7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.018 Low
EPSS
Percentile
87.9%
USN-2834-1 libxml2 vulnerability
Medium
libxml2
Kostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499,CVE-2015-7500)
Hugh Davenport discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-8241, CVE-2015-8242)
Hanno Boeck discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-8317)
The Cloud Foundry project released a BOSH stemcell version 3146.1 and 3155 that has the patched version of the Linux kernel. A new Cloud Foundry rootfs was also released, cflinuxfs2 v.1.22.0, that has the patches.
_Severity is medium unless otherwise noted.
_
Users of affected versions should apply the following mitigation:
Kostya Serebryany, Hugh Davenport, Hanno Boeck