Important Photon OS Security Update - PHSA-2025-4.0-0821

Updates of 'gobgp', 'libxml2' packages of Photon OS have been released...

MGASA-2025-0139 Updated libxml2 packages fix security vulnerabilities

CVE-2025-32414 Buffer overflow when parsing text streams with Python API CVE-2025-32415 Heap-based Buffer Overflow in xmlSchemaIDCFillNodeTables...

Linux Distros Unpatched Vulnerability : CVE-2016-3705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 xmlParserEntityCheck and 2 xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows...

MGASA-2025-0073 Updated libxml2 packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Use-after-free in xmlSchemaIDCFillNodeTables. CVE-2024-56171 Stack-buffer-overflow in xmlSnprintfElements. CVE-2025-24928 Null-deref in xmlPatMatch. CVE-2025-27113...

MGASA-2024-0211 Updated libxml2 packages fix security vulnerability

The updated packages fix a security vulnerability: An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. CVE-2024-34459...

Updated libxml2 packages fix a security vulnerability

The updated packages fix a security vulnerability: Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. CVE-2023-39615...

NewStart CGSL CORE 5.05 / MAIN 5.05 : libxml2 Vulnerability (NS-SA-2023-0008)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libxml2 packages installed that are affected by a vulnerability: - xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forb...

Updated libxml2 packages fix a security vulnerability

Exponential entity expansion attack bypasses all existing protection mechanisms. CVE-2021-3541...

MGASA-2021-0213 Updated libxml2 packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Use-after-free in xmlEncodeEntitiesInternal in entities.c. CVE-2021-3516 Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c. CVE-2021-3517 Use-after-free in xmlXIncludeDoProcess in xinclude.c. CVE-2021-3518 NULL pointer...

MGASA-2020-0271 Updated libxml2 packages fix security vulnerability

Updated libxml2 packages fix security vulnerability: The fix for CVE-2019-19956 introduced regressions which can cause invalid xmlns references in output and memory leaks, possibly leading to more serious security issues. The broken fix has been reverted...

MGASA-2020-0020 Updated libxml2 packages fix security vulnerability

The updated packages fix a security vulnerability: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs. CVE-2019-19956...

MGASA-2016-0187 Updated libxml2 packages fix security vulnerability

When running in recovery mode, certain invalid XML documents would trigger an infinite recursion in libxml2 that ran until all stack space was exhausted. This vulnerability could have been used to facilitate a denial-of-sevice attack CVE-2016-3627. libxml2 limits the number of recursions an XML...

MGASA-2015-0358 Updated libxml2 packages fix security vulnerabilities

Updated libxml2 packages fix security vulnerability: The xmlreader in libxml2 allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack CVE-2015-1819. The libxml2 package has been patched to fix this issue, as well ...

MGASA-2013-0218 Updated libxml2 packages fix CVE-2013-2877

It was discovered that libxml2 incorrectly handled documents that end abruptly. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service CVE-2013-2877...