Synopsis
Moderate: libxml2 security update
Type/Severity
Security Advisory: Moderate
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...
Several security issues were fixed in libxml2 ...
Several vulnerabilities were discovered in libxml2, a library providing
support to read, modify and write XML and HTML files A remote attacker
could provide a specially crafted XML or HTML file that, when processed
by an application using libxml2, would cause that application to use an
excessive amount of CPU, leak potentially sensitive informatio ...
Debian Bug report logs -
#806384
libxml2: CVE-2015-8241: Buffer overread with XML parser in xmlNextChar
Package:
src:libxml2;
Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 26 Nov 2015 20:48:01 UTC
Se ...
Debian Bug report logs -
#802827
libxml2: CVE-2015-7942: heap-buffer-overflow in xmlParseConditionalSections
Package:
src:libxml2;
Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 23 Oct 2015 20:51:01 UT ...
Debian Bug report logs -
#803942
CVE-2015-8035: DoS with XZ compression support loop
Package:
libxml2;
Maintainer for libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Source for libxml2 is src:libxml2 (PTS, buildd, popcon)
Reported by: Raphael Hertzog <hertzog@debianorg>
Date: Tue, 3 ...
Debian Bug report logs -
#782782
libxml2: CVE-2015-1819: denial of service processing a crafted XML document
Package:
src:libxml2;
Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 17 Apr 2015 19:39:02 UT ...
Debian Bug report logs -
#782985
libxml2: parsing an unclosed comment can result in `Conditional jump or move depends on uninitialised value(s)` and unsafe memory access
Package:
src:libxml2;
Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso & ...
Debian Bug report logs -
#783010
libxml2: out-of-bounds read
Package:
src:libxml2;
Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 20 Apr 2015 15:27:02 UTC
Severity: normal
Tags: fixed-upstream, jessie ...
A NULL pointer dereference vulnerability exists in the xpathc:xmlXPathCompOpEval() function of libxml2 through 298 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash ...
A NULL pointer dereference vulnerability exists in the xpathc:xmlXPathCompOpEval() function of libxml2 through 298 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash ...
A denial of service flaw was found in libxml2 A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash ...
The Log Correlation Engine (LCE) uses the third-party Libxml2 library for some XML parsing routines A vulnerability was found and patched in Libxml2 recently Tenable has not evaluated this vulnerability beyond acknowledging that user-supplied XML input can be parsed by LCE As such, the developer team upgraded the library as a precaution without ...