Vulnerability CVE-2021-3537: Information
Description
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
gem-nokogiri | sisyphus | 1.12.4-alt1 | 1.16.4-alt1 | ALT-PU-2021-2997-1 | 252865 | Fixed |
gem-nokogiri | sisyphus_e2k | 1.16.2-alt1 | 1.16.4-alt1 | ALT-PU-2024-6690-1 | - | Fixed |
gem-nokogiri | p10 | 1.13.8-alt1.1 | 1.13.8-alt1.1 | ALT-PU-2023-4266-4 | 307833 | Fixed |
gem-nokogiri | p10_e2k | 1.13.8-alt1.1 | 1.13.8-alt1.1 | ALT-PU-2024-7099-1 | - | Fixed |
gem-nokogiri | c10f1 | 1.13.8-alt1.1 | 1.11.1-alt1 | ALT-PU-2024-7812-2 | 334397 | Testing |
gem-nokogiri | p11 | 1.12.4-alt1 | 1.16.4-alt1 | ALT-PU-2021-2997-1 | 252865 | Fixed |
libxml2 | sisyphus | 2.9.12-alt1 | 2.12.7-alt1 | ALT-PU-2021-2057-1 | 275606 | Fixed |
libxml2 | p10 | 2.9.12-alt1 | 2.9.12-alt1.p10.1 | ALT-PU-2021-2057-1 | 275606 | Fixed |
libxml2 | c10f1 | 2.9.12-alt1 | 2.9.12-alt1.p10.1 | ALT-PU-2021-2057-1 | 275606 | Fixed |
libxml2 | c9f2 | 2.9.12-alt1 | 2.9.12-alt1.c9f2.1 | ALT-PU-2021-3332-1 | 287715 | Fixed |
libxml2 | p11 | 2.9.12-alt1 | 2.12.7-alt1 | ALT-PU-2021-2057-1 | 275606 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1956522 |
|
[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update |
|
https://security.netapp.com/advisory/ntap-20210625-0002/ |
|
GLSA-202107-05 |
|
https://www.oracle.com/security-alerts/cpuoct2021.html |
|
https://www.oracle.com/security-alerts/cpuapr2022.html |
|
N/A |
|
FEDORA-2021-e3ed1ba38b | |
FEDORA-2021-b950000d2b |