MGASA-2018-0048

Use-after-free error could lead to crash (CVE-2016-4658).

Use-after-free vulnerability in libxml2 through 2.9.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function (CVE-2016-5131).

libxml2 2.9.4 and earlier does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document (CVE-2016-9318).

Heap buffer overflow in xmlAddID (CVE-2017-0663).

Integer overflow in memory debug code in libxml2 before 2.9.5 (CVE-2017-5130).

NULL pointer deref in xmlDumpElementContent (CVE-2017-5969).

Prevent unwanted external entity reference (CVE-2017-7375).

Increase buffer space for port in HTTP redirect support (CVE-2017-7376).

The function xmlSnprintfElementContent in valid.c was vulnerable to a stack buffer overflow (CVE-2017-9047, CVE-2017-9048).

The function xmlDictComputeFastKey in dict.c was vulnerable to a heap-based buffer over-read (CVE-2017-9049).

The function xmlDictAddString was vulnerable to a heap-based buffer over-read (CVE-2017-9050).

It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service (CVE-2017-15412).

Wei Lei discovered that libxml2 incorrecty handled certain parameter entities. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service (CVE-2017-16932).

The libxml2 package has been updated to version 2.9.7 to fix these issues and several other bugs.