AXSA:2021-2474:03

Release date: 
Wednesday, October 13, 2021 - 17:41
Subject: 
libxml2-2.9.1-6.6.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

* libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2016-4658
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

Solution: 

Update packages.

CVEs: 
CVE-2016-4658
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.
Additional Info: 

N/A

Download: 

SRPMS
  1. libxml2-2.9.1-6.6.0.1.el7.AXS7.src.rpm
    MD5: 63fdcd794aedec5e81d74ab5a8ee5205
    SHA-256: 179fc7dde57508d89383d1190f66555ac4514e8654222b803ba6cf2299037a69
    Size: 5.03 MB

Asianux Server 7 for x86_64
  1. libxml2-2.9.1-6.6.0.1.el7.AXS7.x86_64.rpm
    MD5: 48a50648ad8c716e7ec60f4ae79e699f
    SHA-256: 9e4b3088eed7632a66bc2bc5fc42818963324a17a0d7d45f8d0f737fb8b6ee88
    Size: 667.45 kB
  2. libxml2-devel-2.9.1-6.6.0.1.el7.AXS7.x86_64.rpm
    MD5: 0a6b9ef134f76836b25824bc1a7a3b6b
    SHA-256: 648978e38263e9a8d02d3bbe32ffcf41dd3f626b6c466d8aac60357345b0a85e
    Size: 1.05 MB
  3. libxml2-python-2.9.1-6.6.0.1.el7.AXS7.x86_64.rpm
    MD5: 667d1de8db624c34cb162133907eeb5a
    SHA-256: a372c9378ba461cc0aacc22d00ce3f8aff36375a4506e8fe3cc39ae405fe6d1c
    Size: 246.40 kB
  4. libxml2-2.9.1-6.6.0.1.el7.AXS7.i686.rpm
    MD5: 58316795feeb1ae16075ff83c7eadd7c
    SHA-256: 7df4bdf653a52cdca91d892d64f944bbe6aefe51a11de0aae6ef60a12bd6dfa8
    Size: 653.51 kB
  5. libxml2-devel-2.9.1-6.6.0.1.el7.AXS7.i686.rpm
    MD5: 3f46d5e78d1b41272725b232ce5545d4
    SHA-256: a67c2fe63dd4373f069b090f890fc72068ad4677c356f173ec8ed99756a8e666
    Size: 1.05 MB
Copyright© 2007-2015 Asianux. All rights reserved.