CLD-223 Details
Other IDs this deficiency may be known by:
Basic Information:
Affected Package(s) |
libxml2 |
Deficiency Type |
SECURITY |
Date Created |
2018-01-13 11:29:40 |
Date Last Modified |
2018-01-13 18:30:50 |
Version Specific Information:
Cucumber 1.0 i686 | fixed in libxml2-2.9.7-i686-1 |
Cucumber 1.0 x86_64 | fixed in libxml2-2.9.7-x86_64-1 and libxml2-lib_i686-2.9.7-lib_i686-1 |
Cucumber 1.1 i686 |
fixed in libxml2-2.9.7-i686-1 |
Cucumber 1.1 x86_64 |
fixed in libxml2-2.9.7-x86_64-1 and libxml2-lib_i686-2.9.7-lib_i686-1 |
Details:
================================= Our Analysis =================================
----- Affected Products -----
Versions of libxml2 without the patch
https://git.gnome.org/browse/libxml2/commit/?id=0f3b843b3534784ef57a4f9b874238aa1fda5a73
applied are vulnerable (the patch was applied in the release of libxml 2.9.6).
This includes libxml2 as originally packaged in Cucumber Linux 1.0 and 1.1.
----- Scope and Impact of this Vulnerability -----
Use after free resulting in possible memory corruption.
----- Fix for this Vulnerability -----
Fixed by commit
https://git.gnome.org/browse/libxml2/commit/?id=0f3b843b3534784ef57a4f9b874238aa1fda5a73
================================= Our Solution =================================
We have applied the aforementioned patch and rebuilt.