Lucene search
DebianDEBIAN:DLA-355-1:F71E7HistoryNov 29, 2015 - 11:00 p.m.
[SECURITY] [DLA 355-1] libxml2 security update
2015-11-2923:00:36
lists.debian.org
20
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.1%
Package : libxml2
Version : 2.7.8.dfsg-2+squeeze15
CVE ID : CVE-2015-8241 CVE-2015-8317
Debian Bug : 806384
CVE-2015-8241
Buffer overread with XML parser in xmlNextChar
CVE-2015-8317
- issues in the xmlParseXMLDecl function:
If we fail conversing the current input stream while
processing the encoding declaration of the XMLDecl
then it's safer to just abort there and not try to
report further errors. - If the string is not properly terminated do not try to convert
to the given encoding.
Additional fix for off by one error in previous patch for CVE-2015-7942
(thanks to Salvatore for spotting this)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 6 | all | python-libxml2-dbg | < 2.7.8.dfsg-2+squeeze15 | python-libxml2-dbg_2.7.8.dfsg-2+squeeze15_all.deb |
| Debian | 6 | all | libxml2-utils | < 2.7.8.dfsg-2+squeeze15 | libxml2-utils_2.7.8.dfsg-2+squeeze15_all.deb |
| Debian | 6 | all | libxml2 | < 2.7.8.dfsg-2+squeeze15 | libxml2_2.7.8.dfsg-2+squeeze15_all.deb |
| Debian | 6 | all | libxml2-dbg | < 2.7.8.dfsg-2+squeeze15 | libxml2-dbg_2.7.8.dfsg-2+squeeze15_all.deb |
| Debian | 6 | all | libxml2-doc | < 2.7.8.dfsg-2+squeeze15 | libxml2-doc_2.7.8.dfsg-2+squeeze15_all.deb |
| Debian | 6 | all | python-libxml2 | < 2.7.8.dfsg-2+squeeze15 | python-libxml2_2.7.8.dfsg-2+squeeze15_all.deb |
| Debian | 6 | all | libxml2-dev | < 2.7.8.dfsg-2+squeeze15 | libxml2-dev_2.7.8.dfsg-2+squeeze15_all.deb |
Related
openvas
openvas
Debian: Security Advisory (DLA-355-1)
2023-03-08 00:00:00
RedHat Update for libxml2 RHSA-2015:2549-01
2015-12-08 00:00:00
Oracle: Security Advisory (ELSA-2015-2549)
2015-12-08 00:00:00
osv
osv
libxml2 - security update
2015-11-29 00:00:00
libxml2 - security update
2015-10-25 00:00:00
CVE-2016-9597
2018-07-30 14:29:02
nessus
nessus
Debian DLA-355-1 : libxml2 security update
2015-11-30 00:00:00
AIX 7.1 TL 4 : bos.rte.control (U868931)
2016-05-19 00:00:00
AIX 5.3 TL 12 : libxml2 (IV80617)
2016-02-23 00:00:00
ibm
ibm
aix
aix
Vulnerabilities in LibXML2 affect AIX,Vulnerabilities in LibXML2 affect VIOS
2016-02-22 08:06:13
prion
prion
Heap overflow
2015-12-15 21:59:00
Heap overflow
2015-12-15 21:59:00
Design/Logic Flaw
2016-07-22 02:59:00
veracode
veracode
Out-of-Bounds Read
2018-08-01 07:17:57
Denial Of Service (DoS)
2018-08-01 07:37:06
Denial Of Service (DoS)
2019-05-02 05:51:46
debiancve
debiancve
ubuntucve
ubuntucve
cve
cve
redhat
redhat
(RHSA-2015:2549) Moderate: libxml2 security update
2015-12-07 00:00:00
(RHSA-2015:2550) Moderate: libxml2 security update
2015-12-07 10:04:33
oraclelinux
oraclelinux
libxml2 security update
2015-12-07 00:00:00
libxml2 security update
2015-12-07 00:00:00
centos
centos
libxml2 security update
2015-12-07 13:26:33
libxml2 security update
2015-12-07 20:38:05
mageia
mageia
Updated libxml2 packages fix security vulnerabilities
2015-11-02 23:21:29
Updated libxml2 packages fix security vulnerabilities
2015-11-26 23:47:39
debian
debian
[SECURITY] [DLA 334-1] libxml2 security update
2015-10-25 17:15:30
[SECURITY] [DSA 3430-1] libxml2 security update
2015-12-23 13:19:18
[SECURITY] [DSA 3430-1] libxml2 security update
2015-12-23 13:19:37
f5
f5
K61570943 : Multiple libXML2 vulnerabilities
2016-02-15 00:00:00
SOL61570943 - libXML2 vulnerabilities CVE-2015-7941 and CVE-2015-7942
2016-02-15 00:00:00
amazon
amazon
Medium: libxml2
2015-12-14 10:00:00
Medium: libxml2
2019-05-29 19:14:00
cloudfoundry
cloudfoundry
USN-2834-1 libxml2 vulnerability | Cloud Foundry
2016-01-07 00:00:00
ubuntu
ubuntu
libxml2 vulnerabilities
2015-12-14 00:00:00
libxml2 vulnerabilities
2015-11-16 00:00:00
rubygems
rubygems
Nokogiri gem contains several vulnerabilities in libxml2
2015-12-14 21:00:00
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
2015-04-13 21:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: mingw-libxml2-2.9.3-1.fc22
2016-02-17 04:26:04
[SECURITY] Fedora 23 Update: mingw-libxml2-2.9.3-1.fc23
2016-02-17 04:02:04
[SECURITY] Fedora 22 Update: libxml2-2.9.3-1.fc22
2015-11-30 23:26:43
freebsd
freebsd
libxml2 -- multiple vulnerabilities
2015-11-20 00:00:00
suse
suse
Security update for sles12-docker-image (important)
2016-03-16 15:28:52
archlinux
archlinux
libxml2: multiple issues
2015-12-09 00:00:00
apple
apple
About the security content of iCloud for Windows 5.2.1 - Apple Support
2017-06-10 11:43:45
About the security content of iTunes 12.4.2 for Windows - Apple Support
2017-06-10 11:47:52
About the security content of iCloud for Windows 5.2.1
2016-07-18 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1905
2021-07-02 17:25:35
gentoo
gentoo
libxml2: Multiple vulnerabilities
2017-01-16 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.1%
Related for DEBIAN:DLA-355-1:F71E7