SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   Libxml2 Vendors:   xmlsoft.org
(CentOS Issues Fix) Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts
SecurityTracker Alert ID:  1034304
SecurityTracker URL:  http://securitytracker.com/id/1034304
CVE Reference:   CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317   (Links to External Site)
Date:  Dec 7 2015
Impact:   Denial of service via network, Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.9.3
Description:   Multiple vulnerabilities were reported in Libxml2. A remote user can cause denial of service conditions on the target system. The impact of some vulnerabilities was not specified.

A remote user can supply specially crafted XML data to trigger an XML entity expansion flaw in the xmlreader and consume excessive memory on the target system [CVE-2015-1819].

A buffer overread may occur in the HTML parse in the XML parser [CVE-2015-8241].

A buffer overread may occur in the HTML parse in push mode [CVE-2015-8242].

A memory access error may occur in handling incorrect entity boundaries [CVE-2015-7500].

Some parser errors may occur [CVE-2015-7499].

An entity expansion flaw may occur [CVE-2015-5312].

A heap overflow may occur in xmlDictComputeFastQKey() [CVE-2015-7497].

Processing of entities may occur after encoding conversion failures have occured [CVE-2015-7498]

An error may occur in XZ compression support [CVE-2015-8035].

Errors may occur in the cleanup of condition error handling and on parsing entity boundary errors [CVE-2015-7941].

A previous patch to correct an error in Conditional sections contained an overflow error [CVE-2015-7942].

An out-of-bounds heap read access error may occur [CVE-2015-8317].

Daniel Veillard, David Drysdale, and Hugh Davenport reported these vulnerabilities.

Impact:   A remote user can cause denial of service conditions.

The impact of some vulnerabilities was not specified.

Solution:   CentOS has issued a fix for CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, and CVE-2015-8317.

i386:
ef6fc5b110883e8b85e6e0aadb0dece190506569ba1c25247b612ffee5e10e7c libxml2-2.7.6-20.el6_7.1.i686.rpm
02e4ba1fea746762064a0fc7ba37d9fa1626cefd43257360db633fb23007c1d7 libxml2-devel-2.7.6-20.el6_7.1.i686.rpm
d45068dcb62936bfd95e45182c807339dc060963d97adeae4d7717943a0107df libxml2-python-2.7.6-20.el6_7.1.i686.rpm
3c14ee97b4f56ede803f59fcdadb4786e3e4ab6792d68e7b509e7a346973b363 libxml2-static-2.7.6-20.el6_7.1.i686.rpm

x86_64:
ef6fc5b110883e8b85e6e0aadb0dece190506569ba1c25247b612ffee5e10e7c libxml2-2.7.6-20.el6_7.1.i686.rpm
6c42e07b5804dc8c346d5fa29755a515e8338618fc2b228959e4449e0d7b3227 libxml2-2.7.6-20.el6_7.1.x86_64.rpm
02e4ba1fea746762064a0fc7ba37d9fa1626cefd43257360db633fb23007c1d7 libxml2-devel-2.7.6-20.el6_7.1.i686.rpm
46fa4d9f942837bb4dc48907578ed4e12ca6a830b61719c649ff2b7ac5292bbf libxml2-devel-2.7.6-20.el6_7.1.x86_64.rpm
248032ec39a9aa0964763fa824604bc696dc54b59adaaac6b9e7c54f76137518 libxml2-python-2.7.6-20.el6_7.1.x86_64.rpm
67315973b872c5fdfc8656df43af9d21bd9a881e4c20d1bff3f53db1def4022b libxml2-static-2.7.6-20.el6_7.1.x86_64.rpm

Source:
647b02b23b0fc8a0cb8d0821279cb4600f130b3776e345e91dee342f8dfbbbb4 libxml2-2.7.6-20.el6_7.1.src.rpm

Cause:   Access control error, Boundary error, Not specified
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6

Message History:   This archive entry is a follow-up to the message listed below.
Nov 25 2015 Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts



 Source Message Contents

Subject:  [CentOS-announce] CESA-2015:2549 Moderate CentOS 6 libxml2 Security Update


CentOS Errata and Security Advisory 2015:2549 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-2549.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
ef6fc5b110883e8b85e6e0aadb0dece190506569ba1c25247b612ffee5e10e7c  libxml2-2.7.6-20.el6_7.1.i686.rpm
02e4ba1fea746762064a0fc7ba37d9fa1626cefd43257360db633fb23007c1d7  libxml2-devel-2.7.6-20.el6_7.1.i686.rpm
d45068dcb62936bfd95e45182c807339dc060963d97adeae4d7717943a0107df  libxml2-python-2.7.6-20.el6_7.1.i686.rpm
3c14ee97b4f56ede803f59fcdadb4786e3e4ab6792d68e7b509e7a346973b363  libxml2-static-2.7.6-20.el6_7.1.i686.rpm

x86_64:
ef6fc5b110883e8b85e6e0aadb0dece190506569ba1c25247b612ffee5e10e7c  libxml2-2.7.6-20.el6_7.1.i686.rpm
6c42e07b5804dc8c346d5fa29755a515e8338618fc2b228959e4449e0d7b3227  libxml2-2.7.6-20.el6_7.1.x86_64.rpm
02e4ba1fea746762064a0fc7ba37d9fa1626cefd43257360db633fb23007c1d7  libxml2-devel-2.7.6-20.el6_7.1.i686.rpm
46fa4d9f942837bb4dc48907578ed4e12ca6a830b61719c649ff2b7ac5292bbf  libxml2-devel-2.7.6-20.el6_7.1.x86_64.rpm
248032ec39a9aa0964763fa824604bc696dc54b59adaaac6b9e7c54f76137518  libxml2-python-2.7.6-20.el6_7.1.x86_64.rpm
67315973b872c5fdfc8656df43af9d21bd9a881e4c20d1bff3f53db1def4022b  libxml2-static-2.7.6-20.el6_7.1.x86_64.rpm

Source:
647b02b23b0fc8a0cb8d0821279cb4600f130b3776e345e91dee342f8dfbbbb4  libxml2-2.7.6-20.el6_7.1.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC