CLSA-2022-1641903536
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2022-1641903536.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2022-1641903536
- Upstream
- Published
- 2022-01-11T12:18:56Z
- Modified
- 2026-06-01T00:33:15.383009935Z
- Summary
- Fix of 8 CVEs
- Details
-
- CVE-2021-3517.patch: validate UTF8 in xmlEncodeEntities
- CVE-2021-3518.patch: fix user-after-free with 'xmllint --xinclude --dropdtd'
- CVE-2021-3537.patch: propagate error in xmlParseElementChildrenContentDeclPriv
- CVE-2021-3541.patch: parser fix for the billion laughs attack
- CVE-2021-3516.patch: fix use-after-free with 'xmllint --html --push'
- CVE-2017-8872.patch: free input buffer in xmlHaltParser
- CVE-2019-20388.patch: fix memory leak in xmlSchemaValidateStream
- CVE-2020-24977.patch: fix out-of-bounds read with 'xmllint --htmlout'
- References
Affected packages
TuxCare:CentOS:6 / libxml2
Package
- Name
- libxml2
- Purl
- pkg:rpm/tuxcare/libxml2?distro=centos-6
TuxCare:CentOS:6 / libxml2-devel
Package
- Name
- libxml2-devel
- Purl
- pkg:rpm/tuxcare/libxml2-devel?distro=centos-6
TuxCare:CentOS:6 / libxml2-python
Package
- Name
- libxml2-python
- Purl
- pkg:rpm/tuxcare/libxml2-python?distro=centos-6