Subject: [ASA-201611-2] libxml2: arbitrary code execution Arch Linux Security Advisory ASA-201611-2 ========================================= Severity: Critical Date : 2016-11-01 CVE-ID : CVE-2016-4658 CVE-2016-5131 Package : libxml2 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-56 Summary ======= The package libxml2 before version 2.9.4+12+ge905f08-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 2.9.4+12+ge905f08-1. # pacman -Syu "libxml2>=2.9.4+12+ge905f08-1" The problems have been fixed upstream but no release is available yet. Workaround ========== None. Description =========== - CVE-2016-4658 (arbitrary code execution) A use-after-free vulnerability via namespace nodes in XPointer ranges was found in libxml2. - CVE-2016-5131 (arbitrary code execution) Bugs in xmlXPathEvalExpr and xmlXPtrRangeToFunction can lead to a use- after-free and allow control of the instruction pointer. Impact ====== A remote attacker is able to use a specially crafted XPath payload to execute arbitrary code. References ========== https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b https://bugzilla.redhat.com/show_bug.cgi?id=1384424 https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e https://bugs.chromium.org/p/chromium/issues/detail?id=623378 https://security.archlinux.org/CVE-2016-4658 https://security.archlinux.org/CVE-2016-5131