Lucene search

K
amazonAmazonALAS-2016-719
HistoryJul 14, 2016 - 4:30 p.m.

Important: libxml2

2016-07-1416:30:00
alas.aws.amazon.com
44

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.036

Percentile

91.7%

Issue Overview:

A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2016-1834, CVE-2016-1840)

Multiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)

Affected Packages:

libxml2

Issue Correction:
Run yum update libxml2 to update your system.

New Packages:

i686:  
    libxml2-debuginfo-2.9.1-6.3.49.amzn1.i686  
    libxml2-python27-2.9.1-6.3.49.amzn1.i686  
    libxml2-2.9.1-6.3.49.amzn1.i686  
    libxml2-static-2.9.1-6.3.49.amzn1.i686  
    libxml2-python26-2.9.1-6.3.49.amzn1.i686  
    libxml2-devel-2.9.1-6.3.49.amzn1.i686  
  
src:  
    libxml2-2.9.1-6.3.49.amzn1.src  
  
x86_64:  
    libxml2-static-2.9.1-6.3.49.amzn1.x86_64  
    libxml2-2.9.1-6.3.49.amzn1.x86_64  
    libxml2-debuginfo-2.9.1-6.3.49.amzn1.x86_64  
    libxml2-python26-2.9.1-6.3.49.amzn1.x86_64  
    libxml2-python27-2.9.1-6.3.49.amzn1.x86_64  
    libxml2-devel-2.9.1-6.3.49.amzn1.x86_64  

Additional References

Red Hat: CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449

Mitre: CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.036

Percentile

91.7%