libxml2-2.7.6-20.1.0.1.AXS4
エラータID: AXSA:2016-021:01
Security issues fixed with this release:
CVE-2015-5312
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-7497
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-7498
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-7499
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-7500
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-7941
libxml2 2.9.2 does not properly stop parsing invalid input, which
allows context-dependent attackers to cause a denial of service
(out-of-bounds read and libxml2 crash) via crafted XML data to the (1)
xmlParseEntityDecl or (2) xmlParseConditionalSections function in
parser.c, as demonstrated by non-terminated entities.
CVE-2015-7942
The xmlParseConditionalSections function in parser.c in libxml2 does
not properly skip intermediary entities when it stops parsing invalid
input, which allows context-dependent attackers to cause a denial of
service (out-of-bounds read and crash) via crafted XML data, a
different vulnerability than CVE-2015-7941.
CVE-2015-8241
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-8242
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-8317
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Update packages.
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
N/A
SRPMS
- libxml2-2.7.6-20.1.0.1.AXS4.src.rpm
MD5: f3da49679e252b38712daf6a0be3b2ae
SHA-256: 9d6786ac19e183f01f425c6f590fb780a75c6bd1e0852f07cf1b0c7a2ff07ca9
Size: 4.69 MB
Asianux Server 4 for x86
- libxml2-2.7.6-20.1.0.1.AXS4.i686.rpm
MD5: c1b715f8278532bbecccff89389696cc
SHA-256: bcfc08193c24a597bb5a6b7efdfac79485c39e16f72b157ccc88cbecbc782a62
Size: 802.54 kB - libxml2-devel-2.7.6-20.1.0.1.AXS4.i686.rpm
MD5: 423f455a895cb3e20751c5ae8ef2d374
SHA-256: 8f568d1a6d65c506d9b0701b1cf9004bcecd635457725fb5307527dd51297fec
Size: 1.06 MB - libxml2-python-2.7.6-20.1.0.1.AXS4.i686.rpm
MD5: f3a54a44651f513dfbd4401064b3017c
SHA-256: e07199e8c2b241207a1869d1a5d778ddbfa2b5650b104fe0121012011583d2c7
Size: 315.73 kB
Asianux Server 4 for x86_64
- libxml2-2.7.6-20.1.0.1.AXS4.x86_64.rpm
MD5: 7f84bf996f318c7c77d0ceee8e63cd1e
SHA-256: 6335da44f0a1feed89f11469453cb1299b6bdd5d19fa63f3c31943d2ca31be8c
Size: 801.91 kB - libxml2-devel-2.7.6-20.1.0.1.AXS4.x86_64.rpm
MD5: 0d1fc8d84b7a9b7c140a3e883a3cd165
SHA-256: a70402e2a8297c98264548310f3fc78c305ca01c6429935aa968e42569029fc5
Size: 1.06 MB - libxml2-python-2.7.6-20.1.0.1.AXS4.x86_64.rpm
MD5: 29d7c4c905e8cf3bbe29da1e428c8253
SHA-256: 6d60a436be3f0015be5fe7faec9e2bcdcce29e98d14d8618c42c2624448ebb4a
Size: 322.19 kB - libxml2-2.7.6-20.1.0.1.AXS4.i686.rpm
MD5: c1b715f8278532bbecccff89389696cc
SHA-256: bcfc08193c24a597bb5a6b7efdfac79485c39e16f72b157ccc88cbecbc782a62
Size: 802.54 kB - libxml2-devel-2.7.6-20.1.0.1.AXS4.i686.rpm
MD5: 423f455a895cb3e20751c5ae8ef2d374
SHA-256: 8f568d1a6d65c506d9b0701b1cf9004bcecd635457725fb5307527dd51297fec
Size: 1.06 MB