CVE-2017-10672

Priority
Medium
Description
Use-after-free in the XML-LibXML module through 2.0129 for Perl allows
remote attackers to execute arbitrary code by controlling the arguments to
a replaceChild call.
References
Bugs
Notes
 ratliff> poc didn't crash on trusty, did on zesty
 mdeslaur> debian released 2.0128+dfsg-2, reverted in 2.0128+dfsg-3 and
 mdeslaur> fixed in 2.0128+dfsg-4
Assigned-to
mdeslaur
Package
Upstream:released (2.0128+dfsg-4)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (2.0108+dfsg-1ubuntu0.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.0123+dfsg-1ubuntu0.1)
Ubuntu 17.04 (Zesty Zapus):released (2.0128+dfsg-1ubuntu0.1)
Ubuntu 17.10 (Artful Aardvark):released (2.0128+dfsg-3ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.0128+dfsg-5)
More Information

Updated: 2017-12-15 20:35:35 UTC (commit 13913)