[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 373-1] libxml2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libxml2
Version        : 2.7.8.dfsg-2+squeeze16
CVE ID         : CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499
                 CVE-2015-7500

Several vulnerabilities were discovered in libxml2, a library providing
support to read, modify and write XML and HTML files. A remote attacker
could provide a specially crafted XML or HTML file that, when processed
by an application using libxml2, would cause that application to use an
excessive amount of CPU, leak potentially sensitive information, or
crash the application.

CVE-2015-5312: CPU exhaustion when processing specially crafted XML input.
CVE-2015-7497: Heap-based buffer overflow in xmlDictComputeFastQKey.
CVE-2015-7498: Heap-based buffer overflow in xmlParseXmlDecl.
CVE-2015-7499: Heap-based buffer overflow in xmlGROW.
CVE-2015-7500: Heap buffer overflow in xmlParseMisc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJWfpFYXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHJKwP/1xnwIvOK3v0EZZL4eKg0voJ
vAm9Fu1fWOBmj59vBSxN1GHipdeZ5uQK7/fRI8/WgmMlLbEOZ+4c1Jop4D2djKqp
bSTFYeBe7zJBzUZd/gc7gy0Q+xdpBK02s+wGpyAR0nhKdlw/IhwajX1TUMg7RN9r
I+UX966sQDVIJxd1fJBn8PeJ4onpCOcWOfGbRWUxmBDJcdFKqCp1h4ss5kUfAeUa
BV1XdruNBUl50tn8jG/28LACxEnpACbgQTVqEzZ/QpDPnopoUQpc5yvT7P10adSv
3dJJPWKG8tla9XNemJQAIEEGtEYvoOU8W9/Uvn+Vg83CgEMdp3VDtPAyhtaVJmAM
ebcTs/HQzbkYU6J2aCS9r4fNo42BUX05d+fJ6rB0tKIe2mpitlqauJAwGGQcLHri
u7WexIMd4A4koXl7gliooiV/R3g3xd3PGCG02KzRgD+wpgnoiFGgcDzSZ0F+3eM7
HXOBOI7HwAZJWTb9RJjoBrevCsO0fQEXF2Yf69AgAGwkYbwV8SNOAgNspEzKV2/x
UNKSz972UfxHwjKGQmPSPRIhj5iBRxGDSJGLBchVXkctPQVkHwHankt87ssEfNfY
x0ekWbCzGS2bZTtW0DbukNxSumk3pyprsulBmpLy+mUKCtLdUcilHibtHMCZIDkH
Ecok3PDXYABmZKHb12pK
=DJwq
-----END PGP SIGNATURE-----


Reply to: