RHSA-2021:2569: Moderate: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards.Security Fix(es): libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516) libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517) libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518) libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537) libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2021:2569?
The severity of RHSA-2021:2569 is critical due to the potential exploitation of a use-after-free vulnerability in the libxml2 library.
How do I fix RHSA-2021:2569?
To fix RHSA-2021:2569, update the libxml2 package to version 2.9.7-9.el8_4.2 or later.
What vulnerabilities are addressed in RHSA-2021:2569?
RHSA-2021:2569 addresses a use-after-free vulnerability (CVE-2021-3516) and a heap-based buffer overflow in the libxml2 library.
Which versions of libxml2 are affected by RHSA-2021:2569?
Versions prior to 2.9.7-9.el8_4.2 of the libxml2 library are affected by RHSA-2021:2569.
Is there a specific update for Python3-libxml2 in RHSA-2021:2569?
Yes, the Python3-libxml2 package is also updated to version 2.9.7-9.el8_4.2 as part of the RHSA-2021:2569 advisory.