FEDORA-2017-a3a47973eb

security update in Fedora 25 for libxml2

Status: stable 2 years ago

Update to latest upstream release, includes several security related fixes.

How to install

sudo dnf upgrade --advisory=FEDORA-2017-a3a47973eb

Comments 10

This update has been submitted for testing by rdieter.

This update has been pushed to testing.

No regressions noticed on x86_64.

karma: +1 critpath: +1

works for me

karma: +1

No regressions noted.

karma: +1 critpath: +1

works for me

karma: +1

not explicitly tested but does not seem to cause issues on atomic host running openshift

no regressions noted

karma: +1

This update has been submitted for stable by rdieter.

This update has been pushed to stable.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+5
stable threshold: 2
unstable threshold: -4
Autopush
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 21

00 #1338682 CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar
00 #1338686 CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName
00 #1338691 CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs
00 #1338696 CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral
00 #1338700 CVE-2016-4448 libxml2: Format string vulnerability
00 #1338701 CVE-2016-4449 libxml2: Inappropriate fetch of entities content
00 #1338702 CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey
00 #1338703 CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString
00 #1338705 CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal
00 #1338706 CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup
00 #1338708 CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat
00 #1338711 CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar
00 #1349794 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 libxml2: various flaws [fedora-all]
00 #1358641 CVE-2016-5131 chromium-browser: use-after-free in libxml
00 #1361439 CVE-2016-5131 libxml2: chromium-browser: use-after-free in libxml [fedora-all]
00 #1384424 CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges
00 #1384427 CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges [fedora-all]
00 #1395609 CVE-2016-9318 libxml2: XML External Entity vulnerability
00 #1395610 CVE-2016-9318 libxml2: XML External Entity vulnerability [fedora-all]
00 #1398939 libxml2 v2.9.3-4 causes TypeError with python3-feedparser
00 #1421998 CVE-2017-5969 libxml2: Null pointer dereference in xmlSaveDoc implementation [fedora-all]

Automated Test Results