RHSA-2020:3996

Affecting libxml2 package, versions <0:2.9.1-6.el7.5

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to RHSA-2020:3996. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956) * libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388) * libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Remediation

Upgrade libxml2 to version or higher.

References

CVE
RHSA-2020:3996
Snyk ID
SNYK-CENTOS7-LIBXML2-1014717
Published
01 Oct, 2020