x86_64.rpm
    sha:a5905f45f0fcacd4aea6dcb28d9358797f5acee8
  • libxml2-devel-2.7.6-21.el6_8.1.tuxcare.els1.x86_64.rpm
    sha:2f99034b776c25e74fc9a73d08dfe6f1d1136af3
  • libxml2-python-2.7.6-21.el6_8.1.tuxcare.els1.x86_64.rpm
    sha:21c5ea6c7b86c56c0c4990b59db313adf990ba1d
  • libxml2-devel-2.7.6-21.el6_8.1.tuxcare.els1.i686.rpm
    sha:8806820236496b922fc88e9fcee62d4e97c8f036
  • libxml2-2.7.6-21.el6_8.1.tuxcare.els1.i686.rpm
    sha:93963b1c4bb38af180e78826222b4cbc52d094cd
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.