ASA-201801-15 generated external raw

[ASA-201801-15] perl-xml-libxml: arbitrary code execution
Arch Linux Security Advisory ASA-201801-15 ========================================== Severity: High Date : 2018-01-18 CVE-ID : CVE-2017-10672 Package : perl-xml-libxml Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-501 Summary ======= The package perl-xml-libxml before version 2.0130-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 2.0130-1. # pacman -Syu "perl-xml-libxml>=2.0130-1" The problem has been fixed upstream in version 2.0130. Workaround ========== None. Description =========== A use-after-free vulnerability has been discovered in the perl XML- LibXML module before 2.0130 which allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call. Impact ====== A remote attacker is able to execute arbitrary code on the affected host by controlling the arguments to a replaceChild call. References ========== https://bugs.archlinux.org/task/56377 https://rt.cpan.org/Public/Bug/Display.html?id=122246 https://security.archlinux.org/CVE-2017-10672