Security Bulletin: Vulnerabilities in libxml2 affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2017-7376, CVE-2017-7375, CVE-2017-5969, CVE-2017-0663)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in libxml2. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in libxml2. Vulnerability Details CVEID: CVE-2017-7376 Descriptio...

Ubuntu: Security Advisory (USN-3424-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:2701-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2018-1089)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2018-1070)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Streams may be affected by XMLsoft Libxml2 vulnerabilities

Summary The libxml2 library, used by IBM Streams may have security vulnerabilities. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-7376 DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by the incorrect limit used when calculating the port val...

CVE-2017-7376

CVE-2017-7376 is described in the connected IBM bulletin as a buffer overflow in libxml2 that allows remote code execution by exploiting an incorrect limit for port values when handling redirects. The provided documents confirm the existence of this vulnerability and its impact on libxml2, but do...

Debian: Security Advisory (DLA-1060-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities

Use-after-free error could lead to crash CVE-2016-4658. Use-after-free vulnerability in libxml2 through 2.9.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function CVE-2016-5131. libxml2 2.9.4 and earli...

USN-3424-1: libxml2 vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code...

Remote Code Execution (RCE)

The nokogiri gem is susceptible to Remote Code Execution RCE. These vulnerabilities are possible because the gem contains a version of the libxml2 C package which is affected by CVE-2017-7375 and CVE-2017-7376 respectively. These vulnerabilities allow a malicious user to pass a XML file to execut...

Ubuntu 14.04 LTS / 16.04 LTS : libxml2 vulnerabilities (USN-3424-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3424-1 advisory. It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause...

[SECURITY] [DSA 3952-1] libxml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3952-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 23, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3952-1] libxml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3952-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 23, 2017 https://www.debian.org/security/faq -...

Debian DLA-1060-1 : libxml2 security update

CVE-2017-0663 Invalid casting of different structs could enable an attacker to remotely execute some code within the context of an unprivileged process. CVE-2017-7376 Incorrect limit used for port values. For Debian 7 'Wheezy', these problems have been fixed in version 2.8.0+dfsg1-7+wheezy9. We...

[SECURITY] [DLA 1060-1] libxml2 security update

Package : libxml2 Version : 2.8.0+dfsg1-7+wheezy9 CVE ID : CVE-2017-0663 CVE-2017-7376 CVE-2017-0663 Invalid casting of different structs could enable an attacker to remotely execute some code within the context of an unprivileged process. CVE-2017-7376 Incorrect limit used for port values. For...

openSUSE Security Update : libxml2 (openSUSE-2017-793)

This update for libxml2 fixes the following issues : Security issues fixed : - CVE-2017-7376: Increase buffer space for port in HTTP redirect support bsc1044887 - CVE-2017-7375: Prevent unwanted external entity reference bsc1044894 This update was imported from the SUSE:SLE-12-SP2:Update update...

SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1743-1)

This update for libxml2 fixes the following issues: Security issues fixed : - CVE-2017-7376: Increase buffer space for port in HTTP redirect support bsc1044887 - CVE-2017-7375: Prevent unwanted external entity reference bsc1044894, Note that Tenable Network Security has extracted the preceding...

CVE-2017-7376

Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects...