Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Scientific Linux: SLSA-2016:1292-1 Critical Libxml2 Buffer Overflow

Calendar Jun 23, 2016 User Avatar LinuxSecurity Advisories
2 - 3 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory update buffer overflow Denial of Service libxml2 Important Scientific Linux
Important: libxml2 security update 
Date: Thu, 23 Jun 2016 21:52:42 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Kevin Hill 
Subject: Security ERRATA Important: libxml2 on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20160623215242.14337.75709@slpackages.fnal.gov>

Synopsis: Important: libxml2 security update
Advisory ID: SLSA-2016:1292-1
Issue Date: 2016-06-23
CVE Numbers: CVE-2016-3627
 CVE-2016-3705
 CVE-2016-1833
 CVE-2016-4447
 CVE-2016-1835
 CVE-2016-1837
 CVE-2016-4448
 CVE-2016-4449
 CVE-2016-1836
 CVE-2016-1839
 CVE-2016-1838
 CVE-2016-1840
 CVE-2016-1834
 CVE-2016-1762
--

Security Fix(es):

A heap-based buffer overflow flaw was found in the way libxml2 parsed
certain crafted XML input. A remote attacker could provide a specially
crafted XML file that, when opened in an application linked against
libxml2, would cause the application to crash or execute arbitrary code
with the permissions of the user running the application. (CVE-2016-1834,
CVE-2016-1840)

Multiple denial of service flaws were found in libxml2. A remote attacker
could provide a specially crafted XML file that, when processed by an
application using libxml2, could cause that application to crash.
(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836,
CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705,
CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)
--

SL6
 x86_64
 libxml2-2.7.6-21.el6_8.1.i686.rpm
 libxml2-2.7.6-21.el6_8.1.x86_64.rpm
 libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
 libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
 libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
 libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
 libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
 libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
 i386
 libxml2-2.7.6-21.el6_8.1.i686.rpm
 libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
 libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
 libxml2-python-2.7.6-21.el6_8.1.i686.rpm
 libxml2-static-2.7.6-21.el6_8.1.i686.rpm
SL7
 x86_64
 libxml2-2.9.1-6.el7_2.3.i686.rpm
 libxml2-2.9.1-6.el7_2.3.x86_64.rpm
 libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
 libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
 libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
 libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
 libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
 libxml2-static-2.9.1-6.el7_2.3.i686.rpm
 libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm

- Scientific Linux Development Team

Related News

Your message here