Lucene search
SuseOPENSUSE-SU-2016:1594-1HistoryJun 16, 2016 - 1:08 p.m.
Security update for libxml2 (important)
2016-06-1613:08:21
lists.opensuse.org
36
0.033 Low
EPSS
Percentile
90.3%
This update brings libxml2 to version 2.9.4.
These security issues were fixed:
- CVE-2016-3627: The xmlStringGetNodeList function in tree.c, when used in
recovery mode, allowed context-dependent attackers to cause a denial of
service (infinite recursion, stack consumption, and application crash)
via a crafted XML document (bsc#972335). - CVE-2016-1833: libxml2 allowed remote attackers to execute arbitrary
code or cause a denial of service (memory corruption) via a crafted XML
document, a different vulnerability than CVE-2016-1834, CVE-2016-1836,
CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840
(bsc#981108). - CVE-2016-1835: libxml2 allowed remote attackers to execute arbitrary
code or cause a denial of service (memory corruption) via a crafted XML
document (bsc#981109). - CVE-2016-1837: libxml2 allowed remote attackers to execute arbitrary
code or cause a denial of service (memory corruption) via a crafted XML
document, a different vulnerability than CVE-2016-1833, CVE-2016-1834,
CVE-2016-1836, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840
(bsc#981111). - CVE-2016-1836: libxml2 allowed remote attackers to execute arbitrary
code or cause a denial of service (memory corruption) via a crafted XML
document, a different vulnerability than CVE-2016-1833, CVE-2016-1834,
CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840
(bsc#981110). - CVE-2016-1839: libxml2 allowed remote attackers to execute arbitrary
code or cause a denial of service (memory corruption) via a crafted XML
document, a different vulnerability than CVE-2016-1833, CVE-2016-1834,
CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1840
(bsc#981114). - CVE-2016-1838: libxml2 allowed remote attackers to execute arbitrary
code or cause a denial of service (memory corruption) via a crafted XML
document, a different vulnerability than CVE-2016-1833, CVE-2016-1834,
CVE-2016-1836, CVE-2016-1837, CVE-2016-1839, and CVE-2016-1840
(bsc#981112). - CVE-2016-1840: libxml2 allowed remote attackers to execute arbitrary
code or cause a denial of service (memory corruption) via a crafted XML
document, a different vulnerability than CVE-2016-1833, CVE-2016-1834,
CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1839
(bsc#981115). - CVE-2016-4483: out-of-bounds read parsing an XML using recover mode
(bnc#978395). - CVE-2016-1834: libxml2 allowed remote attackers to execute arbitrary
code or cause a denial of service (memory corruption) via a crafted XML
document, a different vulnerability than CVE-2016-1833, CVE-2016-1836,
CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840
(bsc#981041). - CVE-2016-3705: The (1) xmlParserEntityCheck and (2)
xmlParseAttValueComplex functions in parser.c in libxml2 did not
properly keep track of the recursion depth, which allowed
context-dependent attackers to cause a denial of service (stack
consumption and application crash) via a crafted XML document containing
a large number of nested entity references (bsc#975947). - CVE-2016-1762: libxml2 allowed remote attackers to execute arbitrary
code or cause a denial of service (memory corruption) via a crafted XML
document (bsc#981040).
This non-security issue was fixed:
- bnc#983288: Fix attribute decoding during XML schema validation
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 13.2 | x86_64 | libxml2-2 | < 2.9.4-7.17.1 | libxml2-2-2.9.4-7.17.1.x86_64.rpm |
| openSUSE | 13.2 | x86_64 | libxml2-2-32bit | < 2.9.4-7.17.1 | libxml2-2-32bit-2.9.4-7.17.1.x86_64.rpm |
| openSUSE | 13.2 | x86_64 | libxml2-devel | < 2.9.4-7.17.1 | libxml2-devel-2.9.4-7.17.1.x86_64.rpm |
| openSUSE | 13.2 | i586 | libxml2-2 | < 2.9.4-7.17.1 | libxml2-2-2.9.4-7.17.1.i586.rpm |
| openSUSE | 13.2 | x86_64 | libxml2-tools | < 2.9.4-7.17.1 | libxml2-tools-2.9.4-7.17.1.x86_64.rpm |
| openSUSE | 13.2 | i586 | python-libxml2 | < 2.9.4-7.17.1 | python-libxml2-2.9.4-7.17.1.i586.rpm |
| openSUSE | 13.2 | noarch | libxml2-doc | < 2.9.4-7.17.1 | libxml2-doc-2.9.4-7.17.1.noarch.rpm |
| openSUSE | 13.2 | i586 | libxml2-tools | < 2.9.4-7.17.1 | libxml2-tools-2.9.4-7.17.1.i586.rpm |
| openSUSE | 13.2 | x86_64 | libxml2-debugsource | < 2.9.4-7.17.1 | libxml2-debugsource-2.9.4-7.17.1.x86_64.rpm |
| openSUSE | 13.2 | i586 | libxml2-debugsource | < 2.9.4-7.17.1 | libxml2-debugsource-2.9.4-7.17.1.i586.rpm |
References
bugzilla.suse.com/972335
bugzilla.suse.com/975947
bugzilla.suse.com/978395
bugzilla.suse.com/981040
bugzilla.suse.com/981041
bugzilla.suse.com/981108
bugzilla.suse.com/981109
bugzilla.suse.com/981110
bugzilla.suse.com/981111
bugzilla.suse.com/981112
bugzilla.suse.com/981114
bugzilla.suse.com/981115
bugzilla.suse.com/983288
Related
archlinux
archlinux
libxml2: multiple issues
2016-05-26 00:00:00
openvas
openvas
openSUSE: Security Advisory for libxml2 (openSUSE-SU-2016:1594-1)
2016-06-17 00:00:00
Amazon Linux: Security Advisory (ALAS-2016-719)
2016-10-26 00:00:00
CentOS Update for libxml2 CESA-2016:1292 centos6
2016-06-24 00:00:00
nessus
nessus
openSUSE Security Update : libxml2 (openSUSE-2016-734)
2016-06-17 00:00:00
FreeBSD : libxml2 -- multiple vulnerabilities (e195679d-045b-4953-bb33-be0073ba2ac6)
2016-08-29 00:00:00
OracleVM 3.3 / 3.4 : libxml2 (OVMSA-2016-0087)
2016-06-24 00:00:00
freebsd
freebsd
libxml2 -- multiple vulnerabilities
2016-05-23 00:00:00
oraclelinux
oraclelinux
libxml2 security update
2016-06-23 00:00:00
ibm
ibm
debian
debian
[SECURITY] [DSA 3593-1] libxml2 security update
2016-06-02 20:28:31
[SECURITY] [DSA 3593-1] libxml2 security update
2016-06-02 20:28:31
[SECURITY] [DLA 503-1] libxml2 security update
2016-06-03 19:22:01
altlinux
altlinux
centos
centos
libxml2 security update
2016-06-23 15:28:21
redhat
redhat
(RHSA-2016:1292) Important: libxml2 security update
2016-06-23 08:21:08
amazon
amazon
Important: libxml2
2016-07-14 16:30:00
ubuntu
ubuntu
libxml2 vulnerabilities
2016-06-06 00:00:00
symantec
symantec
SA129 : Multiple libxml2 Vulnerabilities
2016-09-01 08:00:00
cloudfoundry
cloudfoundry
USN-2994-1 libxml2 vulnerabilities | Cloud Foundry
2016-06-13 00:00:00
suse
suse
Security update for libxml2 (important)
2016-06-16 13:10:48
Security update for libxml2 (important)
2016-06-17 15:08:25
Security update for libxml2 (important)
2016-06-09 18:07:56
mageia
mageia
Updated libxml2 packages fix security vulnerability
2016-07-27 00:59:16
Updated libxml2 packages fix security vulnerability
2016-05-20 14:38:30
fedora
fedora
[SECURITY] Fedora 25 Update: libxml2-2.9.4-2.fc25
2017-04-19 09:32:17
[SECURITY] Fedora 24 Update: libxml2-2.9.4-2.fc24
2017-04-19 07:53:28
osv
osv
redhatcve
redhatcve
prion
prion
Out-of-bounds
2017-04-11 16:59:00
Heap overflow
2016-05-20 10:59:00
Design/Logic Flaw
2016-05-17 14:08:00
debiancve
debiancve
f5
f5
K54225343 : libxml2 vulnerabilities CVE-2016-3627 and CVE-2016-3705
2016-07-18 00:00:00
SOL54225343 - libxml2 vulnerabilities CVE-2016-3627 and CVE-2016-3705
2016-07-18 00:00:00
K05937379 : libxml2 vulnerability CVE-2016-1837
2016-12-08 00:00:00
ubuntucve
ubuntucve
veracode
veracode
Vulnerable Through Use Of C Library
2017-04-12 01:37:48
Heap-based Buffer Overflow Through Embedded C Dependency
2017-05-17 06:47:14
Denial Of Service (DoS)
2018-05-23 08:03:32
cve
cve
gentoo
gentoo
libxml2: Multiple vulnerabilities
2017-01-16 00:00:00
hackerone
hackerone
Internet Bug Bounty: Multiple issues in Libxml2 (2.9.2 - 2.9.5)
2017-11-27 06:37:31
zdt
zdt
libxml2 - xmlDictAddString Heap Based Buffer Overread
2016-02-24 00:00:00
libxml2 - xmlParserPrintFileContextInternal Heap Based Buffer Overread
2016-02-24 00:00:00
apple
apple
About the security content of watchOS 2.2.1
2016-05-16 00:00:00
About the security content of watchOS 2.2.1 - Apple Support
2017-01-23 03:54:39
packetstorm
packetstorm
libxml 2.9.2 Stack Overflow
2016-05-03 00:00:00