An use-after-free was found in libxml2 in xmlXIncludeDoProcess() in xinclude.c when processing crafted files. Reference: https://gitlab.gnome.org/GNOME/libxml2/-/issues/237 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7
Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1954243] Created mingw-libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1954244]
Acknowledgments: Name: zodf0055980 (SQLab NCTU Taiwan)
Statement: This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2569 https://access.redhat.com/errata/RHSA-2021:2569
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3518
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2022:1390 https://access.redhat.com/errata/RHSA-2022:1390
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2022:1389 https://access.redhat.com/errata/RHSA-2022:1389