Fedora 28 : php (2018-b6072889db)

PHP version 7.2.10 13 Sep 2018 Core: - Fixed bug php76754 parent private constant in extends class memory leak. Laruence - Fixed bug php72443 Generate enabled extension. petk - Fixed bug php75797 Memory leak when using classalias in non-debug mode. Massimiliano Braglia Apache2: - Fixed bug php765...

Fedora 29 : php (2018-791c3cfe21)

PHP version 7.2.10 13 Sep 2018 Core: - Fixed bug php76754 parent private constant in extends class memory leak. Laruence - Fixed bug php72443 Generate enabled extension. petk - Fixed bug php75797 Memory leak when using classalias in non-debug mode. Massimiliano Braglia Apache2: - Fixed bug php765...

Fedora 27 : php (2018-25100b492c)

PHP version 7.1.22 13 Sep 2018 Core: - Fixed bug php76754 parent private constant in extends class memory leak. Laruence - Fixed bug php72443 Generate enabled extension. petk Apache2: - Fixed bug php76582 Apache bucket brigade sometimes becomes invalid. stas Bz2: - Fixed arginfo for bzcompress...

GHSA-Q7WX-62R7-J2X7 Nokogiri vulnerable to libxml XML Entity Expansion

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

Nokogiri vulnerable to libxml XML Entity Expansion

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

DEBIAN-CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...

PT-2018-2348

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.9 Description The issue is related to a NULL pointer dereference vulnerability in the xpath.c:xmlXPathCompOpEval function of libxml2. This vulnerability can be exploited by a remote attacker, allowing them to caus...

Security Bulletin: Multiple Vulnerabilities in libxml, OpenSSH, Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-1819, CVE-2015-5600, CVE-2015-7183, CVE-2015-7181, CVE-2015-7182)

Summary Multiple Vulnerabilities in libxml, OpenSSH, Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance. Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error in the...

Security Bulletin: Vulnerability in libxml, openssh, PAM, Firefox, affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Summary Vulnerability in libxml, openssh, PAM, Firefox, affects IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance CVE-2015-1819, CVE-2015-3238, CVE-2015-5600 and others. Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by...

Security Bulletin: A libxml vulnerability affects IBM Security Access Manager for Mobile (CVE-2015-1819)

Summary IBM Security Access Manager for Mobile is affected by a denial of service vulnerability in libxml2. Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error in the xmlreader when processing XM...

Security Bulletin: A vulnerability in Libxml affects IBM Security Network Protection (CVE-2015-1819)

Summary The Libxml library is a development toolbox providing the implementation of various XML standards. A security vulnerability has been discovered in Libxml used with IBM Security Network Protection. Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of...

Security Bulletin: A vulnerability in XML processing affects IBM DataPower Gateways (CVE-2015-1819)

Summary IBM DataPower Gateways has addressed a vulnerability in parsing certain XML files that could cause a denial of service. Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error in the xmlreade...

Nokogiri gem, via libxml, is affected by DoS vulnerabilities

The version of libxml2 packaged with Nokogiri contains a vulnerability. Nokogiri has mitigated these issue by upgrading to libxml 2.9.6. It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consum...

Nokogiri gem, via libxml, is affected by DoS vulnerabilities

The version of libxml2 packaged with Nokogiri contains a vulnerability. Nokogiri has mitigated these issue by upgrading to libxml 2.9.5. Wei Lei discovered that libxml2 incorrecty handled certain parameter entities. An attacker could use this issue with specially constructed XML data to cause...

SUSE SLES11 Security Update : perl-XML-LibXML (SUSE-SU-2018:0170-1)

This update for perl-XML-LibXML fixes the following issues : - CVE-2017-10672: A use-after-free allowed remote attackers to potentially execute arbitrary code by controlling the arguments to a replaceChild call bsc1046848 Note that Tenable Network Security has extracted the preceding description...

SUSE-SU-2018:0170-1 Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issues: - CVE-2017-10672: A use-after-free allowed remote attackers to potentially execute arbitrary code by controlling the arguments to a replaceChild call bsc1046848...

openSUSE Security Update : perl-XML-LibXML (openSUSE-2018-60)

This update for perl-XML-LibXML fixes the following issues : Security issue fixed : - CVE-2017-10672: Fix use-after-free that allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call bsc1046848. This update was imported from the SUSE:SLE-12:Update upda...

SUSE SLED12 / SLES12 Security Update : perl-XML-LibXML (SUSE-SU-2018:0123-1)

This update for perl-XML-LibXML fixes the following issues: Security issue fixed : - CVE-2017-10672: Fix use-after-free that allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call bsc1046848. Note that Tenable Network Security has extracted the...

[ASA-201801-15] perl-xml-libxml: arbitrary code execution

Arch Linux Security Advisory ASA-201801-15 ========================================== Severity: High Date : 2018-01-18 CVE-ID : CVE-2017-10672 Package : perl-xml-libxml Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-501 Summary ======= The package...

SUSE-SU-2018:0123-1 Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issues: Security issue fixed: - CVE-2017-10672: Fix use-after-free that allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call bsc1046848...