libxml2-2.9.1-6.4.0.1.el7.AXS7

エラータID: AXSA:2020-016:01

Release date: 
Friday, April 24, 2020 - 04:52
Subject: 
libxml2-2.9.1-6.4.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)

* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)

* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)

* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)

* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)

* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.8 Release Notes linked from the References section.

CVE-2015-8035
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
CVE-2016-5131
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
CVE-2017-15412
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-18258
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
CVE-2018-14404
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
CVE-2018-14567
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

Solution: 

Update packages.

CVEs: 
CVE-2015-8035
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
CVE-2016-5131
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
CVE-2017-15412
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-18258
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
CVE-2018-14404
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
CVE-2018-14567
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
Additional Info: 

N/A

Download: 

SRPMS
  1. libxml2-2.9.1-6.4.0.1.el7.AXS7.src.rpm
    MD5: 07af6d4dbcb6e71d153b1de5772b421c
    SHA-256: cc6512b703f0ca44a242d676a2f74260f9a0daf017720d9fe9d7866a378db5d7
    Size: 5.02 MB

Asianux Server 7 for x86_64
  1. libxml2-2.9.1-6.4.0.1.el7.AXS7.x86_64.rpm
    MD5: e31b349a3b6995dd89d0ee249a400ae0
    SHA-256: 8ecbc2417f0580f18ded6e82e29472d82704f72eed78f969d840ef2a8fcf9c93
    Size: 667.67 kB
  2. libxml2-devel-2.9.1-6.4.0.1.el7.AXS7.x86_64.rpm
    MD5: 1f4aa82329b788039a1f568e63e5d43a
    SHA-256: 9dab794419bf87237c266ca56250c3cb07c0434eaa26d896a23df80b2195bb2d
    Size: 1.05 MB
  3. libxml2-python-2.9.1-6.4.0.1.el7.AXS7.x86_64.rpm
    MD5: 9325735bc8a70f41d36825731a84e37e
    SHA-256: d09c7edcfc765e8fd85ed85c7f63c4b06fa4600e03b833363b6501e542904009
    Size: 246.14 kB
  4. libxml2-2.9.1-6.4.0.1.el7.AXS7.i686.rpm
    MD5: 5b8ddcb6b076562f15dbfea221e90e7e
    SHA-256: 99fda229fc67cfc357d7d439ccc083c3d993e45e1ed86d09357f40fddc5e13bf
    Size: 653.31 kB
  5. libxml2-devel-2.9.1-6.4.0.1.el7.AXS7.i686.rpm
    MD5: 425a9d58d05d4de6ee7b7d283ca6bdcb
    SHA-256: fa74ae932b094f430ccc0f56deca925df41b00d7ff5e55cfc3cb25310c9ae859
    Size: 1.05 MB