libxml2 security update

🗓️ 08 Apr 2020 18:42:56Reported by CentOS ProjectType

centos

centos🔗 lists.centos.org👁 211 Views

libxml2 security update addressing multiple use after free and DoS vulnerabilitie

Reporter	Title	Published	Views	Family All 582
IBM Security Bulletins	Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in Libxml2	7 Dec 202322:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libxml2 (CVE-2017-5130 CVE-2017-15412 CVE-2016-5131)	7 Dec 202322:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018	28 Jan 201917:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Appliance is affected by multiple libxml2 vulnerabilities	27 Jul 202009:24	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution and denial of service due to CVE-2017-15412 and CVE-2016-5131	7 Nov 202216:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities	9 Apr 202103:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in libxml2 affects IBM Watson Studio Local	18 Dec 201918:01	–	ibm
IBM Security Bulletins	Security Bulletin: IBM ToolsCenter Dynamic System Analysis (DSA) Preboot is affected by multiple vulnerabilities.	20 Dec 201908:47	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in libxml2 (CVE-2018-14404)	7 Dec 202322:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in glib2, libxml2 and ntp	7 Dec 202322:45	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
CentOS	7	i686	libxml2	2.9.1-6.el7.4	libxml2-2.9.1-6.el7.4.i686.rpm
CentOS	7	x86_64	libxml2	2.9.1-6.el7.4	libxml2-2.9.1-6.el7.4.x86_64.rpm
CentOS	7	i686	libxml2-devel	2.9.1-6.el7.4	libxml2-devel-2.9.1-6.el7.4.i686.rpm
CentOS	7	x86_64	libxml2-devel	2.9.1-6.el7.4	libxml2-devel-2.9.1-6.el7.4.x86_64.rpm
CentOS	7	x86_64	libxml2-python	2.9.1-6.el7.4	libxml2-python-2.9.1-6.el7.4.x86_64.rpm
CentOS	7	i686	libxml2-static	2.9.1-6.el7.4	libxml2-static-2.9.1-6.el7.4.i686.rpm
CentOS	7	x86_64	libxml2-static	2.9.1-6.el7.4	libxml2-static-2.9.1-6.el7.4.x86_64.rpm

Source	Link
twitter	www.twitter.com/centos
steadfast	www.steadfast.net/
access	www.access.redhat.com/errata/RHSA-2020:1190
linkedin	www.linkedin.com/groups/22405
youtube	www.youtube.com/TheCentOSProject
facebook	www.facebook.com/groups/centosproject/
reddit	www.reddit.com/r/CentOS/

08 Apr 2020 18:42Current

6.7Medium risk

Vulners AI Score6.7

CVSS 26.8

CVSS 38.8

CVSS 3.18.8

EPSS0.20012

SSVC

libxml2 security update use after free dos xml standards cve-2016-5131 cve-2017-15412 cve-2015-8035 cve-2018-14404 cve-2017-18258 cve-2018-14567 red hat enterprise linux 7.8 release notes