Advisories » MGASA-2017-0254

Updated perl-XML-LibXML packages fix security vulnerability

Publication date: 10 Aug 2017
Modification date: 10 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-10672

Description

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows
attackers to execute arbitrary code by controlling the arguments to a
replaceChild call (CVE-2017-10672)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21332
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CYPWMSEV5NK2JJCTOSA6SAI4RG6MVJH5/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10672

SRPMS

5/core

• perl-XML-LibXML-2.12.100-1.1.mga5

6/core

• perl-XML-LibXML-2.12.900-1.1.mga6