Lucene search

K
vmwareVMwareVMSA-2008-0017
HistoryOct 31, 2008 - 12:00 a.m.

Updated ESX packages for libxml2, ucd-snmp, libtiff

2008-10-3100:00:00
www.vmware.com
30

EPSS

0.97

Percentile

99.8%

a. Updated ESX Service Console package libxml2

A denial of service flaw was found in the way libxml2 processes
certain content. If an application that is linked against
libxml2 processes malformed XML content, the XML content might
cause the application to stop responding.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-3281 to this issue.
Additionally the following was also fixed, but was missing in the
security advisory.
A heap-based buffer overflow flaw was found in the way libxml2
handled long XML entity names. If an application linked against
libxml2 processed untrusted malformed XML content, it could cause
the application to crash or, possibly, execute arbitrary code.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-3529 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.