Vulnerability CVE-2021-3516: Information
Description
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libxml2 | sisyphus | 2.9.12-alt1 | 2.12.5-alt1 | ALT-PU-2021-2057-1 | 275606 | Fixed |
libxml2 | p10 | 2.9.12-alt1 | 2.9.12-alt1.p10.1 | ALT-PU-2021-2057-1 | 275606 | Fixed |
libxml2 | c10f1 | 2.9.12-alt1 | 2.9.12-alt1.p10.1 | ALT-PU-2021-2057-1 | 275606 | Fixed |
libxml2 | c9f2 | 2.9.12-alt1 | 2.9.12-alt1.c9f2.1 | ALT-PU-2021-3332-1 | 287715 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1954225 |
|
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539 |
|
https://gitlab.gnome.org/GNOME/libxml2/-/issues/230 |
|
[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update |
|
GLSA-202107-05 |
|
https://security.netapp.com/advisory/ntap-20210716-0005/ |
|
https://www.oracle.com/security-alerts/cpujan2022.html |
|
FEDORA-2021-e3ed1ba38b | |
FEDORA-2021-b950000d2b |