CVE-2017-7375 (retired)

Priority
Description
A flaw in libxml2 allows remote XML entity inclusion with default parser
flags (i.e., when the caller did not request entity substitution, DTD
validation, external DTD subset loading, or default DTD attributes).
Depending on the context, this may expose a higher-risk attack surface in
libxml2 not usually reachable with default parser flags, and expose content
from local files, HTTP, or FTP servers (which might be otherwise
unreachable).
Package
Upstream:released (2.9.4+dfsg1-3.1)
Ubuntu 12.04 ESM (Precise Pangolin):released (2.7.8.dfsg-5.1ubuntu4.18)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.9.1+dfsg1-3ubuntu4.10)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.9.3+dfsg1-1ubuntu0.3)
Patches:
Distro:https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa
Upstream:https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
More Information

Updated: 2019-03-26 12:26:20 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)