Download
| Alert*
|
oval:org.secpod.oval:def:600921
Jueri Aedla discovered a buffer overflow in the libxml XML library, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:701100 libxml2: GNOME XML library Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file. oval:org.secpod.oval:def:701365 libxml2: GNOME XML library Details: USN-1904-1 fixed vulnerabilities in libxml2. The update caused a regression for certain users. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-1904-1 introduced a regression in libxml2. oval:org.secpod.oval:def:600560 Chris Evans discovered that libxml was vulnerable to buffer overflows, which allowed a crafted XML input file to potentially execute arbitrary code. oval:org.secpod.oval:def:600738 It was discovered that the internal hashing routine of libxml2, a library providing an extensive API to handle XML data, is vulnerable to predictable hash collisions. Given an attacker with knowledge of the hashing algorithm, it is possible to craft input that creates a large amount of collisions. A ... oval:org.secpod.oval:def:601128 Aki Helin of OUSPG discovered many out-of-bounds read issues in libxml2, the GNOME project"s XML parser library, which can lead to denial of service issues when handling XML documents that end abruptly. oval:org.secpod.oval:def:701359 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:600998 Brad Hill of iSEC Partners discovered that many XML implementations are vulnerable to external entity expansion issues, which can be used for various purposes such as firewall circumvention, disguising an IP address, and denial-of-service. libxml2 was susceptible to these problems when performing st ... oval:org.secpod.oval:def:701235 libxml2: GNOME XML library libxml2 could be made to hang if it received specially crafted input. oval:org.secpod.oval:def:702264 libxml2: GNOME XML library libxml2 could be made to consume resources if it processed a specially crafted file. oval:org.secpod.oval:def:52330 libxml2: GNOME XML library libxml2 could be made to consume resources if it processed a specially crafted file. oval:org.secpod.oval:def:602033 The update for libxml2 issued as DSA-3057-1 caused regressions due to an incomplete patch to address CVE-2014-3660. Updated packages are available to address this problem. For reference the original advisory text follows. Sogeti found a denial of service flaw in libxml2, a library providing support ... oval:org.secpod.oval:def:601952 It was discovered that the update released for libxml2 in DSA 2978 fixing CVE-2014-0191 was incomplete. This caused libxml2 to still fetch external entities regardless of whether entity substitution or validation is enabled. In addition, this update addresses a regression introduced in DSA 3057 by t ... oval:org.secpod.oval:def:52092 libxml2: GNOME XML library libxml2 could be made to crash or run arbitrary code if it opened a specially crafted file. oval:org.secpod.oval:def:53231 Nick Wellnhofer discovered that certain function calls inside XPath predicates can lead to use-after-free and double-free errors when executed by libxml2"s XPath engine via an XSLT transformation. oval:org.secpod.oval:def:2000543 An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. oval:org.secpod.oval:def:704282 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:52111 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:51019 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:47256 libxml2: GNOME XML library Several security issues were fixed in libxml2. |
