Gentoo Linux Security Advisory 201412-11 - Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 20140406-r1 are affected.
0d52bd946d4c830b5f1f480535296f513bafe2d3abc811d6666cbb6fb317a087VMware Security Advisory 2014-0012 - VMware vSphere product updates address a Cross Site Scripting issue, a certificate validation issue and security vulnerabilities in third-party libraries.
7ae55e0d099a866f9060eaf2dd855d5f0aec675081fb0bc4925cd992333a41a6Red Hat Security Advisory 2014-0513-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity attacks, possibly resulting in a denial of service or an information leak on the system. An out-of-bounds read flaw was found in the way libxml2 detected the end of an XML file. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to crash.
3d551b6c132f55a4510bfa07d62cbc76c5971974060b32e4b1e88be27977c857Gentoo Linux Security Advisory 201311-6 - Multiple vulnerabilities have been found in libxml2, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 2.9.1-r1 are affected.
4a661c45126cb28fec4cfaca3ea442365ce97bcf38318f65b028a97746e2ef46Debian Linux Security Advisory 2779-1 - Aki Helin of OUSPG discovered many out-of-bounds read issues in libxml2, the GNOME project's XML parser library, which can lead to denial of service issues when handling XML documents that end abruptly.
4682eeca0f934912986654d74a9f0a116b0158b32579eddd8bf333493da86f86Mandriva Linux Security Advisory 2013-198 - A denial of service flaw was found in the way libxml2, a library providing support to read, modify and write XML and HTML files, performed string substitutions when entity values for external entity references replacement was requested / enabled during the XML file parsing. A remote attacker could provide a specially-crafted XML file containing an external entity expansion, when processed would lead to excessive CPU consumption (denial of service.This a different flaw from CVE-2013-0338. parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. The updated packages have been patched to correct these issues.
0adde045bd99e01ceb9cddd85290c183f51ea250b87fc07a959a2b1d427e791dDebian Linux Security Advisory 2724-1 - Several vulnerabilities have been discovered in the Chromium web browser.
c56abdd979ad1791b0c97f5cbfe6e0aea3eb1051cb9ca106027b3fa6fbfd6a9dUbuntu Security Notice 1904-2 - USN-1904-1 fixed vulnerabilities in libxml2. The update caused a regression for certain users. This update fixes the problem. It was discovered that libxml2 would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. Various other issues were also addressed.
73ee61050460c5c1a204774c868ab1fa47667ad17da81dbf917de23f5248cb36Ubuntu Security Notice 1904-1 - It was discovered that libxml2 would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. It was discovered that libxml2 incorrectly handled documents that end abruptly. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. Various other issues were also addressed.
cd859ab9c1529eb842030310fdae2e007f5f2c595e947035ccee976394f0e6e5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed