libxml2: Multiple vulnerabilities Multiple vulnerabilities have been found in libxml2, the worst of which could result in the execution of arbitrary code. libxml2 2017-11-10 2017-11-10 599192 605208 618604 622914 623206 remote 2.9.4-r3 2.9.4-r3

libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project.

Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.

A remote attacker, by enticing a user to process a specially crafted XML document, could remotely execute arbitrary code, conduct XML External Entity (XXE) attacks, or cause a Denial of Service condition.

There is no known workaround at this time.

All libxml2 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.4-r3"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.

CVE-2016-9318 CVE-2017-0663 CVE-2017-5969 CVE-2017-7375 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 chrisadr b-man