CVE-2017-7375

Priority
Medium
Description
A flaw in libxml2 allows remote XML entity inclusion with default parser
flags (i.e., when the caller did not request entity substitution, DTD
validation, external DTD subset loading, or default DTD attributes).
Depending on the context, this may expose a higher-risk attack surface in
libxml2 not usually reachable with default parser flags, and expose content
from local files, HTTP, or FTP servers (which might be otherwise
unreachable).
References
Bugs
Package
Upstream:released (2.9.4+dfsg1-3.1)
Ubuntu 12.04 ESM (Precise Pangolin):released (2.7.8.dfsg-5.1ubuntu4.18)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.9.1+dfsg1-3ubuntu4.10)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.9.3+dfsg1-1ubuntu0.3)
Ubuntu 17.10 (Artful Aardvark):not-affected (2.9.4+dfsg1-3.1)
Patches:
Distro:https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa
Upstream:https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
More Information

Updated: 2018-02-21 13:14:43 UTC (commit 14234)