{"id":"SUSE-SU-2021:14729-1","summary":"Security update for libxml2","details":"This update for libxml2 fixes the following issues:\n\nSecurity issues fixed:  \n\n- CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698)\n- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).\n- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).\n- CVE-2021-3516: Fixed a use after free in xmlEncodeEntitiesInternal() in entities.c (bsc#1185409)\n- CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179).\t  \n- CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521).\n- CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517).\n- CVE-2019-19956: Fixed a memory leak in xmlParseBalancedChunkMemoryRecover (bsc#1159928).\n","modified":"2026-02-04T03:31:40.459528Z","published":"2021-05-19T14:41:30Z","related":["CVE-2014-0191","CVE-2019-19956","CVE-2019-20388","CVE-2020-24977","CVE-2020-7595","CVE-2021-3516","CVE-2021-3517","CVE-2021-3518","CVE-2021-3537"],"upstream":["CVE-2014-0191","CVE-2019-19956","CVE-2019-20388","CVE-2020-24977","CVE-2020-7595","CVE-2021-3516","CVE-2021-3517","CVE-2021-3518","CVE-2021-3537"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-202114729-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159928"},{"type":"REPORT","url":"https://bugzilla.suse.com/1161517"},{"type":"REPORT","url":"https://bugzilla.suse.com/1161521"},{"type":"REPORT","url":"https://bugzilla.suse.com/1176179"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185408"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185409"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185410"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185698"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-0191"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-19956"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-20388"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-24977"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-7595"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3516"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3517"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3518"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3537"}],"affected":[{"package":{"name":"libxml2","ecosystem":"SUSE:Linux Enterprise Point of Sale 11 SP3","purl":"pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.6-0.77.36.1"}]}],"ecosystem_specific":{"binaries":[{"libxml2-doc":"2.7.6-0.77.36.1","libxml2-python":"2.7.6-0.77.36.1","libxml2":"2.7.6-0.77.36.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:14729-1.json"}},{"package":{"name":"libxml2-python","ecosystem":"SUSE:Linux Enterprise Point of Sale 11 SP3","purl":"pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.6-0.77.36.1"}]}],"ecosystem_specific":{"binaries":[{"libxml2-doc":"2.7.6-0.77.36.1","libxml2-python":"2.7.6-0.77.36.1","libxml2":"2.7.6-0.77.36.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:14729-1.json"}},{"package":{"name":"libxml2","ecosystem":"SUSE:Linux Enterprise Server 11 SP4-LTSS","purl":"pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.6-0.77.36.1"}]}],"ecosystem_specific":{"binaries":[{"libxml2-doc":"2.7.6-0.77.36.1","libxml2-python":"2.7.6-0.77.36.1","libxml2":"2.7.6-0.77.36.1","libxml2-32bit":"2.7.6-0.77.36.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:14729-1.json"}},{"package":{"name":"libxml2-python","ecosystem":"SUSE:Linux Enterprise Server 11 SP4-LTSS","purl":"pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.6-0.77.36.1"}]}],"ecosystem_specific":{"binaries":[{"libxml2-doc":"2.7.6-0.77.36.1","libxml2-python":"2.7.6-0.77.36.1","libxml2":"2.7.6-0.77.36.1","libxml2-32bit":"2.7.6-0.77.36.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:14729-1.json"}}],"schema_version":"1.7.3"}