LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

June 2016

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA June 2016

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Important: libxml2 on SL6.x, SL7.x i386/x86_64
From:	Kevin Hill <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Thu, 23 Jun 2016 21:52:42 -0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (66 lines)

Synopsis:          Important: libxml2 security update
Advisory ID:       SLSA-2016:1292-1
Issue Date:        2016-06-23
CVE Numbers:       CVE-2016-3627
                   CVE-2016-3705
                   CVE-2016-1833
                   CVE-2016-4447
                   CVE-2016-1835
                   CVE-2016-1837
                   CVE-2016-4448
                   CVE-2016-4449
                   CVE-2016-1836
                   CVE-2016-1839
                   CVE-2016-1838
                   CVE-2016-1840
                   CVE-2016-1834
                   CVE-2016-1762
--

Security Fix(es):

A heap-based buffer overflow flaw was found in the way libxml2 parsed
certain crafted XML input. A remote attacker could provide a specially
crafted XML file that, when opened in an application linked against
libxml2, would cause the application to crash or execute arbitrary code
with the permissions of the user running the application. (CVE-2016-1834,
CVE-2016-1840)

Multiple denial of service flaws were found in libxml2. A remote attacker
could provide a specially crafted XML file that, when processed by an
application using libxml2, could cause that application to crash.
(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836,
CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705,
CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)
--

SL6
  x86_64
    libxml2-2.7.6-21.el6_8.1.i686.rpm
    libxml2-2.7.6-21.el6_8.1.x86_64.rpm
    libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
    libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
    libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
    libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
    libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
    libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
  i386
    libxml2-2.7.6-21.el6_8.1.i686.rpm
    libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
    libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
    libxml2-python-2.7.6-21.el6_8.1.i686.rpm
    libxml2-static-2.7.6-21.el6_8.1.i686.rpm
SL7
  x86_64
    libxml2-2.9.1-6.el7_2.3.i686.rpm
    libxml2-2.9.1-6.el7_2.3.x86_64.rpm
    libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
    libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
    libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
    libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
    libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
    libxml2-static-2.9.1-6.el7_2.3.i686.rpm
    libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV