libxml2-2.9.7-9.el8.2
エラータID: AXSA:2021-2193:02
リリース日:
2021/07/12 Monday - 06:57
題名:
libxml2-2.9.7-9.el8.2
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- libxml2 の xmllint には、攻撃者が巧妙に細工されたファイルを xmllint に処理させることで、
解放後使用を引き起こす脆弱性があります。(CVE-2021-3516)
- libxml2 の xml エンティティのエンコーディング機能に問題があり、攻撃者はこの libxml2
の影響を受ける機能とリンクしているアプリケーションに、巧妙に細工されたファイルを
処理させることで、境界外の読み取りが発生する脆弱性があります。(CVE-2021-3517)
- libxml2 には、攻撃者が巧妙に細工されたファイルを libxml2 とリンクしているアプリケー
ションに処理させることで、解放後使用が発生する脆弱性があります。(CVE-2021-3518)
- libxml2 には、XML 混合コンテンツを解析しているときにエラーを伝えないため、NULL
デリファレンス を引き起こす問題があり、信頼されていない XML 文書がリカバリーモー
ドで解析され、後に検証されたとき、アプリケーションをクラッシュさせる脆弱性があり
ます。(CVE-2021-3537)
- libxml2 には指数的エンティティ膨張攻撃によって既存のすべての保護機構を回避し、
サービス拒否に陥る脆弱性があります。(CVE-2021-3541)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-3516
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
CVE-2021-3517
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
CVE-2021-3518
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
CVE-2021-3537
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
CVE-2021-3541
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
追加情報:
N/A
ダウンロード:
SRPMS
- libxml2-2.9.7-9.el8.2.src.rpm
MD5: d9bf31c1cbdb491eee8874e5a8559be7
SHA-256: 5efc5dbfc8c1948ab2ba08cde7e95ed7e43fb68b55ff85f11fb24d31e829d39f
Size: 5.21 MB
Asianux Server 8 for x86_64
- libxml2-2.9.7-9.el8.2.x86_64.rpm
MD5: 09548491344301475de54d63e5ef6711
SHA-256: 236b62b3b4ea1c1f1b98cbe6263a2513cec6dcafdf251e124cb31fc5a13282a6
Size: 694.74 kB - libxml2-devel-2.9.7-9.el8.2.x86_64.rpm
MD5: 3a22e923090a841746baae96d77a8147
SHA-256: ced993d23fa28027caf9b4ea0668462a6712e0723737b626f6ffc36980598e04
Size: 1.04 MB - python3-libxml2-2.9.7-9.el8.2.x86_64.rpm
MD5: 6fd05c8c4a016d2132213a2541450b43
SHA-256: 919a338f76cb2505b120d78369466c4a987a29537fa36c63ab7dbdd0ad477761
Size: 236.03 kB - libxml2-2.9.7-9.el8.2.i686.rpm
MD5: 71afcb32b1dc04c0c99519dec5bc4173
SHA-256: 518322c7379d8499b408328154eb3759609140ca4020b0f46a903a9271366c44
Size: 739.45 kB - libxml2-devel-2.9.7-9.el8.2.i686.rpm
MD5: 98b408b433005d3cbe0f812bca17aa7b
SHA-256: d3e7a33bd0ae1b21fca6ecc0fbc0e857dd1420f6bd3881c8a19cb4d36dda4a76
Size: 1.04 MB
English