Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 494
Alerts This Week
Warning Icon 1 494

Fedora: 25 perl-XML-LibXML Update Critical: Use-After-Free Fix

fedora
Calendar Grey July 25, 2017
Dist Fedora Esm H88
This Fedora 25 patch resolves a significant memory corruption vulnerability in perl-XML-LibXML to improve system safety.
This release fixes a use-after-free in replaceChild() call.

Summary

This module implements a Perl interface to the GNOME libxml2 library

which provides interfaces for parsing and manipulating XML files. This

module allows Perl programmers to make use of the highly capable

validating XML parser and the high performance DOM implementation.

This release fixes a use-after-free in replaceChild() call.

[ 1 ] Bug #1470204 - CVE-2017-10672 perl-XML-LibXML: Use-after-free by controlling the arguments to a replaceChild call

https://bugzilla.redhat.com/show_bug.cgi?id=1470204

su -c 'dnf upgrade perl-XML-LibXML' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 25
Version: 2.0129
Release: 2.fc25
Summary: Perl interface to the libxml2 library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.