CLSA-2021-1640700710

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1640700710.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2021-1640700710
Upstream
Published
2021-12-28T14:11:50Z
Modified
2026-06-04T10:03:40.104218840Z
Summary
Fix CVE(s): CVE-2021-3517, CVE-2021-3516, CVE-2020-24977, CVE-2021-3541, CVE-2021-3537, CVE-2021-3518, CVE-2019-20388, CVE-2017-8872
Details
  • SECURITY UPDATE: Out-of-bounds array access
    • debian/patches/CVE-2021-3517.patch: Validate UTF8 in xmlEncodeEntities
    • CVE-2021-3517
  • SECURITY UPDATE: Use-after-free error
    • debian/patches/CVE-2021-3518.patch: Fix use-after-free with 'xmllint --xinclude --dropdtd'
    • CVE-2021-3518
  • SECURITY UPDATE: Null pointer dereference while parsing in recovery mode
    • debian/patches/CVE-2021-3537.patch: Propagate error in xmlParseElementChildrenContentDeclPriv
    • CVE-2021-3537
  • SECURITY UPDATE: Parser fix for the billion laugs attach
    • debian/patches/CVE-2021-3541.patch: Fix parameter entities expansion in xmlParserEntityCheck
    • CVE-2021-3541
  • SECURITY UPDATE: Miscalculation of available bytes when parsing
    • debian/patches/CVE-2017-8872.patch: Free input buffer in xmlHaltParser
    • CVE-2017-8872
  • SECURITY UPDATE: Memory leak
    • debian/patches/CVE-2019-20388.patch: Fix memory leak in xmlSchemaValidateStream
    • CVE-2019-20388
  • SECURITY UPDATE: Out-of-bounds array access
    • debian/patches/CVE-2020-24977.patch: Fix out-of-bounds read with 'xmllint --htmlout'
    • CVE-2020-24977
  • SECURITY UPDATE: Use-after-free error
    • debian/patches/CVE-2021-3516.patch: Fix use-after-free with 'xmllint --html --push'
    • CVE-2021-3516
References

Affected packages

TuxCare:Ubuntu:16.04 / libxml2

Package

Name
libxml2
Purl
pkg:deb/tuxcare/libxml2?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.3+dfsg1-1ubuntu0.7+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1640700710.json"

TuxCare:Ubuntu:16.04 / libxml2-dev

Package

Name
libxml2-dev
Purl
pkg:deb/tuxcare/libxml2-dev?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.3+dfsg1-1ubuntu0.7+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1640700710.json"

TuxCare:Ubuntu:16.04 / libxml2-doc

Package

Name
libxml2-doc
Purl
pkg:deb/tuxcare/libxml2-doc?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.3+dfsg1-1ubuntu0.7+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1640700710.json"

TuxCare:Ubuntu:16.04 / libxml2-utils

Package

Name
libxml2-utils
Purl
pkg:deb/tuxcare/libxml2-utils?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.3+dfsg1-1ubuntu0.7+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1640700710.json"

TuxCare:Ubuntu:16.04 / python-libxml2

Package

Name
python-libxml2
Purl
pkg:deb/tuxcare/python-libxml2?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.3+dfsg1-1ubuntu0.7+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2021-1640700710.json"