Overview

Security scans might report "Red Hat Libxml2 Arbitrary Code Execution Vulnerability".

Information

The libxml2 library is a development toolbox providing the implementation of various XML standards. xpointer.c in libxml2 before 2.9.5 does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service.

There is no patch available for the issue since it is marked as "Will not fix" by Red Hat Enterprise Linux. Please refer to Red Hat security advisory cve-2016-4658 to obtain more information.

Related Articles

• Handling OS Security Vulnerabilities in Lithium