Apple Security Advisory 2014-01-22-1 - iTunes 11.1.4 is now available and addresses multiple security issues related to content control, code execution, and more. libxml and libxslt have also been updated to address memory corruption and code execution issues.
88e0818e053952a3bd2eb65f69993d1a072ba9bb5eaaa9ed5388a10cd7518e9e
Gentoo Linux Security Advisory 201311-6 - Multiple vulnerabilities have been found in libxml2, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 2.9.1-r1 are affected.
4a661c45126cb28fec4cfaca3ea442365ce97bcf38318f65b028a97746e2ef46
Apple Security Advisory 2013-09-20-1 - Apple TV 6.0 is now available and addresses 57 different vulnerabilities.
1829e75185a589dc360c1424fc0d1fcbf1d9598859d451423d0cc59a18b7b1c9
Apple Security Advisory 2013-09-18-2 - iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core Media, Data Protection, and various other issues and vulnerabilities.
28033ee75b46e43dd395d653bcaeafcb70f1b640306db4446062bdbfd7ff9c7f
Mandriva Linux Security Advisory 2013-056 - A heap-buffer overflow was found in the way libxml2 decoded certain XML entities. A remote attacker could provide a specially-crafted XML file, which once opened in an application linked against libxml would cause that application to crash, or, potentially, execute arbitrary code with the privileges of the user running the application. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption. An Off-by-one error in libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Multiple integer overflows in libxml2, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. The updated packages have been patched to correct these issues.
af9acf74042cc531e03902efd1151ff0e9a6cd65cb241177b80784cbcf067a2b
Red Hat Security Advisory 2013-0217-01 - These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW. IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat's discretion and these packages may be removed in a future minor release.
1cd549ed331d887cc45d0de02f4cca9d6965b1454f082a5f2089b316b13ce1f0
Slackware Security Advisory - New libxml2 packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue.
a2bd7297c9fbc5cf7a4fec75094beeb97cf2a4ed608a53bff474053ed709a9ea
Ubuntu Security Notice 1656-1 - It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. If a user or automated system were tricked into processing a specially crafted XML document, applications linked against libxml2 could be made to crash or possibly execute arbitrary code.
262ee9f9a12b339ba16f79249ef8e36409efc15e996ebb93531225f8cf7cd074
Mandriva Linux Security Advisory 2012-176 - A heap-buffer overflow was found in the way libxml2 decoded certain XML entities. A remote attacker could provide a specially-crafted XML file, which once opened in an application linked against libxml would cause that application to crash, or, potentially, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.
56848c6837d5dd168d8703f830f93c6aac1b8727f6e78d33bec04ca7064d1519
Debian Linux Security Advisory 2580-1 - Jueri Aedla discovered a buffer overflow in the libxml XML library, which could result in the execution of arbitrary code.
ba82ecf7261b5f9ccb47a4953b17881157f44466d3ae08228fe906291faa24db
Red Hat Security Advisory 2012-1512-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
6f7db09dd21f23e1bf77fc46e0f5d364af0871fe611443be9a977f18023d9919