Vulnerability CVE-2021-3541: Information
Description
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
gem-nokogiri | sisyphus | 1.12.4-alt1 | 1.16.4-alt1 | ALT-PU-2021-2997-1 | 252865 | Fixed |
gem-nokogiri | sisyphus_e2k | 1.16.2-alt1 | 1.16.4-alt1 | ALT-PU-2024-6690-1 | - | Fixed |
gem-nokogiri | p10 | 1.13.8-alt1.1 | 1.13.8-alt1.1 | ALT-PU-2023-4266-4 | 307833 | Fixed |
gem-nokogiri | p10_e2k | 1.13.8-alt1.1 | 1.13.8-alt1.1 | ALT-PU-2024-7099-1 | - | Fixed |
gem-nokogiri | c10f1 | 1.13.8-alt1.1 | 1.11.1-alt1 | ALT-PU-2024-7812-2 | 334397 | Testing |
gem-nokogiri | p11 | 1.12.4-alt1 | 1.16.4-alt1 | ALT-PU-2021-2997-1 | 252865 | Fixed |
libxml2 | sisyphus | 2.9.12-alt1 | 2.12.7-alt1 | ALT-PU-2021-2057-1 | 275606 | Fixed |
libxml2 | p10 | 2.9.12-alt1 | 2.9.12-alt1.p10.1 | ALT-PU-2021-2057-1 | 275606 | Fixed |
libxml2 | c10f1 | 2.9.12-alt1 | 2.9.12-alt1.p10.1 | ALT-PU-2021-2057-1 | 275606 | Fixed |
libxml2 | c9f2 | 2.9.12-alt1 | 2.9.12-alt1.c9f2.1 | ALT-PU-2021-3332-1 | 287715 | Fixed |
libxml2 | p11 | 2.9.12-alt1 | 2.12.7-alt1 | ALT-PU-2021-2057-1 | 275606 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1950515 |
|
https://security.netapp.com/advisory/ntap-20210805-0007/ |
|
https://www.oracle.com/security-alerts/cpujan2022.html |
|