Multiple libxml2 vulnerabilities in Security Analytics

Article Id: 169199
Status: Published
Updated On: 03-03-2019 14:45
Legacy Id: TECH246047
Products:
Security Analytics
Issue/Introduction:

Referring to Security Advisories at https://support.symantec.com/en_US/article.SYMSA1377.html

Security Analytics 6.6, 7.0, and 7.1 are vulnerable to all CVEs.

Resolution:

This patch is available in Security Analytics version 7.2.2 and greater.  Only apply the patch below if you are running 7.1.x or 7.2.1.

Workaround

The fix are all patched in libxml2 2.9.1-6.atpsa1.3.

Attached is the patched build libxml2-2.9.1-6.atpsa1.3.x86_64.rpm that fixes the ibxml2 vulnerabilities.

Procedure to install the patched build,

  1. SCP the rpm files to the SA appliance and place in the /tmp directory.
  2. Run the command 'rpm -Uvh libxml2-2.9.1-6.atpsa1.3.x86_64.rpm'.
  3. Verify the installed version using command 'yum list libxml2".
  4. Reboot the appliance.

insert_drive_file libxml2-2.9.1-6.atpsa1.3.x86_64.rpm
arrow_downward Download