Gentoo Linux Security Advisory GLSA 200812-06 - Multiple vulnerabilities in libxml2 might lead to execution of arbitrary code or Denial of Service. Versions less than 2.7.2-r1 are affected.
afea399183d7e4bf5793e6c11d39e7d05e10783db16546041be89900723e4205VMware Security Advisory - A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding. A flaw was found in the way ucd-snmp checks an SNMPv3 packet's Keyed-Hash Message Authentication Code. An attacker could use this flaw to spoof an authenticated SNMPv3 packet. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code.
9b95b2eac411ccf8ddbae9b70391be0685aa4158605a231698472c0a4d751e09Mandriva Linux Security Advisory - A heap-based buffer overflow was found in how libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or possibly execute arbitrary code. The updated packages have been patched to prevent this issue. As well, the patch to fix CVE-2008-3281 has been updated to remove the hard-coded entity limit that was set to 5M, instead using XML entity density heuristics. Many thanks to Daniel Veillard of Red Hat for his hard work in tracking down and dealing with the edge cases discovered with the initial fix to this issue.
1e3f41aed1bbde242e20d768dd1cd631a00b1b0292f0e84a50929112613e0636Ubuntu Security Notice 644-1 - It was discovered that libxml2 did not correctly handle long entity names. If a user were tricked into processing a specially crafted XML document, a remote attacker could execute arbitrary code with user privileges or cause the application linked against libxml2 to crash, leading to a denial of service. USN-640-1 fixed vulnerabilities in libxml2. When processing extremely large XML documents with valid entities, it was possible to incorrectly trigger the newly added vulnerability protections. This update fixes the problem.
9139e43fe95cb79654a777a5abce41c875cabcb649f86a564afc749503aed326Ubuntu Security Notice 640-1 - Andreas Solberg discovered that libxml2 did not handle recursive entities safely. If an application linked against libxml2 were made to process a specially crafted XML document, a remote attacker could exhaust the system's CPU resources, leading to a denial of service.
fd2bd1a56a00f0337d2ecf51a4155529229f544423d9c53fd71025bcbabe33b9Mandriva Linux Security Advisory - Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding. The original fix used to correct this issue caused some applications that used the libxml2 library to crash. These new updated packages use a different fix that does not cause certain linked applications to crash as the old packages did.
6978e44fa4ec963af815e34d9ca5be4c1c1f19cff96a972b445f68b57fcb7066Debian Security Advisory 1631-2 - The previous security update of the libxml2 package introduced some problems with other packages, most notably with librsvg. This update corrects these problems whilst still fixing the reported security problem.
e2c04840497407f72b22d172c8869ca3f0dd0582f1a08719fbb2c6501ff74096Pardus Linux Security Advisory - A vulnerability has been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service).
64c355dcce91e0b0f828984ad3723412eb26fdf00f38a5667c4504d985959f28Debian Security Advisory 1631-1 - Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU & memory resources were exhausted.
6c9094554c9bda05ea0527025db2031ca7ecdcbbd3fbd883d35e2efbd4657bd8Mandriva Linux Security Advisory - Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding. The updated packages have been patched to prevent this issue.
0ebde274e431550f35a889527dc2b914d5dea262f2c261477dd76032479d4aaa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed