CLD-223 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-15412 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) libxml2
Deficiency Type SECURITY
Date Created 2018-01-13 11:29:40
Date Last Modified 2018-01-13 18:30:50

Version Specific Information:

Cucumber 1.0 i686fixed in libxml2-2.9.7-i686-1
Cucumber 1.0 x86_64fixed in libxml2-2.9.7-x86_64-1 and libxml2-lib_i686-2.9.7-lib_i686-1

Cucumber 1.1 i686 fixed in libxml2-2.9.7-i686-1
Cucumber 1.1 x86_64 fixed in libxml2-2.9.7-x86_64-1 and libxml2-lib_i686-2.9.7-lib_i686-1


================================= Our Analysis =================================

----- Affected Products -----
Versions of libxml2 without the patch
applied are vulnerable (the patch was applied in the release of libxml 2.9.6).
This includes libxml2 as originally packaged in Cucumber Linux 1.0 and 1.1.

----- Scope and Impact of this Vulnerability -----
Use after free resulting in possible memory corruption.

----- Fix for this Vulnerability -----
Fixed by commit

================================= Our Solution =================================

We have applied the aforementioned patch and rebuilt.