CVE-2016-4658 on libxml2

Support for security such as Firewalls and securing linux
Post Reply
cowboyzeroone
Posts: 2
Joined: 2021/10/21 15:37:01

CVE-2016-4658 on libxml2

Post by cowboyzeroone » 2021/10/21 15:43:09

[ ] libxml2-2.9.1-6.el7.5.i686.rpm 2021-10-15 14:01 654K
[ ] libxml2-2.9.1-6.el7.5.x86_64.rpm 2021-10-15 14:00 668K

Looks like it was updated on 10-15-2021, but the changelog for package has not been updated. I am assuming the new package was to address CVE-2016-4658, as RH updated and addressed the issue with this a couple days prior.

Anyone confirm it was addressed, and that the changelog on the package has not been updated?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2016-4658 on libxml2

Post by TrevorH » 2021/10/21 16:04:33

No, this looks like a missing update. The RHEL 7 copy is libxml2-2.9.1-6.el7_9.6.x86_64 and the changelog there says "Fix CVE-2016-4658 (#1966916)".

I have informed the person who builds all this lot but perhaps a bug report on bugs.centos.org would be a good thing.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

cowboyzeroone
Posts: 2
Joined: 2021/10/21 15:37:01

Re: CVE-2016-4658 on libxml2

Post by cowboyzeroone » 2021/10/21 16:16:43


Post Reply