RHSA-2021:2569: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es):

• libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516)
• libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517)
• libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518)
• libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537)
• libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
• CVE-2021-3516: libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c
• CVE-2021-3517: libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c
• CVE-2021-3518: libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c
• CVE-2021-3537: libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode
• CVE-2021-3541: libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms