Advisories ยป MGASA-2018-0048

Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities

Publication date: 03 Jan 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4658 , CVE-2016-5131 , CVE-2016-9318 , CVE-2017-0663 , CVE-2017-5130 , CVE-2017-5969 , CVE-2017-7375 , CVE-2017-7376 , CVE-2017-9047 , CVE-2017-9048 , CVE-2017-9049 , CVE-2017-9050 , CVE-2017-15412 , CVE-2017-16932

Description

Use-after-free error could lead to crash (CVE-2016-4658).

Use-after-free vulnerability in libxml2 through 2.9.4 allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via vectors related to the XPointer range-to function
(CVE-2016-5131).

libxml2 2.9.4 and earlier does not offer a flag directly indicating that
the current document may be read but other files may not be opened,
which makes it easier for remote attackers to conduct XML External
Entity (XXE) attacks via a crafted document (CVE-2016-9318).

Heap buffer overflow in xmlAddID (CVE-2017-0663).

Integer overflow in memory debug code in libxml2 before 2.9.5
(CVE-2017-5130).

NULL pointer deref in xmlDumpElementContent (CVE-2017-5969).

Prevent unwanted external entity reference (CVE-2017-7375).

Increase buffer space for port in HTTP redirect support (CVE-2017-7376).

The function xmlSnprintfElementContent in valid.c was vulnerable to a
stack buffer overflow (CVE-2017-9047, CVE-2017-9048).

The function xmlDictComputeFastKey in dict.c was vulnerable to a
heap-based buffer over-read (CVE-2017-9049).

The function xmlDictAddString was vulnerable to a heap-based buffer
over-read (CVE-2017-9050).

It was discovered that libxml2 incorrecty handled certain files. An
attacker could use this issue with specially constructed XML data to
cause libxml2 to consume resources, leading to a denial of service
(CVE-2017-15412).

Wei Lei discovered that libxml2 incorrecty handled certain parameter
entities. An attacker could use this issue with specially constructed
XML data to cause libxml2 to consume resources, leading to a denial of
service (CVE-2017-16932).

The libxml2 package has been updated to version 2.9.7 to fix these
issues and several other bugs.
                

References

SRPMS

5/core