Advisories ยป MGASA-2021-0213

Updated libxml2 packages fix security vulnerabilities

Publication date: 19 May 2021
Type: security
Affected Mageia releases : 7 , 8
CVE: CVE-2021-3516 , CVE-2021-3517 , CVE-2021-3518 , CVE-2021-3537

Description

The updated packages fix security vulnerabilities:

Use-after-free in xmlEncodeEntitiesInternal() in entities.c.
(CVE-2021-3516)

Heap-based buffer overflow in xmlEncodeEntitiesInternal() in
entities.c. (CVE-2021-3517)

Use-after-free in xmlXIncludeDoProcess() in xinclude.c.
(CVE-2021-3518)

NULL pointer dereference in valid.c in xmlValidBuildAContentModel.
(CVE-2021-3537)
                

References

SRPMS

7/core

8/core