MGASA-2022-0412 Updated libxml2 packages fix security vulnerability

Integer overflows with XMLPARSEHUGE. CVE-2022-40303 Dict corruption caused by entity reference cycles. CVE-2022-40304...

libxml2: Incorrect server side include parsing can lead to XSS

A Cross-site scripting XSS vulnerability was found in libxml2. A specially crafted input, when serialized and re-parsed by the libxml2 library, will result in a document with element attributes that did not exist in the original document...

Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

libxml2 security update

An update is available for libxml2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libxml2 library is a development toolbox providing the implementation of...

RLSA-2022:7715 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Incorrect server side include parsing can lead to XSS CVE-2016-3709 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

ALSA-2022:7715 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Incorrect server side include parsing can lead to XSS CVE-2016-3709 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Incorrect server side include parsing can lead to XSS CVE-2016-3709 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to denial of service due to CVE-2017-18258

Summary libxml2 is not used directly by IBM App Connect Enterprise Certified Container but is present in the images as part of the base operating system packages. IBM App Connect Enterprise Certified Container may be vulnerable to denial of service. This bulletin provides patch information to...

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to CVE-2022-29824

Summary GNOME libxml2 is not used directly by IBM App Connect Enterprise Certified Container but is present in the operand images as part of the base operating system. Use of libxml2 within IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution and...

Vulnerabilities fixed in libxml2

Vulnerabilities have been fixed in libxml2. The vulnerabilities allow a remote malicious person to cause a denial-of-service cause. -= Debian =- Debian has made updates to libxml2 available for Debian 11.0 Bullseye to address the vulnerabilities. You can install the custom packages installed by...

Debian: Security Advisory (DSA-5271-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:3871-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-5271-1 : libxml2 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5271 advisory. - Please review the referenced CVE identifiers for details. CVE-2022-40303, CVE-2022-40304 Note that Nessus has not tested for these issues but has instead relied...

[SECURITY] [DSA 5271-1] libxml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5271-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 05, 2022 https://www.debian.org/security/faq -...

Amazon Linux 2022 : libxml2, libxml2-devel, libxml2-static (ALAS2022-2022-198)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-198 advisory. valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the...

SUSE SLED15: libxml2-2 / libxml2-2-32bit / libxml2-devel / libxml2-devel-32bit / etc (SUSE-SU-2022:3871-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3871-1 advisory. - CVE-2016-3709: Fixed possible XSS vulnerability bsc1201978. - CVE-2022-40303: Fixed integer...

DSA-5271-1 libxml2 - security update

Bulletin has no description...

SUSE-SU-2022:3871-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability bsc1201978. - CVE-2022-40303: Fixed integer overflows with XMLPARSEHUGE bsc1204366. - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles bsc1204367...

CLSA-2022-1667512639 Fix CVE(s): CVE-2016-3709

SECURITY UPDATE: Possible cross-site scripting vulnerability in libxml2 - debian/patches/CVE-2016-3709.patch: Revert commit 960f0e27 that has some problems - CVE-2016-3709 Fix parser termination from "Double hyphen within comment" error...

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to CVE-2017-0663 and loss of confidentiality due to CVE-2017-7375

Summary Libxml2 is not used directly by IBM App Connect Enterprise Certified Container but is present in the operand images as part of the base operating system. Use of libxml2 within IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution and loss of...