A vulnerability was found in a way libxml2 parses certain files. With the libxml2 in recovery mode, a maliciously crafted filed could cause libxml2 to crash. References: http://seclists.org/oss-sec/2016/q1/682 CVE assignment: http://seclists.org/oss-sec/2016/q1/683
Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1319830]
Created mingw-libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1319831] Affects: epel-7 [bug 1319832]
Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=762100 (private) Patch: https://git.gnome.org/browse/libxml2/commit/?id=bdd66182ef53fe1f7209ab6535fda56366bd7ac9
*** Bug 1332820 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2016:1292 https://access.redhat.com/errata/RHSA-2016:1292
This issue has been addressed in the following products: Via RHSA-2016:2957 https://rhn.redhat.com/errata/RHSA-2016-2957.html