USN-640-1: libxml2 vulnerability

Andreas Solberg discovered that libxml2 did not handle recursive entities safely. If an application linked against libxml2 were made to process a specially crafted XML document, a remote attacker could exhaust the system's CPU resources, leading to a denial of service...

CVE-2003-1564

CVE-2003-1564 involves the XML parser library (libxml2) and a failure to detect recursion during entity expansion. A crafted XML document with a large number of nested entity references can trigger a denial of service through excessive memory and CPU usage (the classic “billion laughs” scenario)....

CVE-2003-1564

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, aka the "billion laughs...

Security fix for the ALT Linux 5 package libxml2 version 1:2.6.32-alt3

Sept. 1, 2008 Alexey Tourbin 1:2.6.32-alt3 - upstream update for CVE-2008-3281 to avoid ABI issues...

Security fix for the ALT Linux 9 package libxml2 version 1:2.6.32-alt3

Sept. 1, 2008 Alexey Tourbin 1:2.6.32-alt3 - upstream update for CVE-2008-3281 to avoid ABI issues...

Code injection

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

DEBIAN-CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

CVE-2008-3281

libxml2 up to version 2.6.32 is affected by CVE-2008-3281 due to improper detection of recursion during entity expansion in an attribute value, enabling a denial-of-service via crafted XML (memory and CPU consumption). The Gentoo GLSA confirms this, and recommends upgrading to libxml2 >= 2.7.2...

CentOS 3 / 4 / 5 : libxml2 (CESA-2008:0836)

Updated libxml2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 26th August 2008 The original fix used in this errata caused some applications using the libxml2 library in an...

[SECURITY] [DSA 1631-1] New libxml2 packages fix denial of service

------------------------------------------------------------------------ Debian Security Advisory DSA-1631-2 [email protected] http://www.debian.org/security/ Steve Kemp August 26, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

libxml2递归实体远程拒绝服务漏洞

BUGTRAQ ID: 30783 CVECAN ID: CVE-2008-3281 libxml2软件包提供允许用户操控XML文件的函数库，包含有读、修改和写XML和HTML文件支持。 libxml2库在解析某些XML内容时没有正确地检查递归深度，使用Libxml2库的应用程序在处理特制XML文档时可能会耗尽所有可用的内存和CPU资源。 XMLSoft Libxml2 2.6.x 厂商补丁： Debian ------ Debian已经为此发布了一个安全公告（DSA-1631-1）以及相应补丁: DSA-1631-1：New libxml2 packages fix denial of...

libxml2 security update

CentOS Errata and Security Advisory CESA-2008:0836-02 Updated libxml2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 26th August 2008 The original fix used in this errata caused som...

[SECURITY] [DSA 1631-1] New libxml2 packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1631-1 [email protected] http://www.debian.org/security/ Steve Kemp August 22, 2008 http://www.debian.org/security/faq -...

Debian DSA-1631-2 : libxml2 - denial of service

Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU and memory resources were exhausted. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...

libxml2 security update

CentOS Errata and Security Advisory CESA-2008:0836 Updated libxml2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 26th August 2008 The original fix used in this errata caused some...