-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2023:4767-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4767 Issue date: 2023-08-28 CVE Names: CVE-2016-3709 ===================================================================== 1. Summary: An update for libxml2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Incorrect server side include parsing can lead to XSS (CVE-2016-3709) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The desktop must be restarted (log out, then log back in) for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2112766 - CVE-2016-3709 libxml2: Incorrect server side include parsing can lead to XSS 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.6): aarch64: libxml2-debuginfo-2.9.7-13.el8_6.2.aarch64.rpm libxml2-debugsource-2.9.7-13.el8_6.2.aarch64.rpm libxml2-devel-2.9.7-13.el8_6.2.aarch64.rpm python3-libxml2-debuginfo-2.9.7-13.el8_6.2.aarch64.rpm ppc64le: libxml2-debuginfo-2.9.7-13.el8_6.2.ppc64le.rpm libxml2-debugsource-2.9.7-13.el8_6.2.ppc64le.rpm libxml2-devel-2.9.7-13.el8_6.2.ppc64le.rpm python3-libxml2-debuginfo-2.9.7-13.el8_6.2.ppc64le.rpm s390x: libxml2-debuginfo-2.9.7-13.el8_6.2.s390x.rpm libxml2-debugsource-2.9.7-13.el8_6.2.s390x.rpm libxml2-devel-2.9.7-13.el8_6.2.s390x.rpm python3-libxml2-debuginfo-2.9.7-13.el8_6.2.s390x.rpm x86_64: libxml2-debuginfo-2.9.7-13.el8_6.2.i686.rpm libxml2-debuginfo-2.9.7-13.el8_6.2.x86_64.rpm libxml2-debugsource-2.9.7-13.el8_6.2.i686.rpm libxml2-debugsource-2.9.7-13.el8_6.2.x86_64.rpm libxml2-devel-2.9.7-13.el8_6.2.i686.rpm libxml2-devel-2.9.7-13.el8_6.2.x86_64.rpm python3-libxml2-debuginfo-2.9.7-13.el8_6.2.i686.rpm python3-libxml2-debuginfo-2.9.7-13.el8_6.2.x86_64.rpm Red Hat Enterprise Linux BaseOS EUS (v.8.6): Source: libxml2-2.9.7-13.el8_6.2.src.rpm aarch64: libxml2-2.9.7-13.el8_6.2.aarch64.rpm libxml2-debuginfo-2.9.7-13.el8_6.2.aarch64.rpm libxml2-debugsource-2.9.7-13.el8_6.2.aarch64.rpm python3-libxml2-2.9.7-13.el8_6.2.aarch64.rpm python3-libxml2-debuginfo-2.9.7-13.el8_6.2.aarch64.rpm ppc64le: libxml2-2.9.7-13.el8_6.2.ppc64le.rpm libxml2-debuginfo-2.9.7-13.el8_6.2.ppc64le.rpm libxml2-debugsource-2.9.7-13.el8_6.2.ppc64le.rpm python3-libxml2-2.9.7-13.el8_6.2.ppc64le.rpm python3-libxml2-debuginfo-2.9.7-13.el8_6.2.ppc64le.rpm s390x: libxml2-2.9.7-13.el8_6.2.s390x.rpm libxml2-debuginfo-2.9.7-13.el8_6.2.s390x.rpm libxml2-debugsource-2.9.7-13.el8_6.2.s390x.rpm python3-libxml2-2.9.7-13.el8_6.2.s390x.rpm python3-libxml2-debuginfo-2.9.7-13.el8_6.2.s390x.rpm x86_64: libxml2-2.9.7-13.el8_6.2.i686.rpm libxml2-2.9.7-13.el8_6.2.x86_64.rpm libxml2-debuginfo-2.9.7-13.el8_6.2.i686.rpm libxml2-debuginfo-2.9.7-13.el8_6.2.x86_64.rpm libxml2-debugsource-2.9.7-13.el8_6.2.i686.rpm libxml2-debugsource-2.9.7-13.el8_6.2.x86_64.rpm python3-libxml2-2.9.7-13.el8_6.2.x86_64.rpm python3-libxml2-debuginfo-2.9.7-13.el8_6.2.i686.rpm python3-libxml2-debuginfo-2.9.7-13.el8_6.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJk7LPSAAoJENzjgjWX9erE2FEP/ji43JgJkMmrcIftmCy3Y9f1 mLivqqw2EHCseBCnWHUvumxKs9QUJEmdtPryDh81t2gZn62avyLqIXs9u1lIUxLY jlf/Ah2S2oVgLUfnkWyY41OgkpRTo46kaWviBUrglSY13bfArLNeEfJcTALMLImx A7N1G/ipxYJUifHtjRDDtemlTBFPAqemfFy+lk1cxWd9rcjQWCJB6zAm4X/Mf4S8 93Vm+tsD7cx2lOJbNlgG54p+Z20I8vI283Sa23/NjargMXYp+8RTnmGiMageLZ6E WNT3yriBmJCIeiliZg62XjkqPjar4H8Qo7FVVf3u36t0I1nZwE08iSUd+jBdUHSn EpWL0U7W3sPoDusOhgPxVbUZ+ykLzc2mUeLNVkkTQgR3YfW1MxYohDUlHN9y0xw7 FfFszQAzS3LhTBbkE3na1KrxjtLIcf3J9cMfM2NVDLBC4jGIf3gcCccNQoEFU3EV YI3p9295AjMZa3cp9kgJofNPohdknVhpN9fENcMrMAVKOE6+R3otvBVC4gST+RuH 1dzBiHtvlTiYu6qUyTFgEJ+RbUBkWrPrMTEHHb0cyCFD4txN8UYZVFW6RNKwyaw1 DsuJNREu23DpfFAG/rGuTOAMdXYgQThMmbgrEm9HyY00v1JnuHrlVD3He5/DJ4jW hlWpQeuNx6cqLM0cn+Cz =dM4K -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce