logo
DATABASE RESOURCES PRICING ABOUT US

Medium: libxml2

Description

**Issue Overview:** xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. (CVE-2019-19956) A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service. System availability is the highest threat from this vulnerability. (CVE-2019-20388) xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. (CVE-2020-7595) **Affected Packages:** libxml2 **Issue Correction:** Run _yum update libxml2_ to update your system. **New Packages:** i686:     libxml2-debuginfo-2.9.1-6.4.41.amzn1.i686     libxml2-python26-2.9.1-6.4.41.amzn1.i686     libxml2-python27-2.9.1-6.4.41.amzn1.i686     libxml2-devel-2.9.1-6.4.41.amzn1.i686     libxml2-static-2.9.1-6.4.41.amzn1.i686     libxml2-2.9.1-6.4.41.amzn1.i686 src:     libxml2-2.9.1-6.4.41.amzn1.src x86_64:     libxml2-python26-2.9.1-6.4.41.amzn1.x86_64     libxml2-devel-2.9.1-6.4.41.amzn1.x86_64     libxml2-debuginfo-2.9.1-6.4.41.amzn1.x86_64     libxml2-python27-2.9.1-6.4.41.amzn1.x86_64     libxml2-static-2.9.1-6.4.41.amzn1.x86_64     libxml2-2.9.1-6.4.41.amzn1.x86_64 ### Additional References Red Hat: [CVE-2019-19956](<https://access.redhat.com/security/cve/CVE-2019-19956>), [CVE-2019-20388](<https://access.redhat.com/security/cve/CVE-2019-20388>), [CVE-2020-7595](<https://access.redhat.com/security/cve/CVE-2020-7595>) Mitre: [CVE-2019-19956](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956>), [CVE-2019-20388](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20388>), [CVE-2020-7595](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7595>)


Affected Package


OS OS Version Package Name Package Version
Amazon Linux 1 libxml2-debuginfo 2.9.1-6.4.41.amzn1
Amazon Linux 1 libxml2-python26 2.9.1-6.4.41.amzn1
Amazon Linux 1 libxml2-python27 2.9.1-6.4.41.amzn1
Amazon Linux 1 libxml2-devel 2.9.1-6.4.41.amzn1
Amazon Linux 1 libxml2-static 2.9.1-6.4.41.amzn1
Amazon Linux 1 libxml2 2.9.1-6.4.41.amzn1
Amazon Linux 1 libxml2 2.9.1-6.4.41.amzn1
Amazon Linux 1 libxml2-python26 2.9.1-6.4.41.amzn1
Amazon Linux 1 libxml2-devel 2.9.1-6.4.41.amzn1
Amazon Linux 1 libxml2-debuginfo 2.9.1-6.4.41.amzn1
Amazon Linux 1 libxml2-python27 2.9.1-6.4.41.amzn1
Amazon Linux 1 libxml2-static 2.9.1-6.4.41.amzn1
Amazon Linux 1 libxml2 2.9.1-6.4.41.amzn1

Related