FEDORA-2017-a3a47973eb

security update in Fedora 25 for libxml2

Status: stable 2 years ago

Update to latest upstream release, includes several security related fixes.

How to install

sudo dnf upgrade --advisory=FEDORA-2017-a3a47973eb

Comments 10

This update has been submitted for testing by rdieter.

This update has been pushed to testing.

No regressions noticed on x86_64.

karma: +1 critpath: +1

works for me

karma: +1

No regressions noted.

karma: +1 critpath: +1

works for me

karma: +1

not explicitly tested but does not seem to cause issues on atomic host running openshift

no regressions noted

karma: +1

This update has been submitted for stable by rdieter.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

Does the system's basic functionality continue to work after this update?
#1338682 CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar
#1338686 CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName
#1338691 CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs
#1338696 CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral
#1338700 CVE-2016-4448 libxml2: Format string vulnerability
#1338701 CVE-2016-4449 libxml2: Inappropriate fetch of entities content
#1338702 CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey
#1338703 CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString
#1338705 CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal
#1338706 CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup
#1338708 CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat
#1338711 CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar
#1349794 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 libxml2: various flaws [fedora-all]
#1358641 CVE-2016-5131 chromium-browser: use-after-free in libxml
#1361439 CVE-2016-5131 libxml2: chromium-browser: use-after-free in libxml [fedora-all]
#1384424 CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges
#1384427 CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges [fedora-all]
#1395609 CVE-2016-9318 libxml2: XML External Entity vulnerability
#1395610 CVE-2016-9318 libxml2: XML External Entity vulnerability [fedora-all]
#1398939 libxml2 v2.9.3-4 causes TypeError with python3-feedparser
#1421998 CVE-2017-5969 libxml2: Null pointer dereference in xmlSaveDoc implementation [fedora-all]
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+5
stable threshold: 2
unstable threshold: -4
Autopush
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 21

00 #1338682 CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar
00 #1338686 CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName
00 #1338691 CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs
00 #1338696 CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral
00 #1338700 CVE-2016-4448 libxml2: Format string vulnerability
00 #1338701 CVE-2016-4449 libxml2: Inappropriate fetch of entities content
00 #1338702 CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey
00 #1338703 CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString
00 #1338705 CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal
00 #1338706 CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup
00 #1338708 CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat
00 #1338711 CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar
00 #1349794 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 libxml2: various flaws [fedora-all]
00 #1358641 CVE-2016-5131 chromium-browser: use-after-free in libxml
00 #1361439 CVE-2016-5131 libxml2: chromium-browser: use-after-free in libxml [fedora-all]
00 #1384424 CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges
00 #1384427 CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges [fedora-all]
00 #1395609 CVE-2016-9318 libxml2: XML External Entity vulnerability
00 #1395610 CVE-2016-9318 libxml2: XML External Entity vulnerability [fedora-all]
00 #1398939 libxml2 v2.9.3-4 causes TypeError with python3-feedparser
00 #1421998 CVE-2017-5969 libxml2: Null pointer dereference in xmlSaveDoc implementation [fedora-all]

Automated Test Results