Synopsis
Moderate: libxml2 security update
Type/Severity
Security Advisory: Moderate
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...
Several security issues were fixed in libxml2 ...
Several vulnerabilities were discovered in libxml2, a library providing
support to read, modify and write XML and HTML files A remote attacker
could provide a specially crafted XML or HTML file that, when processed
by an application using libxml2, would cause that application to use an
excessive amount of CPU, leak potentially sensitive informatio ...
A NULL pointer dereference vulnerability exists in the xpathc:xmlXPathCompOpEval() function of libxml2 through 298 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash ...
A NULL pointer dereference vulnerability exists in the xpathc:xmlXPathCompOpEval() function of libxml2 through 298 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash ...
Debian Bug report logs -
#806384
libxml2: CVE-2015-8241: Buffer overread with XML parser in xmlNextChar
Package:
src:libxml2;
Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 26 Nov 2015 20:48:01 UTC
Se ...
Debian Bug report logs -
#802827
libxml2: CVE-2015-7942: heap-buffer-overflow in xmlParseConditionalSections
Package:
src:libxml2;
Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 23 Oct 2015 20:51:01 UT ...
Debian Bug report logs -
#782985
libxml2: parsing an unclosed comment can result in `Conditional jump or move depends on uninitialised value(s)` and unsafe memory access
Package:
src:libxml2;
Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso & ...
Debian Bug report logs -
#783010
libxml2: out-of-bounds read
Package:
src:libxml2;
Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 20 Apr 2015 15:27:02 UTC
Severity: normal
Tags: fixed-upstream, jessie ...
Debian Bug report logs -
#803942
CVE-2015-8035: DoS with XZ compression support loop
Package:
libxml2;
Maintainer for libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Source for libxml2 is src:libxml2 (PTS, buildd, popcon)
Reported by: Raphael Hertzog <hertzog@debianorg>
Date: Tue, 3 ...
Debian Bug report logs -
#782782
libxml2: CVE-2015-1819: denial of service processing a crafted XML document
Package:
src:libxml2;
Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Fri, 17 Apr 2015 19:39:02 UT ...
A denial of service flaw was found in libxml2 A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash ...
The Log Correlation Engine (LCE) uses the third-party Libxml2 library for some XML parsing routines A vulnerability was found and patched in Libxml2 recently Tenable has not evaluated this vulnerability beyond acknowledging that user-supplied XML input can be parsed by LCE As such, the developer team upgraded the library as a precaution without ...