libxml2-2.7.6-14.1.0.2.AXS4
エラータID: AXSA:2014-350:02
リリース日:
2014/05/22 Thursday - 20:38
題名:
libxml2-2.7.6-14.1.0.2.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libxml2 の parser.c には,正しく終了していないドキュメントによって,リモートの攻撃者がサービス拒否 (境界外の読み込み) を引き起こす脆弱性があります。(CVE-2013-2877)
- 現時点では CVE-2014-0191 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2013-2877
parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.
parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.
CVE-2014-0191
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.
追加情報:
N/A
ダウンロード:
SRPMS
- libxml2-2.7.6-14.1.0.2.AXS4.src.rpm
MD5: d3ef02ef551e1f0df7c106a56be06476
SHA-256: 3b01b78c505bd0342b2d55f146b4f7ab7bbebf43793bffe51c0b4c0e68d8366a
Size: 4.67 MB
Asianux Server 4 for x86
- libxml2-2.7.6-14.1.0.2.AXS4.i686.rpm
MD5: 5af88ef1ed3d12dbb6a79acf07b0527c
SHA-256: 2291c137c2ae66ec1fb03b931cf9c802c6a85f493b432f4923cb8f7da0b5cf24
Size: 799.84 kB - libxml2-devel-2.7.6-14.1.0.2.AXS4.i686.rpm
MD5: f8cf455813e80b4c17f7f16b31c0c2f7
SHA-256: e415b8309e67edbc49c8d57bcc47afe61fa0fc3d2b0d4960138b05487b22c785
Size: 1.06 MB - libxml2-python-2.7.6-14.1.0.2.AXS4.i686.rpm
MD5: 962349bc168b91cb9435fcb7c42a6c5f
SHA-256: f5b1d12db67a7b9bdcc00db71c919f9a1a09e886fcf201e885e456ededb85d08
Size: 314.13 kB
Asianux Server 4 for x86_64
- libxml2-2.7.6-14.1.0.2.AXS4.x86_64.rpm
MD5: 349733d13533bc7586e60014c3592d8c
SHA-256: c91080d235396b30f584553dd5524234ed53f1f227b2001bb3781778a658b4e5
Size: 799.15 kB - libxml2-devel-2.7.6-14.1.0.2.AXS4.x86_64.rpm
MD5: 95351cd0fc424cbcc3eb7feebe745de5
SHA-256: 8bffc745fcccd7042f000c8b9e055e647dac9cfbcf96f1c771b83ddeb7d897bd
Size: 1.06 MB - libxml2-python-2.7.6-14.1.0.2.AXS4.x86_64.rpm
MD5: bf17e7071fcf1d3877fabffe28590bca
SHA-256: b8dde8bbd1d5e90f62c63150d291db0dccaca79b7079238c2fab21534e6f3b72
Size: 320.61 kB - libxml2-2.7.6-14.1.0.2.AXS4.i686.rpm
MD5: 5af88ef1ed3d12dbb6a79acf07b0527c
SHA-256: 2291c137c2ae66ec1fb03b931cf9c802c6a85f493b432f4923cb8f7da0b5cf24
Size: 799.84 kB - libxml2-devel-2.7.6-14.1.0.2.AXS4.i686.rpm
MD5: f8cf455813e80b4c17f7f16b31c0c2f7
SHA-256: e415b8309e67edbc49c8d57bcc47afe61fa0fc3d2b0d4960138b05487b22c785
Size: 1.06 MB