logo
DATABASE RESOURCES PRICING ABOUT US

libxml2 - security update

Description

* [CVE-2016-4658](https://security-tracker.debian.org/tracker/CVE-2016-4658) Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. * [CVE-2016-5131](https://security-tracker.debian.org/tracker/CVE-2016-5131) The old code would invoke the broken xmlXPtrRangeToFunction. range-to isn't really a function but a special kind of location step. Remove this function and always handle range-to in the XPath code. The old xmlXPtrRangeToFunction could also be abused to trigger a use-after-free error with the potential for remote code execution. For Debian 7 Wheezy, these problems have been fixed in version 2.8.0+dfsg1-7+wheezy7. We recommend that you upgrade your libxml2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: <https://wiki.debian.org/LTS>


Affected Software


CPE Name Name Version
libxml2 2.8.0+dfsg1-7+nmu2
libxml2 2.8.0+dfsg1-7+wheezy6
libxml2 2.8.0+dfsg1-7+wheezy3
libxml2 2.8.0+dfsg1-7+nmu3
libxml2 2.8.0+dfsg1-7+wheezy5
libxml2 2.8.0+dfsg1-7+wheezy1
libxml2 2.8.0+dfsg1-7+wheezy4
libxml2 2.8.0+dfsg1-7+nmu1
libxml2 2.8.0+dfsg1-7+wheezy2

Related