Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-2369-1:E14AE
HistorySep 09, 2020 - 10:41 p.m.

[SECURITY] [DLA 2369-1] libxml2 security update

2020-09-0922:41:50
lists.debian.org
78

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.029 Low

EPSS

Percentile

90.7%

JSON

Debian LTS Advisory DLA-2369-1 [email protected]
https://www.debian.org/lts/security/ Markus Koschany
September 09, 2020 https://wiki.debian.org/LTS

Package : libxml2
Version : 2.9.4+dfsg1-2.2+deb9u3
CVE ID : CVE-2017-8872 CVE-2017-18258 CVE-2018-14404
CVE-2018-14567 CVE-2019-19956 CVE-2019-20388
CVE-2020-7595 CVE-2020-24977
Debian Bug : 895245 862450 949583 969529 949582

Several security vulnerabilities were corrected in libxml2, the GNOME
XML library.

CVE-2017-8872

Global buffer-overflow in the htmlParseTryOrFinish function.

CVE-2017-18258

The xz_head function in libxml2 allows remote attackers to cause a
denial of service (memory consumption) via a crafted LZMA file,
because the decoder functionality does not restrict memory usage to
what is required for a legitimate file.

CVE-2018-14404

A NULL pointer dereference vulnerability exists in the
xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an
invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.
Applications processing untrusted XSL format inputs may be
vulnerable to a denial of service attack.

CVE-2018-14567

If the option --with-lzma is used, allows remote attackers to cause
a denial of service (infinite loop) via a crafted XML file.

CVE-2019-19956

The xmlParseBalancedChunkMemoryRecover function has a memory leak
related to newDoc->oldNs.

CVE-2019-20388

A memory leak was found in the xmlSchemaValidateStream function of
libxml2. Applications that use this library may be vulnerable to
memory not being freed leading to a denial of service.

CVE-2020-7595

Infinite loop in xmlStringLenDecodeEntities can cause a denial of
service.

CVE-2020-24977

Out-of-bounds read restricted to xmllint --htmlout.

For Debian 9 stretch, these problems have been fixed in version
2.9.4+dfsg1-2.2+deb9u3.

We recommend that you upgrade your libxml2 packages.

For the detailed security status of libxml2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libxml2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9i386python3-libxml2-dbg< 2.9.4+dfsg1-2.2+deb9u3python3-libxml2-dbg_2.9.4+dfsg1-2.2+deb9u3_i386.deb
Debian9arm64python3-libxml2-dbg< 2.9.4+dfsg1-2.2+deb9u3python3-libxml2-dbg_2.9.4+dfsg1-2.2+deb9u3_arm64.deb
Debian10armelpython-libxml2< 2.9.4+dfsg1-7+deb10u1python-libxml2_2.9.4+dfsg1-7+deb10u1_armel.deb
Debian10ppc64ellibxml2< 2.9.4+dfsg1-7+deb10u1libxml2_2.9.4+dfsg1-7+deb10u1_ppc64el.deb
Debian10mips64elpython-libxml2< 2.9.4+dfsg1-7+deb10u1python-libxml2_2.9.4+dfsg1-7+deb10u1_mips64el.deb
Debian9armhflibxml2-dbg< 2.9.4+dfsg1-2.2+deb9u3libxml2-dbg_2.9.4+dfsg1-2.2+deb9u3_armhf.deb
Debian9amd64libxml2-dev< 2.9.4+dfsg1-2.2+deb9u3libxml2-dev_2.9.4+dfsg1-2.2+deb9u3_amd64.deb
Debian9armellibxml2< 2.9.4+dfsg1-2.2+deb9u3libxml2_2.9.4+dfsg1-2.2+deb9u3_armel.deb
Debian10amd64libxml2-utils< 2.9.4+dfsg1-7+deb10u1libxml2-utils_2.9.4+dfsg1-7+deb10u1_amd64.deb
Debian8armhflibxml2-dbg< 2.9.1+dfsg1-5+deb8u7libxml2-dbg_2.9.1+dfsg1-5+deb8u7_armhf.deb
Rows per page:
1-10 of 1691

Related

nessus 70
osv 6
ibm 14
fedora 11
openvas 20
amazon 4
almalinux 2
oraclelinux 3
suse 5
redhat 4
altlinux 2
archlinux 1
centos 2
freebsd 1
debian 2
cloudfoundry 3
ics 1
ubuntu 3
gentoo 1
veracode 9
mageia 4
rubygems 1
photon 4
f5 1
cloudlinux 2
cve 4
github 2
redhatcve 3
prion 3
debiancve 4
ubuntucve 4
alpinelinux 2
rocky 1
nessus
nessus
Debian DLA-2369-1 : libxml2 security update
2020-09-10 00:00:00
SUSE SLES12 Security Update : libxml2 (SUSE-SU-2020:2609-1)
2020-12-09 00:00:00
Amazon Linux AMI : libxml2 (ALAS-2020-1438)
2020-10-27 00:00:00
osv
osv
libxml2 - security update
2020-09-09 00:00:00
libxml2 - security update
2018-09-27 00:00:00
libxml2 vulnerabilities
2021-06-17 14:59:21
ibm
ibm
Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in Libxml2
2023-12-07 22:45:07
Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by vulnerabilities in libxml2
2021-06-21 20:35:29
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in Libxml2
2021-03-11 19:45:15
fedora
fedora
[SECURITY] Fedora 31 Update: mingw-libxml2-2.9.10-3.fc31
2020-09-19 22:45:29
[SECURITY] Fedora 30 Update: libxml2-2.9.10-3.fc30
2020-04-30 02:51:35
[SECURITY] Fedora 32 Update: libxml2-2.9.10-7.fc32
2020-09-16 14:44:56
openvas
openvas
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1408)
2020-04-16 00:00:00
Fedora: Security Advisory for libxml2 (FEDORA-2020-0c71c00af4)
2020-04-30 00:00:00
Fedora: Security Advisory for mingw-libxml2 (FEDORA-2020-7694e8be73)
2020-05-02 00:00:00
amazon
amazon
Medium: libxml2
2020-10-26 18:09:00
Medium: libxml2
2020-10-22 18:25:00
Important: libxml2
2020-08-10 22:59:00
almalinux
almalinux
Moderate: libxml2 security update
2020-11-03 12:08:23
Moderate: libxml2 security update
2021-05-18 05:36:57
oraclelinux
oraclelinux
libxml2 security update
2020-11-10 00:00:00
libxml2 security and bug fix update
2020-10-06 00:00:00
libxml2 security update
2020-04-06 00:00:00
suse
suse
Security update for libxml2 (moderate)
2020-05-23 00:00:00
Security update for libxml2 (moderate)
2018-10-12 12:10:07
Security update for libxml2 (moderate)
2018-10-12 12:12:16
redhat
redhat
(RHSA-2020:3996) Moderate: libxml2 security and bug fix update
2020-09-29 07:49:53
(RHSA-2020:4479) Moderate: libxml2 security update
2020-11-03 12:08:23
(RHSA-2020:1190) Moderate: libxml2 security update
2020-03-31 09:30:25
altlinux
altlinux
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.10-alt4
2020-11-06 00:00:00
Security fix for the ALT Linux 9 package libxml2 version 1:2.9.10-alt4
2020-11-09 00:00:00
archlinux
archlinux
[ASA-202011-15] libxml2: multiple issues
2020-11-17 00:00:00
centos
centos
libxml2 security update
2020-10-20 18:27:26
libxml2 security update
2020-04-08 18:42:56
freebsd
freebsd
libxml -- multiple vulnerabilities
2020-01-21 00:00:00
debian
debian
[SECURITY] [DLA 1524-1] libxml2 security update
2018-09-27 20:04:03
[SECURITY] [DLA 2048-1] libxml2 security update
2019-12-28 17:59:43
cloudfoundry
cloudfoundry
USN-4274-1: libxml2 vulnerabilities | Cloud Foundry
2020-02-20 00:00:00
USN-3739-1: libxml2 vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
USN-4991-1: libxml2 vulnerabilities | Cloud Foundry
2021-07-08 00:00:00
ics
ics
Siemens SINEMA Remote Connect Server
2021-04-13 12:00:00
ubuntu
ubuntu
libxml2 vulnerabilities
2020-02-10 00:00:00
libxml2 vulnerabilities
2018-08-14 00:00:00
libxml2 vulnerabilities
2021-06-17 00:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2020-10-20 00:00:00
veracode
veracode
Copy-Paste Vulnerability (CPV) Through Libxml2
2018-10-16 03:04:15
Copy-Paste Vulnerability Through LibXML2
2018-04-24 02:43:19
Denial Of Service (DoS)
2020-04-01 00:39:17
mageia
mageia
Updated libxml2_2 packages fix security vulnerabilities
2020-02-25 00:44:46
Updated libxml2 packages fix security vulnerabilities
2019-01-23 18:50:09
Updated libxml2 packages fix security vulnerability
2020-01-05 18:37:51
rubygems
rubygems
Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
2018-10-03 21:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0271
2020-02-05 00:00:00
Important Photon OS Security Update - PHSA-2020-0203
2020-01-30 00:00:00
Important Photon OS Security Update - PHSA-2020-0271
2020-02-05 00:00:00
f5
f5
K76678525 : libxml2 vulnerabilities CVE-2015-8035 CVE-2016-5131 CVE-2017-15412 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567
2022-02-15 00:00:00
cloudlinux
cloudlinux
Fix of 8 CVEs
2022-01-11 12:18:56
Fix of CVE: CVE-2021-3516, CVE-2021-3537, CVE-2017-8872, CVE-2021-3518, CVE-2019-20388, CVE-2020-24977, CVE-2021-3541, CVE-2021-3517
2021-12-28 13:15:15
cve
cve
CVE-2017-18258
2018-04-08 17:29:00
CVE-2017-8872
2017-05-10 05:29:00
CVE-2018-14404
2018-07-19 13:29:00
github
github
Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.12
2021-05-17 20:52:05
Uncontrolled resource consumption in nokogiri
2018-04-13 16:17:46
redhatcve
redhatcve
CVE-2017-18258
2018-04-12 23:19:08
CVE-2019-20388
2020-02-06 19:14:17
CVE-2017-8872
2017-05-10 09:23:01
prion
prion
Design/Logic Flaw
2018-04-08 17:29:00
Information disclosure
2017-05-10 05:29:00
Memory corruption
2019-12-24 16:15:00
debiancve
debiancve
CVE-2017-18258
2018-04-08 17:29:00
CVE-2017-8872
2017-05-10 05:29:00
CVE-2018-14404
2018-07-19 13:29:00
ubuntucve
ubuntucve
CVE-2018-14404
2018-07-19 00:00:00
CVE-2019-20388
2020-01-21 00:00:00
CVE-2017-8872
2017-05-10 00:00:00
alpinelinux
alpinelinux
CVE-2019-20388
2020-01-21 23:15:00
CVE-2019-19956
2019-12-24 16:15:00
rocky
rocky
libxml2 security update
2021-05-18 05:36:57

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.029 Low

EPSS

Percentile

90.7%

JSON
Related for DEBIAN:DLA-2369-1:E14AE
nessus70osv6ibm14fedora11openvas20amazon4almalinux2oraclelinux3suse5redhat4altlinux2archlinux1centos2freebsd1debian2cloudfoundry3ics1ubuntu3gentoo1veracode9mageia4rubygems1photon4f51cloudlinux2cve4github2redhatcve3prion3debiancve4ubuntucve4alpinelinux2rocky1