Synopsis: Moderate: libxml2 security update
Advisory ID: SLSA-2020:1190-1
Issue Date: 2020-04-07
CVE Numbers: CVE-2018-14567
CVE-2015-8035
CVE-2017-18258
CVE-2018-14404
CVE-2017-15412
CVE-2016-5131
—
* libxml2: Use after free triggered by XPointer paths beginning with
range-to
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate()
function in xpath.c
* libxml2: DoS caused by incorrect error detection during XZ decompression
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in
xpath.c
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c
* libxml2: Infinite loop caused by incorrect error detection during LZMA
decompression
—
SL7
x86_64
libxml2-2.9.1-6.el7.4.x86_64.rpm
libxml2-devel-2.9.1-6.el7.4.x86_64.rpm
libxml2-python-2.9.1-6.el7.4.x86_64.rpm
libxml2-devel-2.9.1-6.el7.4.i686.rpm
libxml2-2.9.1-6.el7.4.i686.rpm
libxml2-debuginfo-2.9.1-6.el7.4.i686.rpm
libxml2-debuginfo-2.9.1-6.el7.4.x86_64.rpm
libxml2-static-2.9.1-6.el7.4.i686.rpm
libxml2-static-2.9.1-6.el7.4.x86_64.rpm
– Scientific Linux Development Team
