Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2020:3996 - Security Advisory
Issued:
2020-09-29
Updated:
2020-09-29

RHSA-2020:3996 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: libxml2 security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libxml2 is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

  • libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956)
  • libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)
  • libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The desktop must be restarted (log out, then log back in) for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 1788856 - CVE-2019-19956 libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c
  • BZ - 1799734 - CVE-2019-20388 libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c
  • BZ - 1799786 - CVE-2020-7595 libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations
  • BZ - 1812145 - XSD validation fails on xsd:any

CVEs

  • CVE-2019-19956
  • CVE-2019-20388
  • CVE-2020-7595

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
libxml2-2.9.1-6.el7.5.src.rpm SHA-256: 7dfa888e58802d47bfc60cd837848ff5df16dd9aa19b91b6c4736ab303579493
x86_64
libxml2-2.9.1-6.el7.5.i686.rpm SHA-256: 06382f0dafa865334860fad8bc2f544683468c9c62484a3333388036fc7d78eb
libxml2-2.9.1-6.el7.5.x86_64.rpm SHA-256: dac2ae10dbb0a09a7e6bd341044dfab1e63d8773c9b7582cbf2d40937180f7b0
libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm SHA-256: a84e77400cb3973858ea44254e509e2e5abb79eb7ab7872ae3f412b8e775e2ef
libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm SHA-256: a84e77400cb3973858ea44254e509e2e5abb79eb7ab7872ae3f412b8e775e2ef
libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm SHA-256: 76292a1d41ebfcd81300a138b5e9fb08bb7bf03e7083e52bb08fe4668912d7dc
libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm SHA-256: 76292a1d41ebfcd81300a138b5e9fb08bb7bf03e7083e52bb08fe4668912d7dc
libxml2-devel-2.9.1-6.el7.5.i686.rpm SHA-256: 4bd96e7c85bfd0de508fef40334d15c826b153d1e349e9fb4af4112996b70fa0
libxml2-devel-2.9.1-6.el7.5.x86_64.rpm SHA-256: dca8c6be09b651518f34a5b47364a112d8b3fac137ab22c99256f4f0b26a868b
libxml2-python-2.9.1-6.el7.5.x86_64.rpm SHA-256: 80106cfbeb0b71d337022a01df8acc9dc4fc3205124be3db511ccf2d0b10c7c2
libxml2-static-2.9.1-6.el7.5.i686.rpm SHA-256: 537b642dca536ce675c5e2dc1c80505c0f967da2bfe08cdf2ee4ecdb29e15d42
libxml2-static-2.9.1-6.el7.5.x86_64.rpm SHA-256: 0ef6f45f812e9c351fc0970a862e18083850f71b3ff0809c6f6993324b14fbb6

Red Hat Enterprise Linux Workstation 7

SRPM
libxml2-2.9.1-6.el7.5.src.rpm SHA-256: 7dfa888e58802d47bfc60cd837848ff5df16dd9aa19b91b6c4736ab303579493
x86_64
libxml2-2.9.1-6.el7.5.i686.rpm SHA-256: 06382f0dafa865334860fad8bc2f544683468c9c62484a3333388036fc7d78eb
libxml2-2.9.1-6.el7.5.x86_64.rpm SHA-256: dac2ae10dbb0a09a7e6bd341044dfab1e63d8773c9b7582cbf2d40937180f7b0
libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm SHA-256: a84e77400cb3973858ea44254e509e2e5abb79eb7ab7872ae3f412b8e775e2ef
libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm SHA-256: a84e77400cb3973858ea44254e509e2e5abb79eb7ab7872ae3f412b8e775e2ef
libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm SHA-256: 76292a1d41ebfcd81300a138b5e9fb08bb7bf03e7083e52bb08fe4668912d7dc
libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm SHA-256: 76292a1d41ebfcd81300a138b5e9fb08bb7bf03e7083e52bb08fe4668912d7dc
libxml2-devel-2.9.1-6.el7.5.i686.rpm SHA-256: 4bd96e7c85bfd0de508fef40334d15c826b153d1e349e9fb4af4112996b70fa0
libxml2-devel-2.9.1-6.el7.5.x86_64.rpm SHA-256: dca8c6be09b651518f34a5b47364a112d8b3fac137ab22c99256f4f0b26a868b
libxml2-python-2.9.1-6.el7.5.x86_64.rpm SHA-256: 80106cfbeb0b71d337022a01df8acc9dc4fc3205124be3db511ccf2d0b10c7c2
libxml2-static-2.9.1-6.el7.5.i686.rpm SHA-256: 537b642dca536ce675c5e2dc1c80505c0f967da2bfe08cdf2ee4ecdb29e15d42
libxml2-static-2.9.1-6.el7.5.x86_64.rpm SHA-256: 0ef6f45f812e9c351fc0970a862e18083850f71b3ff0809c6f6993324b14fbb6

Red Hat Enterprise Linux Desktop 7

SRPM
libxml2-2.9.1-6.el7.5.src.rpm SHA-256: 7dfa888e58802d47bfc60cd837848ff5df16dd9aa19b91b6c4736ab303579493
x86_64
libxml2-2.9.1-6.el7.5.i686.rpm SHA-256: 06382f0dafa865334860fad8bc2f544683468c9c62484a3333388036fc7d78eb
libxml2-2.9.1-6.el7.5.x86_64.rpm SHA-256: dac2ae10dbb0a09a7e6bd341044dfab1e63d8773c9b7582cbf2d40937180f7b0
libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm SHA-256: a84e77400cb3973858ea44254e509e2e5abb79eb7ab7872ae3f412b8e775e2ef
libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm SHA-256: a84e77400cb3973858ea44254e509e2e5abb79eb7ab7872ae3f412b8e775e2ef
libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm SHA-256: 76292a1d41ebfcd81300a138b5e9fb08bb7bf03e7083e52bb08fe4668912d7dc
libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm SHA-256: 76292a1d41ebfcd81300a138b5e9fb08bb7bf03e7083e52bb08fe4668912d7dc
libxml2-devel-2.9.1-6.el7.5.i686.rpm SHA-256: 4bd96e7c85bfd0de508fef40334d15c826b153d1e349e9fb4af4112996b70fa0
libxml2-devel-2.9.1-6.el7.5.x86_64.rpm SHA-256: dca8c6be09b651518f34a5b47364a112d8b3fac137ab22c99256f4f0b26a868b
libxml2-python-2.9.1-6.el7.5.x86_64.rpm SHA-256: 80106cfbeb0b71d337022a01df8acc9dc4fc3205124be3db511ccf2d0b10c7c2
libxml2-static-2.9.1-6.el7.5.i686.rpm SHA-256: 537b642dca536ce675c5e2dc1c80505c0f967da2bfe08cdf2ee4ecdb29e15d42
libxml2-static-2.9.1-6.el7.5.x86_64.rpm SHA-256: 0ef6f45f812e9c351fc0970a862e18083850f71b3ff0809c6f6993324b14fbb6

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
libxml2-2.9.1-6.el7.5.src.rpm SHA-256: 7dfa888e58802d47bfc60cd837848ff5df16dd9aa19b91b6c4736ab303579493
s390x
libxml2-2.9.1-6.el7.5.s390.rpm SHA-256: 9a1c862efb97120423961f303c37754663834776583a702b0aefe1be84b2341d
libxml2-2.9.1-6.el7.5.s390x.rpm SHA-256: 49a6d905e94171e9bbbaedd39d1f8728d70fc2ec5639e57b136201ac0566bfec
libxml2-debuginfo-2.9.1-6.el7.5.s390.rpm SHA-256: 683c88e30c43b905d8de094295312f779f8d6434eee71ae30028de0fbc2a4045
libxml2-debuginfo-2.9.1-6.el7.5.s390.rpm SHA-256: 683c88e30c43b905d8de094295312f779f8d6434eee71ae30028de0fbc2a4045
libxml2-debuginfo-2.9.1-6.el7.5.s390x.rpm SHA-256: d207046539a089b8ec66e5e6c6dfaf8f3e85ad67176a9109dc5d46af1b774799
libxml2-debuginfo-2.9.1-6.el7.5.s390x.rpm SHA-256: d207046539a089b8ec66e5e6c6dfaf8f3e85ad67176a9109dc5d46af1b774799
libxml2-devel-2.9.1-6.el7.5.s390.rpm SHA-256: e6858097ba1a1cbd99fc97ec09071004aa1199a4293f504dc6822c95ca57614a
libxml2-devel-2.9.1-6.el7.5.s390x.rpm SHA-256: 6b808ed5f11982490e63f6c41fb03ecff32379ba559e818169d74abb3093ba66
libxml2-python-2.9.1-6.el7.5.s390x.rpm SHA-256: 3ef6dab410d66c472615639ccdd318d9a347119e67b6e28eeb1d127741aedb95
libxml2-static-2.9.1-6.el7.5.s390.rpm SHA-256: 57edcffd8e214c2900c9599aec41bf664818573bb8f184e709d557dd85e0265d
libxml2-static-2.9.1-6.el7.5.s390x.rpm SHA-256: db9c6062ba7bb2651297731446a7c6d8c244a922b28ec58eb73050142dab8ee2

Red Hat Enterprise Linux for Power, big endian 7

SRPM
libxml2-2.9.1-6.el7.5.src.rpm SHA-256: 7dfa888e58802d47bfc60cd837848ff5df16dd9aa19b91b6c4736ab303579493
ppc64
libxml2-2.9.1-6.el7.5.ppc.rpm SHA-256: fce481d24cde0cf870fbf1b9d4234776907595ecc458b6dbc8990dba7f693560
libxml2-2.9.1-6.el7.5.ppc64.rpm SHA-256: c8c0b0611343783d325659a79f5b54f2b8ec3cb19486bf8cc0c1501194e04651
libxml2-debuginfo-2.9.1-6.el7.5.ppc.rpm SHA-256: 46daa5e48f0000b33e0574e2fa6ddb446f83bdbb5024e4ed2d65f931a18db875
libxml2-debuginfo-2.9.1-6.el7.5.ppc.rpm SHA-256: 46daa5e48f0000b33e0574e2fa6ddb446f83bdbb5024e4ed2d65f931a18db875
libxml2-debuginfo-2.9.1-6.el7.5.ppc64.rpm SHA-256: e6fcf10ea745f1b2e59f75585b3a5d9b5a5bf3c1a4115b7b389992edd4b5fea1
libxml2-debuginfo-2.9.1-6.el7.5.ppc64.rpm SHA-256: e6fcf10ea745f1b2e59f75585b3a5d9b5a5bf3c1a4115b7b389992edd4b5fea1
libxml2-devel-2.9.1-6.el7.5.ppc.rpm SHA-256: d6876b41e17b40da5ff33aeeeef6479fd738dbfb0a307df8221a5544a61a757d
libxml2-devel-2.9.1-6.el7.5.ppc64.rpm SHA-256: 77096f952d01a3c3a40c8310d75c1c75320ce3a66bf12821dcf9089196a0a045
libxml2-python-2.9.1-6.el7.5.ppc64.rpm SHA-256: 8ba36cc72eeb0bc5e070f51747ee6fe92c2fed9f1cb09a2190813260228d811a
libxml2-static-2.9.1-6.el7.5.ppc.rpm SHA-256: 09bc08d0363c65f28b5f64ea1c0418fe86b8f0ebb7cd56a28605ec14d99bc7f4
libxml2-static-2.9.1-6.el7.5.ppc64.rpm SHA-256: 07dd72b5e2ce3e1f6e75dcff0add3541d403a685c3348ec0dc621b4def679065

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
libxml2-2.9.1-6.el7.5.src.rpm SHA-256: 7dfa888e58802d47bfc60cd837848ff5df16dd9aa19b91b6c4736ab303579493
x86_64
libxml2-2.9.1-6.el7.5.i686.rpm SHA-256: 06382f0dafa865334860fad8bc2f544683468c9c62484a3333388036fc7d78eb
libxml2-2.9.1-6.el7.5.x86_64.rpm SHA-256: dac2ae10dbb0a09a7e6bd341044dfab1e63d8773c9b7582cbf2d40937180f7b0
libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm SHA-256: a84e77400cb3973858ea44254e509e2e5abb79eb7ab7872ae3f412b8e775e2ef
libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm SHA-256: a84e77400cb3973858ea44254e509e2e5abb79eb7ab7872ae3f412b8e775e2ef
libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm SHA-256: 76292a1d41ebfcd81300a138b5e9fb08bb7bf03e7083e52bb08fe4668912d7dc
libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm SHA-256: 76292a1d41ebfcd81300a138b5e9fb08bb7bf03e7083e52bb08fe4668912d7dc
libxml2-devel-2.9.1-6.el7.5.i686.rpm SHA-256: 4bd96e7c85bfd0de508fef40334d15c826b153d1e349e9fb4af4112996b70fa0
libxml2-devel-2.9.1-6.el7.5.x86_64.rpm SHA-256: dca8c6be09b651518f34a5b47364a112d8b3fac137ab22c99256f4f0b26a868b
libxml2-python-2.9.1-6.el7.5.x86_64.rpm SHA-256: 80106cfbeb0b71d337022a01df8acc9dc4fc3205124be3db511ccf2d0b10c7c2
libxml2-static-2.9.1-6.el7.5.i686.rpm SHA-256: 537b642dca536ce675c5e2dc1c80505c0f967da2bfe08cdf2ee4ecdb29e15d42
libxml2-static-2.9.1-6.el7.5.x86_64.rpm SHA-256: 0ef6f45f812e9c351fc0970a862e18083850f71b3ff0809c6f6993324b14fbb6

Red Hat Enterprise Linux for Power, little endian 7

SRPM
libxml2-2.9.1-6.el7.5.src.rpm SHA-256: 7dfa888e58802d47bfc60cd837848ff5df16dd9aa19b91b6c4736ab303579493
ppc64le
libxml2-2.9.1-6.el7.5.ppc64le.rpm SHA-256: a3f2e6fe26ee638d51cef036d5c21f3c7475fc1d0c075e9b0b19527e2de815f1
libxml2-debuginfo-2.9.1-6.el7.5.ppc64le.rpm SHA-256: 94d45223a6744e10f03120961cc531bd4b317b98b1ef76f6038da25ac35bf41b
libxml2-debuginfo-2.9.1-6.el7.5.ppc64le.rpm SHA-256: 94d45223a6744e10f03120961cc531bd4b317b98b1ef76f6038da25ac35bf41b
libxml2-devel-2.9.1-6.el7.5.ppc64le.rpm SHA-256: 0b28211e12406289e28b9b6a4e67d8397f7375ee4ef1eb5684b1e9efcfd4ad43
libxml2-python-2.9.1-6.el7.5.ppc64le.rpm SHA-256: cace7cb0c176f7d682dd29e06e71ccabcf5f81ddd79c3ac1dd55947dbdf8c13f
libxml2-static-2.9.1-6.el7.5.ppc64le.rpm SHA-256: 2bba051b8e79e186c646c18568c7d49452550bcaad333e2a8bb0d9bd98679921

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter