[CLSA-2021:1640700669] Fix of CVE: CVE-2021-3518, CVE-2017-8872, CVE-2020-24977, CVE-2021-3537, CVE-2021-3516, CVE-2021-3541, CVE-2019-20388, CVE-2021-3517
Type:
security
Severity:
moderate
Release date:
2021-12-28
Description:
- CVE-2021-3517.patch: validate UTF8 in xmlEncodeEntities - CVE-2021-3518.patch: fix user-after-free with 'xmllint --xinclude --dropdtd' - CVE-2021-3537.patch: propagate error in xmlParseElementChildrenContentDeclPriv - CVE-2021-3541.patch: parser fix for the billion laughs attack - CVE-2021-3516.patch: fix use-after-free with 'xmllint --html --push' - CVE-2017-8872.patch: free input buffer in xmlHaltParser - CVE-2019-20388.patch: fix memory leak in xmlSchemaValidateStream - CVE-2020-24977.patch: fix out-of-bounds read with 'xmllint --htmlout'
Updated packages:
  • libxml2-python-2.7.6-21.0.1.el6_8.1.tuxcare.ol.els1.x86_64.rpm
    sha:b99b2475ddfd6c5d1398b085d628e3cd7a9423ad
  • libxml2-devel-2.7.6-21.0.1.el6_8.1.tuxcare.ol.els1.x86_64.rpm
    sha:e844495f94444419beb8d96795ad439da00156ae
  • libxml2-static-2.7.6-21.0.1.el6_8.1.tuxcare.ol.els1.x86_64.rpm
    sha:df988e390884a3e4d3d36154398bd81520e73c4a
  • libxml2-2.7.6-21.0.1.el6_8.1.tuxcare.ol.els1.x86_64.rpm
    sha:48a9363ada2a053b70f034d6bbe3cba389bcbafb
  • libxml2-2.7.6-21.0.1.el6_8.1.tuxcare.ol.els1.i686.rpm
    sha:597cc006056c10d0c933ef7a923a1af8d14e0432
  • libxml2-devel-2.7.6-21.0.1.el6_8.1.tuxcare.ol.els1.i686.rpm
    sha:745cb31722181fa09ad5ebd13c64f312d2ea4066
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.