Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-3517
Vulnerability from cvelistv5
Published
2021-05-19 13:45
Modified
2024-08-03 16:53
Severity ?
EPSS score ?
Summary
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:53:17.731Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "FEDORA-2021-e3ed1ba38b", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/" }, { "name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232" }, { "name": "FEDORA-2021-b950000d2b", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/" }, { "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { "name": "GLSA-202107-05", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202107-05" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210625-0002/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211022-0004/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libxml2", "vendor": "n/a", "versions": [ { "status": "affected", "version": "libxml2 2.9.11" } ] } ], "descriptions": [ { "lang": "en", "value": "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-25T16:35:17", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "FEDORA-2021-e3ed1ba38b", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/" }, { "name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232" }, { "name": "FEDORA-2021-b950000d2b", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/" }, { "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { "name": "GLSA-202107-05", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202107-05" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210625-0002/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211022-0004/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3517", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "libxml2", "version": { "version_data": [ { "version_value": "libxml2 2.9.11" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "FEDORA-2021-e3ed1ba38b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/" }, { "name": "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232" }, { "name": "FEDORA-2021-b950000d2b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/" }, { "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" }, { "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" }, { "name": "GLSA-202107-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202107-05" }, { "name": "https://security.netapp.com/advisory/ntap-20210625-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210625-0002/" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20211022-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211022-0004/" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3517", "datePublished": "2021-05-19T13:45:00", "dateReserved": "2021-04-27T00:00:00", "dateUpdated": "2024-08-03T16:53:17.731Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-3517\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-05-19T14:15:07.553\",\"lastModified\":\"2024-11-21T06:21:44.107\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.\"},{\"lang\":\"es\",\"value\":\"Se presenta un fallo en la funcionalidad xml entity encoding de libxml2 en versiones anteriores a 2.9.11.\u0026#xa0;Un atacante que sea capaz de proporcionar un archivo dise\u00f1ado para que sea procesado por una aplicaci\u00f3n vinculada con la funcionalidad afectada de libxml2 podr\u00eda desencadenar una lectura fuera de los l\u00edmites.\u0026#xa0;El impacto m\u00e1s probable de este fallo es la disponibilidad de la aplicaci\u00f3n, con alg\u00fan impacto potencial en la confidencialidad e integridad si un atacante puede usar la informaci\u00f3n de la memoria para explotar a\u00fan m\u00e1s la aplicaci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.9.11\",\"matchCriteriaId\":\"208AF535-5D38-45B4-B227-2892611C5A20\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B453CF7-9AA6-4B94-A003-BF7AE0B82F53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FE996B1-6951-4F85-AA58-B99A379D2163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62347994-1353-497C-9C4A-D5D8D95F67E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.70.1\",\"matchCriteriaId\":\"FF971916-C526-43A9-BD80-985BCC476569\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D9CC59D-6182-4B5E-96B5-226FCD343916\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*\",\"matchCriteriaId\":\"1AEFF829-A8F2-4041-8DDF-E705DB3ADED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3C19813-E823-456A-B1CE-EC0684CE1953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D39DCAE7-494F-40B2-867F-6C6A077939DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7CF3019-975D-40BB-A8A4-894E62BD3797\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A372B177-F740-4655-865C-31777A6E140B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*\",\"matchCriteriaId\":\"26A2B713-7D6D-420A-93A4-E0D983C983DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*\",\"matchCriteriaId\":\"64DE38C8-94F1-4860-B045-F33928F676A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08C564D8-E21F-403C-B4BB-7B14B7FB5DAE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8532F5F0-00A1-4FA9-A80B-09E46D03F74F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2A5B24D-BDF2-423C-98EA-A40778C01A05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E8758C8-87D3-450A-878B-86CE8C9FC140\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.0.26\",\"matchCriteriaId\":\"EED6C8C2-F986-4CFD-A343-AD2340F850F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*\",\"matchCriteriaId\":\"56F2883B-6A1B-4081-8877-07AF3A73F6CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CADD7026-EF85-40A5-8563-7A34C6941B1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58F019E8-F68D-41B5-9480-0A81616F2E7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3E503FB-6279-4D4A-91D8-E237ECF9D2B0\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1954232\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/202107-05\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210625-0002/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211022-0004/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1954232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202107-05\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210625-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211022-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}" } }
rhsa-2022:1390
Vulnerability from csaf_redhat
Published
2022-04-20 19:30
Modified
2025-02-07 00:24
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update
Notes
Topic
Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 11 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 11 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jbcs-httpd24-httpd: httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier (CVE-2022-22720)
* libxml2: use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518)
* libxml2: heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517)
* libxml2: use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516)
* libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541)
* libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537)
* libxml2: Use-after-free of ID and IDREF attributes (CVE-2022-23308)
* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 11 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 11 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jbcs-httpd24-httpd: httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier (CVE-2022-22720)\n* libxml2: use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518)\n* libxml2: heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517)\n* libxml2: use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516)\n* libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541)\n* libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537)\n* libxml2: Use-after-free of ID and IDREF attributes (CVE-2022-23308)\n* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:1390", "url": "https://access.redhat.com/errata/RHSA-2022:1390" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1950515", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515" }, { "category": "external", "summary": "1954225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954225" }, { "category": "external", "summary": "1954232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232" }, { "category": "external", "summary": "1954242", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242" }, { "category": "external", "summary": "1956522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956522" }, { "category": "external", "summary": "2056913", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056913" }, { "category": "external", "summary": "2062202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062202" }, { "category": "external", "summary": "2064321", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064321" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1390.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update", "tracking": { "current_release_date": "2025-02-07T00:24:12+00:00", "generator": { "date": "2025-02-07T00:24:12+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.3.0" } }, "id": "RHSA-2022:1390", "initial_release_date": "2022-04-20T19:30:18+00:00", "revision_history": [ { "date": "2022-04-20T19:30:18+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-04-20T19:30:18+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-07T00:24:12+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Text-Only JBCS", "product": { "name": "Text-Only JBCS", "product_id": "Text-Only JBCS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3516", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954225" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in libxml2\u0027s xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c", "title": "Vulnerability summary" }, { "category": "other", "text": "The only known exploitation path of this flaw is via the xmllint tool.\n\nThis flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only JBCS" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3516" }, { "category": "external", "summary": "RHBZ#1954225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954225" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3516", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3516" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516" } ], "release_date": "2021-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-20T19:30:18+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only JBCS" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1390" }, { "category": "workaround", "details": "This flaw can be mitigated by not using xmllint with the --html and --push options together.", "product_ids": [ "Text-Only JBCS" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Text-Only JBCS" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c" }, { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3517", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954232" } ], "notes": [ { "category": "description", "text": "There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only JBCS" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3517" }, { "category": "external", "summary": "RHBZ#1954232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-20T19:30:18+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only JBCS" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1390" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "Text-Only JBCS" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c" }, { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3518", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954242" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only JBCS" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3518" }, { "category": "external", "summary": "RHBZ#1954242", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3518", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-20T19:30:18+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only JBCS" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1390" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "Text-Only JBCS" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c" }, { "acknowledgments": [ { "names": [ "yuawn" ], "organization": "NSLab NTU Taiwan" } ], "cve": "CVE-2021-3537", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-05-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956522" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode", "title": "Vulnerability summary" }, { "category": "other", "text": "For the flaw to be exploitable, the document must be parsed in recovery mode and post validated (e.g.: when used in the `xmlling` tool, both `-recover` and `-postvalid` options must be used for the flaw to be exploitable)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only JBCS" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3537" }, { "category": "external", "summary": "RHBZ#1956522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956522" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3537", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3537" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537" } ], "release_date": "2021-05-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-20T19:30:18+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only JBCS" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1390" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Text-Only JBCS" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode" }, { "acknowledgments": [ { "names": [ "Sebastian Pipping" ] } ], "cve": "CVE-2021-3541", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1950515" } ], "notes": [ { "category": "description", "text": "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only JBCS" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3541" }, { "category": "external", "summary": "RHBZ#1950515", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3541", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3541" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541" } ], "release_date": "2021-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-20T19:30:18+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only JBCS" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1390" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Text-Only JBCS" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms" }, { "cve": "CVE-2022-0778", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2062202" } ], "notes": [ { "category": "description", "text": "A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied certificate may be subject to a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates", "title": "Vulnerability summary" }, { "category": "other", "text": "While Red Hat initially stated not to be directly affected by this flaw, after further investigation we found that the versions of OpenSSL as shipped in Red Hat Enterprise Linux 6, 7, and 8 are vulnerable to a denial of service attack through malicious Elliptic Curve parameters. During processing of the parameters OpenSSL will call BN_mod_sqrt() with invalid arguments, causing the process to enter an infinite loop. The invalid EC parameters can be provided to OpenSSL through X.509 certificates (used in TLS connections), through public and private keys, through certificate signing requests and other places where applications process Elliptic Curve parameters. The flaw has been rated as having a security impact of Important. A future update will address this issue in Red Hat Enterprise Linux 6, 7 and 8.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only JBCS" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0778" }, { "category": "external", "summary": "RHBZ#2062202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062202" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0778", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20220315.txt", "url": "https://www.openssl.org/news/secadv/20220315.txt" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-20T19:30:18+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only JBCS" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1390" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "Text-Only JBCS" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Text-Only JBCS" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates" }, { "cve": "CVE-2022-22720", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064321" } ], "notes": [ { "category": "description", "text": "A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the server to HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only JBCS" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22720" }, { "category": "external", "summary": "RHBZ#2064321", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064321" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22720", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22720" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22720", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22720" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22720", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22720" } ], "release_date": "2022-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-20T19:30:18+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only JBCS" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1390" }, { "category": "workaround", "details": "There are currently no known mitigations for this issue.", "product_ids": [ "Text-Only JBCS" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Text-Only JBCS" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling" }, { "cve": "CVE-2022-23308", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-02-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2056913" } ], "notes": [ { "category": "description", "text": "A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XML_PARSE_DTDVALID option and without the XML_PARSE_NOENT option, resulting in a use-after-free issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Use-after-free of ID and IDREF attributes", "title": "Vulnerability summary" }, { "category": "other", "text": "The security impact of xmlGetID() returning a pointer to freed memory depends on the application and will mostly result in a denial of service (DoS). The typical use case of calling xmlGetID() on an unmodified document is not affected, therefore this issue was rated with a moderate severity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Text-Only JBCS" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23308" }, { "category": "external", "summary": "RHBZ#2056913", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056913" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23308", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23308" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23308", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23308" } ], "release_date": "2022-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-20T19:30:18+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", "product_ids": [ "Text-Only JBCS" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1390" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Text-Only JBCS" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Use-after-free of ID and IDREF attributes" } ] }
rhsa-2021:2569
Vulnerability from csaf_redhat
Published
2021-06-29 16:38
Modified
2025-01-09 06:00
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516)
* libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517)
* libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518)
* libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537)
* libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for libxml2 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516)\n\n* libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517)\n\n* libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518)\n\n* libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537)\n\n* libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2569", "url": "https://access.redhat.com/errata/RHSA-2021:2569" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1950515", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515" }, { "category": "external", "summary": "1954225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954225" }, { "category": "external", "summary": "1954232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232" }, { "category": "external", "summary": "1954242", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242" }, { "category": "external", "summary": "1956522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956522" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2569.json" } ], "title": "Red Hat Security Advisory: libxml2 security update", "tracking": { "current_release_date": "2025-01-09T06:00:16+00:00", "generator": { "date": "2025-01-09T06:00:16+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.5" } }, "id": "RHSA-2021:2569", "initial_release_date": "2021-06-29T16:38:07+00:00", "revision_history": [ { "date": "2021-06-29T16:38:07+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-06-29T16:38:07+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-01-09T06:00:16+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux BaseOS (v. 8)", "product": { "name": "Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "product": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "product_id": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_4.2?arch=aarch64" } } }, { "category": "product_version", "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "product": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "product_id": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_4.2?arch=aarch64" } } }, { "category": "product_version", "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "product": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "product_id": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_4.2?arch=aarch64" } } }, { "category": "product_version", "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "product": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_4.2?arch=aarch64" } } }, { "category": "product_version", "name": "libxml2-0:2.9.7-9.el8_4.2.aarch64", "product": { "name": "libxml2-0:2.9.7-9.el8_4.2.aarch64", "product_id": "libxml2-0:2.9.7-9.el8_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.2?arch=aarch64" } } }, { "category": "product_version", "name": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "product": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "product_id": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-9.el8_4.2?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "product": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "product_id": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "product": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "product_id": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "product": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "product_id": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "product": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "libxml2-0:2.9.7-9.el8_4.2.ppc64le", "product": { "name": "libxml2-0:2.9.7-9.el8_4.2.ppc64le", "product_id": "libxml2-0:2.9.7-9.el8_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "product": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "product_id": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-9.el8_4.2?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libxml2-devel-0:2.9.7-9.el8_4.2.i686", "product": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.i686", "product_id": "libxml2-devel-0:2.9.7-9.el8_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_4.2?arch=i686" } } }, { "category": "product_version", "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "product": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "product_id": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_4.2?arch=i686" } } }, { "category": "product_version", "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "product": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "product_id": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_4.2?arch=i686" } } }, { "category": "product_version", "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "product": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_4.2?arch=i686" } } }, { "category": "product_version", "name": "libxml2-0:2.9.7-9.el8_4.2.i686", "product": { "name": "libxml2-0:2.9.7-9.el8_4.2.i686", "product_id": "libxml2-0:2.9.7-9.el8_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.2?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "product": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "product_id": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "product": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "product_id": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "product": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "product_id": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "product": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "libxml2-0:2.9.7-9.el8_4.2.x86_64", "product": { "name": "libxml2-0:2.9.7-9.el8_4.2.x86_64", "product_id": "libxml2-0:2.9.7-9.el8_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "product": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "product_id": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-9.el8_4.2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "product": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "product_id": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_4.2?arch=s390x" } } }, { "category": "product_version", "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "product": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "product_id": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_4.2?arch=s390x" } } }, { "category": "product_version", "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "product": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "product_id": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_4.2?arch=s390x" } } }, { "category": "product_version", "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "product": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_4.2?arch=s390x" } } }, { "category": "product_version", "name": "libxml2-0:2.9.7-9.el8_4.2.s390x", "product": { "name": "libxml2-0:2.9.7-9.el8_4.2.s390x", "product_id": "libxml2-0:2.9.7-9.el8_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.2?arch=s390x" } } }, { "category": "product_version", "name": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "product": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "product_id": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-9.el8_4.2?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libxml2-0:2.9.7-9.el8_4.2.src", "product": { "name": "libxml2-0:2.9.7-9.el8_4.2.src", "product_id": "libxml2-0:2.9.7-9.el8_4.2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.2?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.src", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.src", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3516", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954225" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in libxml2\u0027s xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c", "title": "Vulnerability summary" }, { "category": "other", "text": "The only known exploitation path of this flaw is via the xmllint tool.\n\nThis flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3516" }, { "category": "external", "summary": "RHBZ#1954225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954225" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3516", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3516" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516" } ], "release_date": "2021-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T16:38:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2569" }, { "category": "workaround", "details": "This flaw can be mitigated by not using xmllint with the --html and --push options together.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c" }, { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3517", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954232" } ], "notes": [ { "category": "description", "text": "There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3517" }, { "category": "external", "summary": "RHBZ#1954232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T16:38:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2569" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c" }, { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3518", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954242" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3518" }, { "category": "external", "summary": "RHBZ#1954242", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3518", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T16:38:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2569" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c" }, { "acknowledgments": [ { "names": [ "yuawn" ], "organization": "NSLab NTU Taiwan" } ], "cve": "CVE-2021-3537", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-05-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956522" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode", "title": "Vulnerability summary" }, { "category": "other", "text": "For the flaw to be exploitable, the document must be parsed in recovery mode and post validated (e.g.: when used in the `xmlling` tool, both `-recover` and `-postvalid` options must be used for the flaw to be exploitable)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3537" }, { "category": "external", "summary": "RHBZ#1956522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956522" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3537", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3537" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537" } ], "release_date": "2021-05-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T16:38:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2569" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode" }, { "acknowledgments": [ { "names": [ "Sebastian Pipping" ] } ], "cve": "CVE-2021-3541", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1950515" } ], "notes": [ { "category": "description", "text": "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3541" }, { "category": "external", "summary": "RHBZ#1950515", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3541", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3541" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541" } ], "release_date": "2021-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T16:38:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2569" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms" } ] }
rhsa-2022_1389
Vulnerability from csaf_redhat
Published
2022-04-20 19:44
Modified
2025-01-06 19:55
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update
Notes
Topic
Updated packages that provide Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.37 Service Pack 11 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jbcs-httpd24-httpd: httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier (CVE-2022-22720)
* libxml2: use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518)
* libxml2: heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517)
* libxml2: use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516)
* libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541)
* libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537)
* libxml2: Use-after-free of ID and IDREF attributes (CVE-2022-23308)
* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated packages that provide Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release adds the new Apache HTTP Server 2.4.37 Service Pack 11 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jbcs-httpd24-httpd: httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier (CVE-2022-22720)\n* libxml2: use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518)\n* libxml2: heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517)\n* libxml2: use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516)\n* libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541)\n* libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537)\n* libxml2: Use-after-free of ID and IDREF attributes (CVE-2022-23308)\n* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:1389", "url": "https://access.redhat.com/errata/RHSA-2022:1389" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1950515", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515" }, { "category": "external", "summary": "1954225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954225" }, { "category": "external", "summary": "1954232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232" }, { "category": "external", "summary": "1954242", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242" }, { "category": "external", "summary": "1956522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956522" }, { "category": "external", "summary": "2056913", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056913" }, { "category": "external", "summary": "2062202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062202" }, { "category": "external", "summary": "2064321", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064321" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1389.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update", "tracking": { "current_release_date": "2025-01-06T19:55:21+00:00", "generator": { "date": "2025-01-06T19:55:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.5" } }, "id": "RHSA-2022:1389", "initial_release_date": "2022-04-20T19:44:47+00:00", "revision_history": [ { "date": "2022-04-20T19:44:47+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-04-20T19:44:47+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-01-06T19:55:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services on RHEL 7 Server", "product": { "name": "Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1::el7" } } }, { "category": "product_name", "name": "Red Hat JBoss Core Services on RHEL 8", "product": { "name": "Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "product_id": "jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1g-11.jbcs.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "product": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-41.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "product": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-26.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "product": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-11.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "product": { "name": "jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "product_id": "jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-80.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.0.8-41.jbcs.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-68.GA.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-29.redhat_1.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.16-10.Final_redhat_2.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.7-22.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-91.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "product": { "name": "jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "product_id": "jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.78.0-3.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "product_id": "jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1g-11.el8jbcs?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "product": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-41.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "product": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-26.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "product": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-11.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "product": { "name": "jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "product_id": "jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-80.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "product_id": "jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.0.8-41.el8jbcs?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "product_id": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-68.GA.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "product_id": "jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.7-22.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.16-10.Final_redhat_2.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "product": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "product_id": "jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.48-29.redhat_1.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-91.el8jbcs?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "product": { "name": "jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "product_id": "jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.78.0-3.el8jbcs?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1g-11.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1g-11.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1g-11.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1g-11.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1g-11.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1g-11.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-41.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-41.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-41.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-26.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11-debuginfo@0.4.10-26.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-11.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil-debuginfo@1.0.0-11.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-80.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-80.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-80.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-80.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-80.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-80.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-80.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-80.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-80.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.0.8-41.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.0.8-41.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-68.GA.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-68.GA.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-29.redhat_1.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.48-29.redhat_1.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.48-29.redhat_1.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.16-10.Final_redhat_2.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.16-10.Final_redhat_2.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.7-22.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.7-22.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-91.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-91.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-91.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-91.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-91.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-91.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-91.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-91.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-91.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-91.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.78.0-3.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.78.0-3.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.78.0-3.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.78.0-3.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1g-11.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1g-11.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1g-11.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1g-11.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1g-11.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1g-11.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs-debuginfo@1.1.1g-11.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-41.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-41.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-41.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11@0.4.10-26.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-pkcs11-debuginfo@0.4.10-26.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil@1.0.0-11.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "product_id": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-chil-debuginfo@1.0.0-11.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-80.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-80.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-80.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-80.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-80.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-80.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-80.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-80.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-80.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "product_id": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools-debuginfo@2.4.37-80.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap-debuginfo@2.4.37-80.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html-debuginfo@2.4.37-80.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session-debuginfo@2.4.37-80.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl-debuginfo@2.4.37-80.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.0.8-41.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md-debuginfo@2.0.8-41.el8jbcs?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-68.GA.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-68.GA.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@1.15.7-22.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2-debuginfo@1.15.7-22.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.16-10.Final_redhat_2.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.16-10.Final_redhat_2.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.48-29.redhat_1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.48-29.redhat_1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24-debuginfo@1.2.48-29.redhat_1.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-91.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-91.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-91.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-91.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-91.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-91.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-91.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-91.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-91.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-91.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap-debuginfo@1.6.1-91.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql-debuginfo@1.6.1-91.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss-debuginfo@1.6.1-91.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc-debuginfo@1.6.1-91.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl-debuginfo@1.6.1-91.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql-debuginfo@1.6.1-91.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite-debuginfo@1.6.1-91.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "product_id": "jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.78.0-3.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.78.0-3.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.78.0-3.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "product_id": "jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.78.0-3.el8jbcs?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "product": { "name": "jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "product_id": "jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-debuginfo@7.78.0-3.el8jbcs?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "product": { "name": "jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "product_id": "jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.37-80.jbcs.el7?arch=noarch" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "product": { "name": "jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "product_id": "jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.37-80.el8jbcs?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch" }, "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src" }, "product_reference": "jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch" }, "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src" }, "product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64 as a component of Red Hat JBoss Core Services on RHEL 8", "product_id": "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64", "relates_to_product_reference": "8Base-JBCS" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3516", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954225" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in libxml2\u0027s xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c", "title": "Vulnerability summary" }, { "category": "other", "text": "The only known exploitation path of this flaw is via the xmllint tool.\n\nThis flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3516" }, { "category": "external", "summary": "RHBZ#1954225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954225" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3516", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3516" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516" } ], "release_date": "2021-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-20T19:44:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1389" }, { "category": "workaround", "details": "This flaw can be mitigated by not using xmllint with the --html and --push options together.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c" }, { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3517", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954232" } ], "notes": [ { "category": "description", "text": "There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3517" }, { "category": "external", "summary": "RHBZ#1954232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-20T19:44:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1389" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c" }, { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3518", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954242" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3518" }, { "category": "external", "summary": "RHBZ#1954242", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3518", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-20T19:44:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1389" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c" }, { "acknowledgments": [ { "names": [ "yuawn" ], "organization": "NSLab NTU Taiwan" } ], "cve": "CVE-2021-3537", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-05-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956522" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode", "title": "Vulnerability summary" }, { "category": "other", "text": "For the flaw to be exploitable, the document must be parsed in recovery mode and post validated (e.g.: when used in the `xmlling` tool, both `-recover` and `-postvalid` options must be used for the flaw to be exploitable)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3537" }, { "category": "external", "summary": "RHBZ#1956522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956522" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3537", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3537" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537" } ], "release_date": "2021-05-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-20T19:44:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1389" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode" }, { "acknowledgments": [ { "names": [ "Sebastian Pipping" ] } ], "cve": "CVE-2021-3541", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1950515" } ], "notes": [ { "category": "description", "text": "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3541" }, { "category": "external", "summary": "RHBZ#1950515", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3541", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3541" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541" } ], "release_date": "2021-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-20T19:44:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1389" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms" }, { "cve": "CVE-2022-0778", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2062202" } ], "notes": [ { "category": "description", "text": "A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied certificate may be subject to a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates", "title": "Vulnerability summary" }, { "category": "other", "text": "While Red Hat initially stated not to be directly affected by this flaw, after further investigation we found that the versions of OpenSSL as shipped in Red Hat Enterprise Linux 6, 7, and 8 are vulnerable to a denial of service attack through malicious Elliptic Curve parameters. During processing of the parameters OpenSSL will call BN_mod_sqrt() with invalid arguments, causing the process to enter an infinite loop. The invalid EC parameters can be provided to OpenSSL through X.509 certificates (used in TLS connections), through public and private keys, through certificate signing requests and other places where applications process Elliptic Curve parameters. The flaw has been rated as having a security impact of Important. A future update will address this issue in Red Hat Enterprise Linux 6, 7 and 8.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0778" }, { "category": "external", "summary": "RHBZ#2062202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062202" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0778", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20220315.txt", "url": "https://www.openssl.org/news/secadv/20220315.txt" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-20T19:44:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1389" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates" }, { "cve": "CVE-2022-22720", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064321" } ], "notes": [ { "category": "description", "text": "A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the server to HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22720" }, { "category": "external", "summary": "RHBZ#2064321", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064321" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22720", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22720" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22720", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22720" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22720", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22720" } ], "release_date": "2022-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-20T19:44:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1389" }, { "category": "workaround", "details": "There are currently no known mitigations for this issue.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling" }, { "cve": "CVE-2022-23308", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-02-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2056913" } ], "notes": [ { "category": "description", "text": "A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XML_PARSE_DTDVALID option and without the XML_PARSE_NOENT option, resulting in a use-after-free issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Use-after-free of ID and IDREF attributes", "title": "Vulnerability summary" }, { "category": "other", "text": "The security impact of xmlGetID() returning a pointer to freed memory depends on the application and will mostly result in a denial of service (DoS). The typical use case of calling xmlGetID() on an unmodified document is not affected, therefore this issue was rated with a moderate severity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23308" }, { "category": "external", "summary": "RHBZ#2056913", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056913" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23308", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23308" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23308", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23308" } ], "release_date": "2022-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-20T19:44:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1389" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.jbcs.el7.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-apr-util-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-ldap-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-mysql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-nss-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-odbc-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-openssl-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-pgsql-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-apr-util-sqlite-debuginfo-0:1.6.1-91.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-curl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-curl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-httpd-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-80.el8jbcs.noarch", "8Base-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-httpd-tools-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-debuginfo-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-libcurl-devel-0:7.78.0-3.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.16-10.Final_redhat_2.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_http2-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-22.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-0:1.2.48-29.redhat_1.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-ap24-debuginfo-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.48-29.redhat_1.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ldap-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_md-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_md-debuginfo-1:2.0.8-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_proxy_html-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-mod_security-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-68.GA.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_session-debuginfo-0:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-mod_ssl-debuginfo-1:2.4.37-80.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-41.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-chil-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-chil-debuginfo-0:1.0.0-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-libs-debuginfo-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1g-11.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.src", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-26.el8jbcs.x86_64", "8Base-JBCS:jbcs-httpd24-openssl-static-1:1.1.1g-11.el8jbcs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Use-after-free of ID and IDREF attributes" } ] }
rhsa-2021_2569
Vulnerability from csaf_redhat
Published
2021-06-29 16:38
Modified
2025-01-05 20:40
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516)
* libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517)
* libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518)
* libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537)
* libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for libxml2 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516)\n\n* libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517)\n\n* libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518)\n\n* libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537)\n\n* libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2569", "url": "https://access.redhat.com/errata/RHSA-2021:2569" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1950515", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515" }, { "category": "external", "summary": "1954225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954225" }, { "category": "external", "summary": "1954232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232" }, { "category": "external", "summary": "1954242", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242" }, { "category": "external", "summary": "1956522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956522" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2569.json" } ], "title": "Red Hat Security Advisory: libxml2 security update", "tracking": { "current_release_date": "2025-01-05T20:40:05+00:00", "generator": { "date": "2025-01-05T20:40:05+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.5" } }, "id": "RHSA-2021:2569", "initial_release_date": "2021-06-29T16:38:07+00:00", "revision_history": [ { "date": "2021-06-29T16:38:07+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-06-29T16:38:07+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-01-05T20:40:05+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux BaseOS (v. 8)", "product": { "name": "Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "product": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "product_id": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_4.2?arch=aarch64" } } }, { "category": "product_version", "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "product": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "product_id": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_4.2?arch=aarch64" } } }, { "category": "product_version", "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "product": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "product_id": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_4.2?arch=aarch64" } } }, { "category": "product_version", "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "product": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_4.2?arch=aarch64" } } }, { "category": "product_version", "name": "libxml2-0:2.9.7-9.el8_4.2.aarch64", "product": { "name": "libxml2-0:2.9.7-9.el8_4.2.aarch64", "product_id": "libxml2-0:2.9.7-9.el8_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.2?arch=aarch64" } } }, { "category": "product_version", "name": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "product": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "product_id": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-9.el8_4.2?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "product": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "product_id": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "product": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "product_id": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "product": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "product_id": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "product": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "libxml2-0:2.9.7-9.el8_4.2.ppc64le", "product": { "name": "libxml2-0:2.9.7-9.el8_4.2.ppc64le", "product_id": "libxml2-0:2.9.7-9.el8_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "product": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "product_id": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-9.el8_4.2?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libxml2-devel-0:2.9.7-9.el8_4.2.i686", "product": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.i686", "product_id": "libxml2-devel-0:2.9.7-9.el8_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_4.2?arch=i686" } } }, { "category": "product_version", "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "product": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "product_id": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_4.2?arch=i686" } } }, { "category": "product_version", "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "product": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "product_id": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_4.2?arch=i686" } } }, { "category": "product_version", "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "product": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_4.2?arch=i686" } } }, { "category": "product_version", "name": "libxml2-0:2.9.7-9.el8_4.2.i686", "product": { "name": "libxml2-0:2.9.7-9.el8_4.2.i686", "product_id": "libxml2-0:2.9.7-9.el8_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.2?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "product": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "product_id": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "product": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "product_id": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "product": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "product_id": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "product": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "libxml2-0:2.9.7-9.el8_4.2.x86_64", "product": { "name": "libxml2-0:2.9.7-9.el8_4.2.x86_64", "product_id": "libxml2-0:2.9.7-9.el8_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "product": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "product_id": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-9.el8_4.2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "product": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "product_id": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_4.2?arch=s390x" } } }, { "category": "product_version", "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "product": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "product_id": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_4.2?arch=s390x" } } }, { "category": "product_version", "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "product": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "product_id": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_4.2?arch=s390x" } } }, { "category": "product_version", "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "product": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_4.2?arch=s390x" } } }, { "category": "product_version", "name": "libxml2-0:2.9.7-9.el8_4.2.s390x", "product": { "name": "libxml2-0:2.9.7-9.el8_4.2.s390x", "product_id": "libxml2-0:2.9.7-9.el8_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.2?arch=s390x" } } }, { "category": "product_version", "name": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "product": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "product_id": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-9.el8_4.2?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libxml2-0:2.9.7-9.el8_4.2.src", "product": { "name": "libxml2-0:2.9.7-9.el8_4.2.src", "product_id": "libxml2-0:2.9.7-9.el8_4.2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.2?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.src", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.src", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3516", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954225" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in libxml2\u0027s xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c", "title": "Vulnerability summary" }, { "category": "other", "text": "The only known exploitation path of this flaw is via the xmllint tool.\n\nThis flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3516" }, { "category": "external", "summary": "RHBZ#1954225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954225" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3516", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3516" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516" } ], "release_date": "2021-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T16:38:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2569" }, { "category": "workaround", "details": "This flaw can be mitigated by not using xmllint with the --html and --push options together.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c" }, { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3517", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954232" } ], "notes": [ { "category": "description", "text": "There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3517" }, { "category": "external", "summary": "RHBZ#1954232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T16:38:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2569" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c" }, { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3518", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954242" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3518" }, { "category": "external", "summary": "RHBZ#1954242", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3518", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T16:38:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2569" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c" }, { "acknowledgments": [ { "names": [ "yuawn" ], "organization": "NSLab NTU Taiwan" } ], "cve": "CVE-2021-3537", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-05-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956522" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode", "title": "Vulnerability summary" }, { "category": "other", "text": "For the flaw to be exploitable, the document must be parsed in recovery mode and post validated (e.g.: when used in the `xmlling` tool, both `-recover` and `-postvalid` options must be used for the flaw to be exploitable)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3537" }, { "category": "external", "summary": "RHBZ#1956522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956522" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3537", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3537" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537" } ], "release_date": "2021-05-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T16:38:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2569" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode" }, { "acknowledgments": [ { "names": [ "Sebastian Pipping" ] } ], "cve": "CVE-2021-3541", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1950515" } ], "notes": [ { "category": "description", "text": "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3541" }, { "category": "external", "summary": "RHBZ#1950515", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3541", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3541" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541" } ], "release_date": "2021-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T16:38:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2569" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms" } ] }
RHSA-2021:2569
Vulnerability from csaf_redhat
Published
2021-06-29 16:38
Modified
2025-01-09 06:00
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516)
* libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517)
* libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518)
* libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537)
* libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for libxml2 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516)\n\n* libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517)\n\n* libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518)\n\n* libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537)\n\n* libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2569", "url": "https://access.redhat.com/errata/RHSA-2021:2569" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1950515", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515" }, { "category": "external", "summary": "1954225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954225" }, { "category": "external", "summary": "1954232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232" }, { "category": "external", "summary": "1954242", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242" }, { "category": "external", "summary": "1956522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956522" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2569.json" } ], "title": "Red Hat Security Advisory: libxml2 security update", "tracking": { "current_release_date": "2025-01-09T06:00:16+00:00", "generator": { "date": "2025-01-09T06:00:16+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.5" } }, "id": "RHSA-2021:2569", "initial_release_date": "2021-06-29T16:38:07+00:00", "revision_history": [ { "date": "2021-06-29T16:38:07+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-06-29T16:38:07+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-01-09T06:00:16+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux BaseOS (v. 8)", "product": { "name": "Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:8::baseos" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "product": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "product_id": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_4.2?arch=aarch64" } } }, { "category": "product_version", "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "product": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "product_id": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_4.2?arch=aarch64" } } }, { "category": "product_version", "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "product": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "product_id": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_4.2?arch=aarch64" } } }, { "category": "product_version", "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "product": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_4.2?arch=aarch64" } } }, { "category": "product_version", "name": "libxml2-0:2.9.7-9.el8_4.2.aarch64", "product": { "name": "libxml2-0:2.9.7-9.el8_4.2.aarch64", "product_id": "libxml2-0:2.9.7-9.el8_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.2?arch=aarch64" } } }, { "category": "product_version", "name": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "product": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "product_id": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-9.el8_4.2?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "product": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "product_id": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "product": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "product_id": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "product": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "product_id": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "product": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "libxml2-0:2.9.7-9.el8_4.2.ppc64le", "product": { "name": "libxml2-0:2.9.7-9.el8_4.2.ppc64le", "product_id": "libxml2-0:2.9.7-9.el8_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.2?arch=ppc64le" } } }, { "category": "product_version", "name": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "product": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "product_id": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-9.el8_4.2?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "libxml2-devel-0:2.9.7-9.el8_4.2.i686", "product": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.i686", "product_id": "libxml2-devel-0:2.9.7-9.el8_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_4.2?arch=i686" } } }, { "category": "product_version", "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "product": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "product_id": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_4.2?arch=i686" } } }, { "category": "product_version", "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "product": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "product_id": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_4.2?arch=i686" } } }, { "category": "product_version", "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "product": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_4.2?arch=i686" } } }, { "category": "product_version", "name": "libxml2-0:2.9.7-9.el8_4.2.i686", "product": { "name": "libxml2-0:2.9.7-9.el8_4.2.i686", "product_id": "libxml2-0:2.9.7-9.el8_4.2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.2?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "product": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "product_id": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "product": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "product_id": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "product": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "product_id": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "product": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "libxml2-0:2.9.7-9.el8_4.2.x86_64", "product": { "name": "libxml2-0:2.9.7-9.el8_4.2.x86_64", "product_id": "libxml2-0:2.9.7-9.el8_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.2?arch=x86_64" } } }, { "category": "product_version", "name": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "product": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "product_id": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-9.el8_4.2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "product": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "product_id": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-devel@2.9.7-9.el8_4.2?arch=s390x" } } }, { "category": "product_version", "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "product": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "product_id": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debugsource@2.9.7-9.el8_4.2?arch=s390x" } } }, { "category": "product_version", "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "product": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "product_id": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-9.el8_4.2?arch=s390x" } } }, { "category": "product_version", "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "product": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "product_id": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-9.el8_4.2?arch=s390x" } } }, { "category": "product_version", "name": "libxml2-0:2.9.7-9.el8_4.2.s390x", "product": { "name": "libxml2-0:2.9.7-9.el8_4.2.s390x", "product_id": "libxml2-0:2.9.7-9.el8_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.2?arch=s390x" } } }, { "category": "product_version", "name": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "product": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "product_id": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-libxml2@2.9.7-9.el8_4.2?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "libxml2-0:2.9.7-9.el8_4.2.src", "product": { "name": "libxml2-0:2.9.7-9.el8_4.2.src", "product_id": "libxml2-0:2.9.7-9.el8_4.2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/libxml2@2.9.7-9.el8_4.2?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.src", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.src", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", "product_id": "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" }, "product_reference": "python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "relates_to_product_reference": "BaseOS-8.4.0.Z.MAIN.EUS" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3516", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954225" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in libxml2\u0027s xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c", "title": "Vulnerability summary" }, { "category": "other", "text": "The only known exploitation path of this flaw is via the xmllint tool.\n\nThis flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3516" }, { "category": "external", "summary": "RHBZ#1954225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954225" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3516", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3516" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516" } ], "release_date": "2021-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T16:38:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2569" }, { "category": "workaround", "details": "This flaw can be mitigated by not using xmllint with the --html and --push options together.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c" }, { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3517", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954232" } ], "notes": [ { "category": "description", "text": "There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3517" }, { "category": "external", "summary": "RHBZ#1954232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T16:38:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2569" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c" }, { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3518", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954242" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3518" }, { "category": "external", "summary": "RHBZ#1954242", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3518", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T16:38:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2569" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c" }, { "acknowledgments": [ { "names": [ "yuawn" ], "organization": "NSLab NTU Taiwan" } ], "cve": "CVE-2021-3537", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-05-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956522" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode", "title": "Vulnerability summary" }, { "category": "other", "text": "For the flaw to be exploitable, the document must be parsed in recovery mode and post validated (e.g.: when used in the `xmlling` tool, both `-recover` and `-postvalid` options must be used for the flaw to be exploitable)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3537" }, { "category": "external", "summary": "RHBZ#1956522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956522" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3537", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3537" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537" } ], "release_date": "2021-05-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T16:38:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2569" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode" }, { "acknowledgments": [ { "names": [ "Sebastian Pipping" ] } ], "cve": "CVE-2021-3541", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1950515" } ], "notes": [ { "category": "description", "text": "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3541" }, { "category": "external", "summary": "RHBZ#1950515", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3541", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3541" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541" } ], "release_date": "2021-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T16:38:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2569" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "AppStream-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.src", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-9.el8_4.2.x86_64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.aarch64", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.i686", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.ppc64le", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.s390x", "BaseOS-8.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-9.el8_4.2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms" } ] }
rhsa-2022:1389
Vulnerability from csaf_redhat
Published
2022-04-20 19:44
Modified
2025-02-07 00:24
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update
Notes
Topic
Updated packages that provide Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.37 Service Pack 11 packages that are part of the JBoss Core Services offering.
Thi