CVE-2008-4225

Related Files

VMware Security Advisory 2009-0001

Posted Feb 1, 2009

Authored by VMware | Site vmware.com

VMware Security Advisory - Updated ESX patches address an issue loading corrupt virtual disks and update Service Console packages for net-snmp and libxml2.

tags | advisory

advisories | CVE-2008-4914, CVE-2008-4309, CVE-2008-4226, CVE-2008-4225

SHA-256 | 0e7b91107741d71e6675c0f2c159e51f653f073c37b9efdcb9785268746062c4

Download | Favorite | View

Gentoo Linux Security Advisory 200812-6

Posted Dec 2, 2008

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-06 - Multiple vulnerabilities in libxml2 might lead to execution of arbitrary code or Denial of Service. Versions less than 2.7.2-r1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2008-3281, CVE-2008-3529, CVE-2008-4225, CVE-2008-4226, CVE-2008-4409

SHA-256 | afea399183d7e4bf5793e6c11d39e7d05e10783db16546041be89900723e4205

Download | Favorite | View

Mandriva Linux Security Advisory 2008-231

Posted Nov 19, 2008

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2008-231 - Drew Yaro of the Apple Product Security Team found two flaws in libxml2. The first is a denial of service flaw in libxml2's XML parser. If an application linked against libxml2 were to process certain malformed XML content, it cause the application to enter an infinite loop. The second is an integer overflow that caused a heap-based buffer overflow in libxml2's XML parser. If an application linked against libxml2 were to process certain malformed XML content, it could cause the application to crash or possibly execute arbitrary code. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, overflow, arbitrary

systems | linux, apple, mandriva

advisories | CVE-2008-4225, CVE-2008-4226

SHA-256 | 7413d96099e6e8bf2e438e2347de0fdef4b3853b5f304fdd946d81861cdc2526

Download | Favorite | View

Ubuntu Security Notice 673-1

Posted Nov 19, 2008

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-673-1 - Drew Yao discovered that libxml2 did not correctly handle certain corrupt XML documents. If a user or automated system were tricked into processing a malicious XML document, a remote attacker could cause applications linked against libxml2 to enter an infinite loop, leading to a denial of service. Drew Yao discovered that libxml2 did not correctly handle large memory allocations. If a user or automated system were tricked into processing a very large XML document, a remote attacker could cause applications linked against libxml2 to crash, leading to a denial of service.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2008-4225, CVE-2008-4226

SHA-256 | 14aa962cd967df79c253c644c2c8828edaaf504811b1f094c29778d229459c52

Download | Favorite | View

Debian Linux Security Advisory 1666-1

Posted Nov 18, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1666-1 - Several vulnerabilities have been discovered in the GNOME XML library.

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2008-4225, CVE-2008-4226

SHA-256 | 064f38eb88ea26a817466095e1b24a56f4b59230023f2ebed8afe3093a55b66d

Download | Favorite | View