CVE-2013-0338

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service CPU and memory consumption via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity...

CVE-2013-1969

Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to the 1 htmlParseChunk and 2 xmldecldone functions, as demonstrated by a buffer...

CVE-2013-1969

CVE-2013-1969 affects libxml2 (notably 2.9.0 and possibly later) with multiple use-after-free vulnerabilities in parsing code. The advisory describes context-dependent attackers potentially crashing the process or, in some cases, executing arbitrary code via the htmlParseChunk and xmldecl_done pa...

CVE-2013-0338

The vulnerability described (CVE-2013-0338) affects libxml2 2.9.0 and earlier, where an XML file containing an entity declaration with long replacement text and many references can cause a denial of service through entity expansion. This is a context-dependent DoS affecting CPU and memory usage. ...

CVE-2013-0338

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service CPU and memory consumption via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity...

CVE-2013-1969

Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to the 1 htmlParseChunk and 2 xmldecldone functions, as demonstrated by a buffer...

[SECURITY] Fedora 19 Update: libxml2-2.9.1-1.fc19

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

[SECURITY] Fedora 18 Update: libxml2-2.9.1-1.fc18

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

CVE-2013-1969

Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to the 1 htmlParseChunk and 2 xmldecldone functions, as demonstrated by a buffer...

Fedora Update for libxml2 FEDORA-2013-6110

Check for the Version of libxml2 OpenVAS Vulnerability Test Fedora Update for libxml2 FEDORA-2013-6110 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for libxml2 FEDORA-2013-6110

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 18 : libxml2-2.9.1-1.fc18 (2013-6110)

New upstream release 2.9.1 Fixes a couple of potential security issues and a number of bug Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

Mandriva Linux Security Advisory : libxml2 (MDVSA-2013:056)

Multiple vulnerabilities was found and corrected in libxml2 : A heap-buffer overflow was found in the way libxml2 decoded certain XML entitites. A remote attacker could provide a specially crafted XML file, which once opened in an application linked against libxml would cause that application to...

Fedora Update for libxslt FEDORA-2013-4507

Check for the Version of libxslt OpenVAS Vulnerability Test Fedora Update for libxslt FEDORA-2013-4507 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 18 Update: libxslt-1.1.28-1.fc18

This C library allows to transform XML files into other XML files or HTML, text, ... using the standard XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 =3D 2.6.27 installed. The xsltproc command is a command line interface to the XSLT eng ine...

[SECURITY] [DSA 2659-1] libapache-mod-security security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2659-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 09, 2013 http://www.debian.org/security/faq -...

libxml2 -- lack of end-of-document check DoS

CVE MITRE reports: parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service out-of-bounds read via a document that ends abruptly, related to the lack of certain checks for the XMLPARSEREOF state...

Debian DSA-2659-1 : libapache-mod-security - XML external entity processing vulnerability

Timur Yunusov and Alexey Osipov from Positive Technologies discovered that the XML files parser of ModSecurity, an Apache module whose purpose is to tighten the Web application security, is vulnerable to XML external entities attacks. A specially crafted XML file provided by a remote attacker,...

DSA-2659-1 libapache-mod-security - XML external entity processing vulnerability

Bulletin has no description...

Debian Security Advisory DSA 2659-1 (libapache-mod-security - XML external entity processing vulnerability)

Timur Yunusov and Alexey Osipov from Positive Technologies discovered that the XML files parser of ModSecurity, an Apache module whose purpose is to tighten the Web application security, is vulnerable to XML external entities attacks. A specially-crafted XML file provided by a remote attacker,...