CVE-2009-2416

CVE-2009-2416 is a use-after-free in libxml2 (versions 2.5.10, 2.6.16, 2.6.26, 2.6.27, 2.6.32) and libxml 1.8.17 triggered by crafted Notation/Enumeration attribute types in a DTD; leads to denial of service (application crash). Related CVE-2009-2414 is a stack-growth DoS via deep DTD structures....

CVE-2009-2414

CVE-2009-2414 and CVE-2009-2416 affect libxml2/libxml (legacy 2.5.10/2.6.x and libxml1 1.8.17). CVE-2009-2414 is a stack-growth/recursion issue in DTD processing (depth of element declarations) leading to DoS via application crash; CVE-2009-2416 involves use-after-free via crafted Notation or Enu...

CVE-2009-2414

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...

USN-815-1: libxml2 vulnerabilities

It was discovered that libxml2 did not correctly handle root XML document element DTD definitions. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. CVE-2009-2414 ...

CVE-2009-2414

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...

[SECURITY] [DSA 1859-1] New libxml2 packages fix several issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1859-1 [email protected] http://www.debian.org/security/ Nico Golde August 10th, 2009 http://www.debian.org/security/faq -...

CVE-2009-2416

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service application crash via crafted 1 Notation or 2 Enumeration attribute types in an XML file, as demonstrated by the...

CentOS 3 / 5 : libxml / libxml2 (CESA-2009:1206)

Updated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxml is a library for parsing and manipulating XML files. A...

RHEL 3 / 4 / 5 : libxml and libxml2 (RHSA-2009:1206)

Updated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxml is a library for parsing and manipulating XML files. A...

[SECURITY] [DSA 1859-1] New libxml2 packages fix several issues

-------------------------------------------------------------------------- Debian Security Advisory DSA-1859-1 [email protected] http://www.debian.org/security/ Nico Golde August 10th, 2009 http://www.debian.org/security/faq -...

mingw32-libxml2: Stack overflow by parsing root XML element DTD definition

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...

Moderate: Red Hat Security Advisory: libxml and libxml2 security update

Updated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxml is a library for parsing and manipulating XML files. A...

mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service application crash via crafted 1 Notation or 2 Enumeration attribute types in an XML file, as demonstrated by the...

libxml and libxml2 security update

libxml: 1:1.8.17-9.3 - fix a couple of crash - Resolves: rhbg515226 libxml2: 2.6.26-2.1.2.8.0.1 - Add libxml2-enterprise.patch and update logos in tarball 2.6.26-2.1.2.8 - Fix a couple of crash CVE-2009-2414 and CVE-2009-2416 - Resolves: rhbz515236...

PT-2009-1016 · Xmlsoft +2 · Libxml +3

Name of the Vulnerable Software and Affected Versions: libxml2 versions 2.5.10 through 2.6.32 libxml version 1.8.17 Description: The issue allows context-dependent attackers to cause a denial of service, resulting in an application crash, via crafted Notation or Enumeration attribute types in an...

PT-2009-1015 · Xml +2 · Libxml2 +2

Name of the Vulnerable Software and Affected Versions: libxml2 versions 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32 libxml version 1.8.17 libxml2 versions prior to 2.7.3 Description: The issue is related to a stack consumption vulnerability in libxml2, allowing context-dependent attackers to cause...

DSA-1859-1 libxml2 - several issues

Bulletin has no description...

VMSA-2009-0001 : ESX patches address an issue loading corrupt virtual disks and update Service Console packages

a. Loading a corrupt delta disk may cause ESX to crash If the VMDK delta disk of a snapshot is corrupt, an ESX host might crash when the corrupted disk is loaded. VMDK delta files exist for virtual machines with one or more snapshots. This change ensures that a corrupt VMDK delta file cannot be...

VMSA-2008-0017 : Updated ESX packages for libxml2, ucd-snmp, libtiff

a. Updated ESX Service Console package libxml2 A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding. The Common...

openSUSE Security Update : libxml2 (libxml2-314)

libxml2 could run into an endless loop when processing specially crafted XML files CVE-2008-4225 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update libxml2-314. The text description of this plugi...