Lucene search

K
mageiaGentoo FoundationMGASA-2015-0457
HistoryNov 26, 2015 - 11:47 p.m.

Updated libxml2 packages fix security vulnerabilities

2015-11-2623:47:39
Gentoo Foundation
advisories.mageia.org
19

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.8%

Updated libxml2 packages fix security vulnerabilities: In libxml2 before 2.9.3, one case where when dealing with entities expansion, it failed to exit, leading to a denial of service (CVE-2015-5312). In libxml2 before 2.9.3, it was possible to hit a negative offset in the name indexing used to randomize the dictionary key generation, causing a heap buffer overflow in xmlDictComputeFastQKey (CVE-2015-7497). In libxml2 before 2.9.3, after encoding conversion failures, the parser was continuing to process to extract more errors, which can potentially lead to unexpected behaviour (CVE-2015-7498). In libxml2 before 2.9.3, the parser failed to detect a case where the current pointer to the input was out of range, leaving it in an incoherent state (CVE-2015-7499). In libxml2 before 2.9.3, a memory access error could happen while processing a start tag due to incorrect entities boundaries (CVE-2015-7500). In libxml2 before 2.9.3, a buffer overread in xmlNextChar due to extra processing of MarkupDecl after EOF has been reached (CVE-2015-8241). In libxml2 before 2.9.3, stack-basedb uffer overead with HTML parser in push mode (CVE-2015-8242). In libxml2 before 2.9.3, out of bounds heap reads could happen due to failure processing the encoding declaration of the XMLDecl in xmlParseEncodingDecl (CVE-2015-8317). In libxml2 before 2.9.3, out of bounds memory access via unclosed html comment (CVE-2015-8710).

OSVersionArchitecturePackageVersionFilename
Mageia5noarchlibxml2< 2.9.3-1libxml2-2.9.3-1.mga5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.8%