Multiple libxml2 vulnerabilities in Security Analytics

book

Article ID: 169199

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

Referring to Security Advisories at https://support.symantec.com/en_US/article.SYMSA1377.html

Security Analytics 6.6, 7.0, and 7.1 are vulnerable to all CVEs.

Resolution

This patch is available in Security Analytics version 7.2.2 and greater.  Only apply the patch below if you are running 7.1.x or 7.2.1.

Workaround

The fix are all patched in libxml2 2.9.1-6.atpsa1.3.

Attached is the patched build libxml2-2.9.1-6.atpsa1.3.x86_64.rpm that fixes the ibxml2 vulnerabilities.

Procedure to install the patched build,

  1. SCP the rpm files to the SA appliance and place in the /tmp directory.
  2. Run the command 'rpm -Uvh libxml2-2.9.1-6.atpsa1.3.x86_64.rpm'.
  3. Verify the installed version using command 'yum list libxml2".
  4. Reboot the appliance.

Attachments

libxml2-2.9.1-6.atpsa1.3.x86_64.rpm get_app