Debian: Security Advisory (DLA-3405-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: libxml2

Issue Overview: A NULL pointer dereference exists when parsing invalid XML schemas in libxml2 xmlSchemaCheckCOSSTDerivedOK CVE-2023-28484 libxml2 Hashing of empty dict strings isn't deterministic. When hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce...

Amazon Linux 2 : libxml2 (ALAS-2023-2021)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2021 advisory. A NULL pointer dereference exists when parsing invalid XML schemas in libxml2 xmlSchemaCheckCOSSTDerivedOK CVE-2023-28484...

Debian dla-3405 : libxml2 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3405 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3405-1 [email protected]...

[SECURITY] [DLA 3405-1] libxml2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3405-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz April 30, 2023 https://wiki.debian.org/LTS -...

DLA-3405-1 libxml2 - security update

Bulletin has no description...

USN-6028-1: libxml2 vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that lixml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

SUSE: Security Advisory (SUSE-SU-2023:2054-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15: libxml2-2 / libxml2-2-32bit / libxml2-devel / libxml2-devel-32bit / etc (SUSE-SU-2023:2053-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2053-1 advisory. - CVE-2023-29469: Fixed inconsistent result when hashing empty strings bsc1210412. -...

SUSE SLES12: libxml2-2 / libxml2-2-32bit / libxml2-devel / libxml2-doc / etc (SUSE-SU-2023:2054-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2054-1 advisory. - CVE-2023-29469: Fixed inconsistent result when hashing empty strings bsc1210412. - CVE-2023-28484: Fixed NULL pointer dereference...

SUSE-SU-2023:2054-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings bsc1210412. - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType bsc1210411...

SUSE-SU-2023:2053-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings bsc1210412. - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType bsc1210411. The following non-security bug was fixed: - Remove unneeded dependency...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1660)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1626)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:2048-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.0 : libxml2 (EulerOS-SA-2023-1660)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option...

EulerOS Virtualization 2.9.1 : libxml2 (EulerOS-SA-2023-1626)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option...

SUSE SLES15: libxml2-2 / libxml2-2-32bit / libxml2-devel / libxml2-tools / etc (SUSE-SU-2023:2048-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2048-1 advisory. - CVE-2023-29469: Fixed inconsistent result when hashing empty strings bsc1210412. - CVE-2023-28484: Fixed NULL point...

SUSE-SU-2023:2048-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings bsc1210412. - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType bsc1210411. - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write ...

Denial Of Service (DoS)

libxml2.so is vulnerable to Denial of Service DoS attacks. The vulnerability exists in xmlSchemaFixupComplexType of xmlschemas.c, which allows a remote attacker to trigger a NULL pointer dereference leading to a segmentation fault, causing the application to crash...