Scientific Linux alert SLSA-2020:1190-1 (libxml2)


From:
               Farhan Ahmed <fahmed@fnal.gov> 
To:
               scientific-linux-errata@listserv.fnal.gov 
Subject:
               Security ERRATA Moderate: libxml2 on SL7.x x86_64 
Date:
               Mon, 20 Apr 2020 16:41:45 -0000
Message-ID:
               <20200420164145.21964.21761@slpackages.fnal.gov>
Synopsis:          Moderate: libxml2 security update
Advisory ID:       SLSA-2020:1190-1
Issue Date:        2020-04-07
CVE Numbers:       CVE-2018-14567
                   CVE-2015-8035
                   CVE-2017-18258
                   CVE-2018-14404
                   CVE-2017-15412
                   CVE-2016-5131
--

* libxml2: Use after free triggered by XPointer paths beginning with
    range-to
    
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate()
    function in xpath.c
    
* libxml2: DoS caused by incorrect error detection during XZ decompression
    
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in
    xpath.c
    
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c
    
* libxml2: Infinite loop caused by incorrect error detection during LZMA
    decompression
--

SL7
  x86_64
    libxml2-2.9.1-6.el7.4.x86_64.rpm
    libxml2-devel-2.9.1-6.el7.4.x86_64.rpm
    libxml2-python-2.9.1-6.el7.4.x86_64.rpm
    libxml2-devel-2.9.1-6.el7.4.i686.rpm
    libxml2-2.9.1-6.el7.4.i686.rpm
    libxml2-debuginfo-2.9.1-6.el7.4.i686.rpm
    libxml2-debuginfo-2.9.1-6.el7.4.x86_64.rpm
    libxml2-static-2.9.1-6.el7.4.i686.rpm
    libxml2-static-2.9.1-6.el7.4.x86_64.rpm

- Scientific Linux Development Team

From:		Farhan Ahmed <fahmed@fnal.gov>
To:		scientific-linux-errata@listserv.fnal.gov
Subject:		Security ERRATA Moderate: libxml2 on SL7.x x86_64
Date:		Mon, 20 Apr 2020 16:41:45 -0000
Message-ID:		<20200420164145.21964.21761@slpackages.fnal.gov>