Arch Linux alert ASA-201611-2 (libxml2)
| From: | Levente Polyak <anthraxx@archlinux.org> | |
| To: | arch-security@archlinux.org | |
| Subject: | [arch-security] [ASA-201611-2] libxml2: arbitrary code execution | |
| Date: | Tue, 1 Nov 2016 15:54:56 +0100 | |
| Message-ID: | <5d092540-8425-6fc2-e04a-e3eae8d804a0@archlinux.org> |
Arch Linux Security Advisory ASA-201611-2 ========================================= Severity: Critical Date : 2016-11-01 CVE-ID : CVE-2016-4658 CVE-2016-5131 Package : libxml2 Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package libxml2 before version 2.9.4+12+ge905f08-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 2.9.4+12+ge905f08-1. # pacman -Syu "libxml2>=2.9.4+12+ge905f08-1" The problems have been fixed upstream but no release is available yet. Workaround ========== None. Description =========== - CVE-2016-4658 (arbitrary code execution) A use-after-free vulnerability via namespace nodes in XPointer ranges was found in libxml2. - CVE-2016-5131 (arbitrary code execution) Bugs in xmlXPathEvalExpr and xmlXPtrRangeToFunction can lead to a use- after-free and allow control of the instruction pointer. Impact ====== A remote attacker is able to use a specially crafted XPath payload to execute arbitrary code. References ========== https://bugzilla.redhat.com/show_bug.cgi?id=1384424 https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121... https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277... https://bugs.chromium.org/p/chromium/issues/detail?id=623378 https://access.redhat.com/security/cve/CVE-2016-4658 https://access.redhat.com/security/cve/CVE-2016-5131