{"id":"MGASA-2018-0050","summary":"Updated libxml2 packages fix security vulnerability","details":"Integer overflow in memory debug code in libxml2 before 2.9.5\n(CVE-2017-5130).\n\nIt was discovered that libxml2 incorrecty handled certain files. An\nattacker could use this issue with specially constructed XML data to cause\nlibxml2 to consume resources, leading to a denial of service\n(CVE-2017-15412).\n\nWei Lei discovered that libxml2 incorrecty handled certain parameter\nentities. An attacker could use this issue with specially constructed XML\ndata to cause libxml2 to consume resources, leading to a denial of service\n(CVE-2017-16932).\n\nThe libxml2 package has been updated to version 2.9.7 to fix these issues\nand several other bugs.\n\nAlso, the perl-XML-LibXML package has been updated to version 2.13.200 to\nallow it to be rebuilt against the updated libxml2.\n","modified":"2026-04-16T01:47:54.887961860Z","published":"2018-01-03T15:50:51Z","upstream":["CVE-2017-15412","CVE-2017-16932","CVE-2017-5130"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0050.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22130"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html"},{"type":"WEB","url":"https://usn.ubuntu.com/usn/usn-3513-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/usn/usn-3504-1/"}],"affected":[{"package":{"name":"libxml2","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/libxml2?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.7-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0050.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}