logo
DATABASE RESOURCES PRICING ABOUT US

Medium: libxml2

Description

**Issue Overview:** xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document. (CVE-2016-4658) parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. (CVE-2017-16931) **Affected Packages:** libxml2 **Issue Correction:** Run _yum update libxml2_ to update your system. **New Packages:** aarch64:     libxml2-2.9.1-6.amzn2.3.3.aarch64     libxml2-devel-2.9.1-6.amzn2.3.3.aarch64     libxml2-static-2.9.1-6.amzn2.3.3.aarch64     libxml2-python-2.9.1-6.amzn2.3.3.aarch64     libxml2-debuginfo-2.9.1-6.amzn2.3.3.aarch64 i686:     libxml2-2.9.1-6.amzn2.3.3.i686     libxml2-devel-2.9.1-6.amzn2.3.3.i686     libxml2-static-2.9.1-6.amzn2.3.3.i686     libxml2-python-2.9.1-6.amzn2.3.3.i686     libxml2-debuginfo-2.9.1-6.amzn2.3.3.i686 src:     libxml2-2.9.1-6.amzn2.3.3.src x86_64:     libxml2-2.9.1-6.amzn2.3.3.x86_64     libxml2-devel-2.9.1-6.amzn2.3.3.x86_64     libxml2-static-2.9.1-6.amzn2.3.3.x86_64     libxml2-python-2.9.1-6.amzn2.3.3.x86_64     libxml2-debuginfo-2.9.1-6.amzn2.3.3.x86_64 ### Additional References Red Hat: [CVE-2016-4658](<https://access.redhat.com/security/cve/CVE-2016-4658>), [CVE-2017-16931](<https://access.redhat.com/security/cve/CVE-2017-16931>) Mitre: [CVE-2016-4658](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658>), [CVE-2017-16931](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931>)


Affected Package


OS OS Version Package Name Package Version
Amazon Linux 2 libxml2 2.9.1-6.amzn2.3.3
Amazon Linux 2 libxml2-devel 2.9.1-6.amzn2.3.3
Amazon Linux 2 libxml2-static 2.9.1-6.amzn2.3.3
Amazon Linux 2 libxml2-python 2.9.1-6.amzn2.3.3
Amazon Linux 2 libxml2-debuginfo 2.9.1-6.amzn2.3.3
Amazon Linux 2 libxml2 2.9.1-6.amzn2.3.3
Amazon Linux 2 libxml2-devel 2.9.1-6.amzn2.3.3
Amazon Linux 2 libxml2-static 2.9.1-6.amzn2.3.3
Amazon Linux 2 libxml2-python 2.9.1-6.amzn2.3.3
Amazon Linux 2 libxml2-debuginfo 2.9.1-6.amzn2.3.3
Amazon Linux 2 libxml2 2.9.1-6.amzn2.3.3
Amazon Linux 2 libxml2 2.9.1-6.amzn2.3.3
Amazon Linux 2 libxml2-devel 2.9.1-6.amzn2.3.3
Amazon Linux 2 libxml2-static 2.9.1-6.amzn2.3.3
Amazon Linux 2 libxml2-python 2.9.1-6.amzn2.3.3
Amazon Linux 2 libxml2-debuginfo 2.9.1-6.amzn2.3.3

Related