SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   Libxml2 Vendors:   xmlsoft.org
Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts
SecurityTracker Alert ID:  1034243
SecurityTracker URL:  http://securitytracker.com/id/1034243
CVE Reference:   CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8035, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317   (Links to External Site)
Updated:  Dec 7 2015
Original Entry Date:  Nov 25 2015
Impact:   Denial of service via network, Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.9.3
Description:   Multiple vulnerabilities were reported in Libxml2. A remote user can cause denial of service conditions on the target system. The impact of some vulnerabilities was not specified.

A remote user can supply specially crafted XML data to trigger an XML entity expansion flaw in the xmlreader and consume excessive memory on the target system [CVE-2015-1819].

A buffer overread may occur in the HTML parse in the XML parser [CVE-2015-8241].

A buffer overread may occur in the HTML parse in push mode [CVE-2015-8242].

A memory access error may occur in handling incorrect entity boundaries [CVE-2015-7500].

Some parser errors may occur [CVE-2015-7499].

An entity expansion flaw may occur [CVE-2015-5312].

A heap overflow may occur in xmlDictComputeFastQKey() [CVE-2015-7497].

Processing of entities may occur after encoding conversion failures have occured [CVE-2015-7498]

An error may occur in XZ compression support [CVE-2015-8035].

Errors may occur in the cleanup of condition error handling and on parsing entity boundary errors [CVE-2015-7941].

A previous patch to correct an error in Conditional sections contained an overflow error [CVE-2015-7942].

An out-of-bounds heap read access error may occur [CVE-2015-8317].

Daniel Veillard, David Drysdale, and Hugh Davenport reported these vulnerabilities.

Impact:   A remote user can cause denial of service conditions.

The impact of some vulnerabilities was not specified.

Solution:   The vendor has issued a fix (2.9.3).

The vendor's advisory is available at:

http://www.xmlsoft.org/news.html

Vendor URL:  www.xmlsoft.org/ (Links to External Site)
Cause:   Access control error, Boundary error, Not specified
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Dec 7 2015 (Red Hat Issues Fix) Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Dec 7 2015 (Red Hat Issues Fix) Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Dec 7 2015 (Oracle Issues Fix for Oracle Linux) Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts
Oracle has issued a fix for Oracle Linux 6.
Dec 7 2015 (CentOS Issues Fix) Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts
CentOS has issued a fix for CentOS 6.
Dec 8 2015 (Oracle Issues Fix for Oracle Linux) Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts
Oracle has issued a fix for Oracle Linux 7.
Jan 26 2016 (HP Issues Fix for HP IceWall) Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts
HP has issued a fix for HP IceWall File Manager and IceWall Federation Agent.
Feb 24 2016 (IBM Issues Fix for IBM AIX) Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts
IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, and 7.2.
Mar 21 2016 (Apple Issues Fix for Apple iOS) Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts
Apple has issued a fix for Apple iOS.
Mar 22 2016 (Apple Issues Fix for Apple TV) Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts
Apple has issued a fix for Apple TV.
Mar 22 2016 (Apple Issues Fix for Apple Watch) Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts
Apple has issued a fix for Apple Watch.
Mar 22 2016 (Apple Issues Fix for Apple OS X) Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts
Apple has issued a fix for Apple OS X.
May 7 2016 (HP Issues Fix for HPE System Management Homepage) Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts
HP has issued a fix for HPE System Management Homepage.
May 12 2016 (IBM Issues Fix for IBM Cognos Business Intelligence Server) Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts
IBM has issued a fix for IBM Cognos Business Intelligence Server.
May 12 2016 (IBM Issues Fix for IBM Cognos Business Intelligence Server) Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts
IBM has issued a fix for IBM Cognos Business Intelligence Server.
Jun 23 2016 (IBM Issues Fix for IBM Sametime Media Server) Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts
IBM has issued a fix for IBM Sametime Media Server.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC