Univention Bugzilla – Bug 53472
libxml2: Multiple issues (5.0)
Last modified: 2021-06-30 18:54:26 CEST
New Debian libxml2 2.9.4+dfsg1-7+deb10u2 fixes: This update addresses the following issues: * Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c (CVE-2020-24977) * use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516) * heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517) * use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518) * NULL pointer dereference when post-validating mix content parsed in recovery mode (CVE-2021-3537) * Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541)
--- mirror/ftp/pool/main/libx/libxml2/libxml2_2.9.4+dfsg1-7+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/libxml2_2.9.4+dfsg1-7+deb10u2.dsc @@ -1,3 +1,17 @@ +2.9.4+dfsg1-7+deb10u2 [Fri, 11 Jun 2021 18:57:11 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload. + * Fix out-of-bounds read with 'xmllint --htmlout' (CVE-2020-24977) + (Closes: #969529) + * Fix use-after-free with `xmllint --html --push` (CVE-2021-3516) + (Closes: #987739) + * Validate UTF8 in xmlEncodeEntities (CVE-2021-3517) (Closes: #987738) + * Fix user-after-free with `xmllint --xinclude --dropdtd` (CVE-2021-3518) + (Closes: #987737) + * Propagate error in xmlParseElementChildrenContentDeclPriv (CVE-2021-3537) + (Closes: #988123) + * Patch for security issue CVE-2021-3541 (Closes: #988603) + 2.9.4+dfsg1-7+deb10u1 [Fri, 06 Nov 2020 18:35:40 +0100] Moritz Mühlenhoff <moritz@debian.org>: * CVE-2017-18258 (Closes: #895245) <http://piuparts.knut.univention.de/5.0-0/#2630192578440194474>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-0] d6df054d9c Bug #53472: libxml2 2.9.4+dfsg1-7+deb10u2 doc/errata/staging/libxml2.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [5.0-0] 24e02cd931 Bug #53472: libxml2 2.9.4+dfsg1-7+deb10u2 doc/errata/staging/libxml2.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x37>