UBUNTU-CVE-2017-0663

Source
https://ubuntu.com/security/CVE-2017-0663
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-0663.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-0663
Related
Published
2017-06-14T00:00:00Z
Modified
2017-06-14T00:00:00Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.

References

Affected packages

Ubuntu:14.04:LTS / libxml2

Package

Name
libxml2
Purl
pkg:deb/ubuntu/libxml2?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.1+dfsg1-3ubuntu4.10

Affected versions

2.*

2.9.1+dfsg1-3ubuntu2
2.9.1+dfsg1-3ubuntu3
2.9.1+dfsg1-3ubuntu4
2.9.1+dfsg1-3ubuntu4.1
2.9.1+dfsg1-3ubuntu4.2
2.9.1+dfsg1-3ubuntu4.3
2.9.1+dfsg1-3ubuntu4.4
2.9.1+dfsg1-3ubuntu4.5
2.9.1+dfsg1-3ubuntu4.6
2.9.1+dfsg1-3ubuntu4.7
2.9.1+dfsg1-3ubuntu4.8
2.9.1+dfsg1-3ubuntu4.9

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.9.1+dfsg1-3ubuntu4.10",
            "binary_name": "libxml2"
        },
        {
            "binary_version": "2.9.1+dfsg1-3ubuntu4.10",
            "binary_name": "libxml2-dbg"
        },
        {
            "binary_version": "2.9.1+dfsg1-3ubuntu4.10",
            "binary_name": "libxml2-dbgsym"
        },
        {
            "binary_version": "2.9.1+dfsg1-3ubuntu4.10",
            "binary_name": "libxml2-dev"
        },
        {
            "binary_version": "2.9.1+dfsg1-3ubuntu4.10",
            "binary_name": "libxml2-dev-dbgsym"
        },
        {
            "binary_version": "2.9.1+dfsg1-3ubuntu4.10",
            "binary_name": "libxml2-doc"
        },
        {
            "binary_version": "2.9.1+dfsg1-3ubuntu4.10",
            "binary_name": "libxml2-udeb"
        },
        {
            "binary_version": "2.9.1+dfsg1-3ubuntu4.10",
            "binary_name": "libxml2-udeb-dbgsym"
        },
        {
            "binary_version": "2.9.1+dfsg1-3ubuntu4.10",
            "binary_name": "libxml2-utils"
        },
        {
            "binary_version": "2.9.1+dfsg1-3ubuntu4.10",
            "binary_name": "libxml2-utils-dbg"
        },
        {
            "binary_version": "2.9.1+dfsg1-3ubuntu4.10",
            "binary_name": "libxml2-utils-dbgsym"
        },
        {
            "binary_version": "2.9.1+dfsg1-3ubuntu4.10",
            "binary_name": "python-libxml2"
        },
        {
            "binary_version": "2.9.1+dfsg1-3ubuntu4.10",
            "binary_name": "python-libxml2-dbg"
        },
        {
            "binary_version": "2.9.1+dfsg1-3ubuntu4.10",
            "binary_name": "python-libxml2-dbgsym"
        }
    ]
}

Ubuntu:16.04:LTS / libxml2

Package

Name
libxml2
Purl
pkg:deb/ubuntu/libxml2?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.3+dfsg1-1ubuntu0.3

Affected versions

2.*

2.9.2+zdfsg1-4
2.9.2+zdfsg1-4ubuntu1
2.9.2+zdfsg1-4ubuntu2
2.9.2+zdfsg1-4ubuntu3
2.9.3+dfsg1-1
2.9.3+dfsg1-1ubuntu0.1
2.9.3+dfsg1-1ubuntu0.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.9.3+dfsg1-1ubuntu0.3",
            "binary_name": "libxml2"
        },
        {
            "binary_version": "2.9.3+dfsg1-1ubuntu0.3",
            "binary_name": "libxml2-dbg"
        },
        {
            "binary_version": "2.9.3+dfsg1-1ubuntu0.3",
            "binary_name": "libxml2-dbgsym"
        },
        {
            "binary_version": "2.9.3+dfsg1-1ubuntu0.3",
            "binary_name": "libxml2-dev"
        },
        {
            "binary_version": "2.9.3+dfsg1-1ubuntu0.3",
            "binary_name": "libxml2-dev-dbgsym"
        },
        {
            "binary_version": "2.9.3+dfsg1-1ubuntu0.3",
            "binary_name": "libxml2-doc"
        },
        {
            "binary_version": "2.9.3+dfsg1-1ubuntu0.3",
            "binary_name": "libxml2-udeb"
        },
        {
            "binary_version": "2.9.3+dfsg1-1ubuntu0.3",
            "binary_name": "libxml2-udeb-dbgsym"
        },
        {
            "binary_version": "2.9.3+dfsg1-1ubuntu0.3",
            "binary_name": "libxml2-utils"
        },
        {
            "binary_version": "2.9.3+dfsg1-1ubuntu0.3",
            "binary_name": "libxml2-utils-dbg"
        },
        {
            "binary_version": "2.9.3+dfsg1-1ubuntu0.3",
            "binary_name": "libxml2-utils-dbgsym"
        },
        {
            "binary_version": "2.9.3+dfsg1-1ubuntu0.3",
            "binary_name": "python-libxml2"
        },
        {
            "binary_version": "2.9.3+dfsg1-1ubuntu0.3",
            "binary_name": "python-libxml2-dbg"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / android

Package

Name
android
Purl
pkg:deb/ubuntu/android?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

Other

20150818-1500-0ubuntu2
20150818-1500-0ubuntu3
20160307-0742-0ubuntu3
20160330-0939-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}