Red Hat Product Errata RHSA-2020:3996 - Security Advisory

Issued:: 2020-09-29
Updated:: 2020-09-29

RHSA-2020:3996 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: libxml2 security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libxml2 is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956)
libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)
libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The desktop must be restarted (log out, then log back in) for this update to take effect.

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

BZ - 1788856 - CVE-2019-19956 libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c
BZ - 1799734 - CVE-2019-20388 libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c
BZ - 1799786 - CVE-2020-7595 libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations
BZ - 1812145 - XSD validation fails on xsd:any

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
libxml2-2.9.1-6.el7.5.src.rpm	SHA-256: 7dfa888e58802d47bfc60cd837848ff5df16dd9aa19b91b6c4736ab303579493
x86_64
libxml2-2.9.1-6.el7.5.i686.rpm	SHA-256: 06382f0dafa865334860fad8bc2f544683468c9c62484a3333388036fc7d78eb
libxml2-2.9.1-6.el7.5.x86_64.rpm	SHA-256: dac2ae10dbb0a09a7e6bd341044dfab1e63d8773c9b7582cbf2d40937180f7b0
libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm	SHA-256: a84e77400cb3973858ea44254e509e2e5abb79eb7ab7872ae3f412b8e775e2ef
libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm	SHA-256: a84e77400cb3973858ea44254e509e2e5abb79eb7ab7872ae3f412b8e775e2ef
libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm	SHA-256: 76292a1d41ebfcd81300a138b5e9fb08bb7bf03e7083e52bb08fe4668912d7dc
libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm	SHA-256: 76292a1d41ebfcd81300a138b5e9fb08bb7bf03e7083e52bb08fe4668912d7dc
libxml2-devel-2.9.1-6.el7.5.i686.rpm	SHA-256: 4bd96e7c85bfd0de508fef40334d15c826b153d1e349e9fb4af4112996b70fa0
libxml2-devel-2.9.1-6.el7.5.x86_64.rpm	SHA-256: dca8c6be09b651518f34a5b47364a112d8b3fac137ab22c99256f4f0b26a868b
libxml2-python-2.9.1-6.el7.5.x86_64.rpm	SHA-256: 80106cfbeb0b71d337022a01df8acc9dc4fc3205124be3db511ccf2d0b10c7c2
libxml2-static-2.9.1-6.el7.5.i686.rpm	SHA-256: 537b642dca536ce675c5e2dc1c80505c0f967da2bfe08cdf2ee4ecdb29e15d42
libxml2-static-2.9.1-6.el7.5.x86_64.rpm	SHA-256: 0ef6f45f812e9c351fc0970a862e18083850f71b3ff0809c6f6993324b14fbb6

Red Hat Enterprise Linux Workstation 7

SRPM
libxml2-2.9.1-6.el7.5.src.rpm	SHA-256: 7dfa888e58802d47bfc60cd837848ff5df16dd9aa19b91b6c4736ab303579493
x86_64
libxml2-2.9.1-6.el7.5.i686.rpm	SHA-256: 06382f0dafa865334860fad8bc2f544683468c9c62484a3333388036fc7d78eb
libxml2-2.9.1-6.el7.5.x86_64.rpm	SHA-256: dac2ae10dbb0a09a7e6bd341044dfab1e63d8773c9b7582cbf2d40937180f7b0
libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm	SHA-256: a84e77400cb3973858ea44254e509e2e5abb79eb7ab7872ae3f412b8e775e2ef
libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm	SHA-256: a84e77400cb3973858ea44254e509e2e5abb79eb7ab7872ae3f412b8e775e2ef
libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm	SHA-256: 76292a1d41ebfcd81300a138b5e9fb08bb7bf03e7083e52bb08fe4668912d7dc
libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm	SHA-256: 76292a1d41ebfcd81300a138b5e9fb08bb7bf03e7083e52bb08fe4668912d7dc
libxml2-devel-2.9.1-6.el7.5.i686.rpm	SHA-256: 4bd96e7c85bfd0de508fef40334d15c826b153d1e349e9fb4af4112996b70fa0
libxml2-devel-2.9.1-6.el7.5.x86_64.rpm	SHA-256: dca8c6be09b651518f34a5b47364a112d8b3fac137ab22c99256f4f0b26a868b
libxml2-python-2.9.1-6.el7.5.x86_64.rpm	SHA-256: 80106cfbeb0b71d337022a01df8acc9dc4fc3205124be3db511ccf2d0b10c7c2
libxml2-static-2.9.1-6.el7.5.i686.rpm	SHA-256: 537b642dca536ce675c5e2dc1c80505c0f967da2bfe08cdf2ee4ecdb29e15d42
libxml2-static-2.9.1-6.el7.5.x86_64.rpm	SHA-256: 0ef6f45f812e9c351fc0970a862e18083850f71b3ff0809c6f6993324b14fbb6

Red Hat Enterprise Linux Desktop 7

SRPM
libxml2-2.9.1-6.el7.5.src.rpm	SHA-256: 7dfa888e58802d47bfc60cd837848ff5df16dd9aa19b91b6c4736ab303579493
x86_64
libxml2-2.9.1-6.el7.5.i686.rpm	SHA-256: 06382f0dafa865334860fad8bc2f544683468c9c62484a3333388036fc7d78eb
libxml2-2.9.1-6.el7.5.x86_64.rpm	SHA-256: dac2ae10dbb0a09a7e6bd341044dfab1e63d8773c9b7582cbf2d40937180f7b0
libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm	SHA-256: a84e77400cb3973858ea44254e509e2e5abb79eb7ab7872ae3f412b8e775e2ef
libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm	SHA-256: a84e77400cb3973858ea44254e509e2e5abb79eb7ab7872ae3f412b8e775e2ef
libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm	SHA-256: 76292a1d41ebfcd81300a138b5e9fb08bb7bf03e7083e52bb08fe4668912d7dc
libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm	SHA-256: 76292a1d41ebfcd81300a138b5e9fb08bb7bf03e7083e52bb08fe4668912d7dc
libxml2-devel-2.9.1-6.el7.5.i686.rpm	SHA-256: 4bd96e7c85bfd0de508fef40334d15c826b153d1e349e9fb4af4112996b70fa0
libxml2-devel-2.9.1-6.el7.5.x86_64.rpm	SHA-256: dca8c6be09b651518f34a5b47364a112d8b3fac137ab22c99256f4f0b26a868b
libxml2-python-2.9.1-6.el7.5.x86_64.rpm	SHA-256: 80106cfbeb0b71d337022a01df8acc9dc4fc3205124be3db511ccf2d0b10c7c2
libxml2-static-2.9.1-6.el7.5.i686.rpm	SHA-256: 537b642dca536ce675c5e2dc1c80505c0f967da2bfe08cdf2ee4ecdb29e15d42
libxml2-static-2.9.1-6.el7.5.x86_64.rpm	SHA-256: 0ef6f45f812e9c351fc0970a862e18083850f71b3ff0809c6f6993324b14fbb6

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
libxml2-2.9.1-6.el7.5.src.rpm	SHA-256: 7dfa888e58802d47bfc60cd837848ff5df16dd9aa19b91b6c4736ab303579493
s390x
libxml2-2.9.1-6.el7.5.s390.rpm	SHA-256: 9a1c862efb97120423961f303c37754663834776583a702b0aefe1be84b2341d
libxml2-2.9.1-6.el7.5.s390x.rpm	SHA-256: 49a6d905e94171e9bbbaedd39d1f8728d70fc2ec5639e57b136201ac0566bfec
libxml2-debuginfo-2.9.1-6.el7.5.s390.rpm	SHA-256: 683c88e30c43b905d8de094295312f779f8d6434eee71ae30028de0fbc2a4045
libxml2-debuginfo-2.9.1-6.el7.5.s390.rpm	SHA-256: 683c88e30c43b905d8de094295312f779f8d6434eee71ae30028de0fbc2a4045
libxml2-debuginfo-2.9.1-6.el7.5.s390x.rpm	SHA-256: d207046539a089b8ec66e5e6c6dfaf8f3e85ad67176a9109dc5d46af1b774799
libxml2-debuginfo-2.9.1-6.el7.5.s390x.rpm	SHA-256: d207046539a089b8ec66e5e6c6dfaf8f3e85ad67176a9109dc5d46af1b774799
libxml2-devel-2.9.1-6.el7.5.s390.rpm	SHA-256: e6858097ba1a1cbd99fc97ec09071004aa1199a4293f504dc6822c95ca57614a
libxml2-devel-2.9.1-6.el7.5.s390x.rpm	SHA-256: 6b808ed5f11982490e63f6c41fb03ecff32379ba559e818169d74abb3093ba66
libxml2-python-2.9.1-6.el7.5.s390x.rpm	SHA-256: 3ef6dab410d66c472615639ccdd318d9a347119e67b6e28eeb1d127741aedb95
libxml2-static-2.9.1-6.el7.5.s390.rpm	SHA-256: 57edcffd8e214c2900c9599aec41bf664818573bb8f184e709d557dd85e0265d
libxml2-static-2.9.1-6.el7.5.s390x.rpm	SHA-256: db9c6062ba7bb2651297731446a7c6d8c244a922b28ec58eb73050142dab8ee2

Red Hat Enterprise Linux for Power, big endian 7

SRPM
libxml2-2.9.1-6.el7.5.src.rpm	SHA-256: 7dfa888e58802d47bfc60cd837848ff5df16dd9aa19b91b6c4736ab303579493
ppc64
libxml2-2.9.1-6.el7.5.ppc.rpm	SHA-256: fce481d24cde0cf870fbf1b9d4234776907595ecc458b6dbc8990dba7f693560
libxml2-2.9.1-6.el7.5.ppc64.rpm	SHA-256: c8c0b0611343783d325659a79f5b54f2b8ec3cb19486bf8cc0c1501194e04651
libxml2-debuginfo-2.9.1-6.el7.5.ppc.rpm	SHA-256: 46daa5e48f0000b33e0574e2fa6ddb446f83bdbb5024e4ed2d65f931a18db875
libxml2-debuginfo-2.9.1-6.el7.5.ppc.rpm	SHA-256: 46daa5e48f0000b33e0574e2fa6ddb446f83bdbb5024e4ed2d65f931a18db875
libxml2-debuginfo-2.9.1-6.el7.5.ppc64.rpm	SHA-256: e6fcf10ea745f1b2e59f75585b3a5d9b5a5bf3c1a4115b7b389992edd4b5fea1
libxml2-debuginfo-2.9.1-6.el7.5.ppc64.rpm	SHA-256: e6fcf10ea745f1b2e59f75585b3a5d9b5a5bf3c1a4115b7b389992edd4b5fea1
libxml2-devel-2.9.1-6.el7.5.ppc.rpm	SHA-256: d6876b41e17b40da5ff33aeeeef6479fd738dbfb0a307df8221a5544a61a757d
libxml2-devel-2.9.1-6.el7.5.ppc64.rpm	SHA-256: 77096f952d01a3c3a40c8310d75c1c75320ce3a66bf12821dcf9089196a0a045
libxml2-python-2.9.1-6.el7.5.ppc64.rpm	SHA-256: 8ba36cc72eeb0bc5e070f51747ee6fe92c2fed9f1cb09a2190813260228d811a
libxml2-static-2.9.1-6.el7.5.ppc.rpm	SHA-256: 09bc08d0363c65f28b5f64ea1c0418fe86b8f0ebb7cd56a28605ec14d99bc7f4
libxml2-static-2.9.1-6.el7.5.ppc64.rpm	SHA-256: 07dd72b5e2ce3e1f6e75dcff0add3541d403a685c3348ec0dc621b4def679065

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
libxml2-2.9.1-6.el7.5.src.rpm	SHA-256: 7dfa888e58802d47bfc60cd837848ff5df16dd9aa19b91b6c4736ab303579493
x86_64
libxml2-2.9.1-6.el7.5.i686.rpm	SHA-256: 06382f0dafa865334860fad8bc2f544683468c9c62484a3333388036fc7d78eb
libxml2-2.9.1-6.el7.5.x86_64.rpm	SHA-256: dac2ae10dbb0a09a7e6bd341044dfab1e63d8773c9b7582cbf2d40937180f7b0
libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm	SHA-256: a84e77400cb3973858ea44254e509e2e5abb79eb7ab7872ae3f412b8e775e2ef
libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm	SHA-256: a84e77400cb3973858ea44254e509e2e5abb79eb7ab7872ae3f412b8e775e2ef
libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm	SHA-256: 76292a1d41ebfcd81300a138b5e9fb08bb7bf03e7083e52bb08fe4668912d7dc
libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm	SHA-256: 76292a1d41ebfcd81300a138b5e9fb08bb7bf03e7083e52bb08fe4668912d7dc
libxml2-devel-2.9.1-6.el7.5.i686.rpm	SHA-256: 4bd96e7c85bfd0de508fef40334d15c826b153d1e349e9fb4af4112996b70fa0
libxml2-devel-2.9.1-6.el7.5.x86_64.rpm	SHA-256: dca8c6be09b651518f34a5b47364a112d8b3fac137ab22c99256f4f0b26a868b
libxml2-python-2.9.1-6.el7.5.x86_64.rpm	SHA-256: 80106cfbeb0b71d337022a01df8acc9dc4fc3205124be3db511ccf2d0b10c7c2
libxml2-static-2.9.1-6.el7.5.i686.rpm	SHA-256: 537b642dca536ce675c5e2dc1c80505c0f967da2bfe08cdf2ee4ecdb29e15d42
libxml2-static-2.9.1-6.el7.5.x86_64.rpm	SHA-256: 0ef6f45f812e9c351fc0970a862e18083850f71b3ff0809c6f6993324b14fbb6

Red Hat Enterprise Linux for Power, little endian 7

SRPM
libxml2-2.9.1-6.el7.5.src.rpm	SHA-256: 7dfa888e58802d47bfc60cd837848ff5df16dd9aa19b91b6c4736ab303579493
ppc64le
libxml2-2.9.1-6.el7.5.ppc64le.rpm	SHA-256: a3f2e6fe26ee638d51cef036d5c21f3c7475fc1d0c075e9b0b19527e2de815f1
libxml2-debuginfo-2.9.1-6.el7.5.ppc64le.rpm	SHA-256: 94d45223a6744e10f03120961cc531bd4b317b98b1ef76f6038da25ac35bf41b
libxml2-debuginfo-2.9.1-6.el7.5.ppc64le.rpm	SHA-256: 94d45223a6744e10f03120961cc531bd4b317b98b1ef76f6038da25ac35bf41b
libxml2-devel-2.9.1-6.el7.5.ppc64le.rpm	SHA-256: 0b28211e12406289e28b9b6a4e67d8397f7375ee4ef1eb5684b1e9efcfd4ad43
libxml2-python-2.9.1-6.el7.5.ppc64le.rpm	SHA-256: cace7cb0c176f7d682dd29e06e71ccabcf5f81ddd79c3ac1dd55947dbdf8c13f
libxml2-static-2.9.1-6.el7.5.ppc64le.rpm	SHA-256: 2bba051b8e79e186c646c18568c7d49452550bcaad333e2a8bb0d9bd98679921

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories