- Home
- CVEs with nessus.description==This update brings libxml2 to version 2.9.4.
These security issues were fixed :
- CVE-2016-3627: The xmlStringGetNodeList function in
tree.c, when used in recovery mode, allowed
context-dependent attackers to cause a denial of service
(infinite recursion, stack consumption, and application
crash) via a crafted XML document (bsc#972335).
- CVE-2016-1833: libxml2 allowed remote attackers to
execute arbitrary code or cause a denial of service
(memory corruption) via a crafted XML document, a
different vulnerability than CVE-2016-1834,
CVE-2016-1836, CVE-2016-1837, CVE-2016-1838,
CVE-2016-1839, and CVE-2016-1840 (bsc#981108).
- CVE-2016-1835: libxml2 allowed remote attackers to
execute arbitrary code or cause a denial of service
(memory corruption) via a crafted XML document
(bsc#981109).
- CVE-2016-1837: libxml2 allowed remote attackers to
execute arbitrary code or cause a denial of service
(memory corruption) via a crafted XML document, a
different vulnerability than CVE-2016-1833,
CVE-2016-1834, CVE-2016-1836, CVE-2016-1838,
CVE-2016-1839, and CVE-2016-1840 (bsc#981111).
- CVE-2016-1836: libxml2 allowed remote attackers to
execute arbitrary code or cause a denial of service
(memory corruption) via a crafted XML document, a
different vulnerability than CVE-2016-1833,
CVE-2016-1834, CVE-2016-1837, CVE-2016-1838,
CVE-2016-1839, and CVE-2016-1840 (bsc#981110).
- CVE-2016-1839: libxml2 allowed remote attackers to
execute arbitrary code or cause a denial of service
(memory corruption) via a crafted XML document, a
different vulnerability than CVE-2016-1833,
CVE-2016-1834, CVE-2016-1836, CVE-2016-1837,
CVE-2016-1838, and CVE-2016-1840 (bsc#981114).
- CVE-2016-1838: libxml2 allowed remote attackers to
execute arbitrary code or cause a denial of service
(memory corruption) via a crafted XML document, a
different vulnerability than CVE-2016-1833,
CVE-2016-1834, CVE-2016-1836, CVE-2016-1837,
CVE-2016-1839, and CVE-2016-1840 (bsc#981112).
- CVE-2016-1840: libxml2 allowed remote attackers to
execute arbitrary code or cause a denial of service
(memory corruption) via a crafted XML document, a
different vulnerability than CVE-2016-1833,
CVE-2016-1834, CVE-2016-1836, CVE-2016-1837,
CVE-2016-1838, and CVE-2016-1839 (bsc#981115).
- CVE-2016-4483: out-of-bounds read parsing an XML using
recover mode (bnc#978395).
- CVE-2016-1834: libxml2 allowed remote attackers to
execute arbitrary code or cause a denial of service
(memory corruption) via a crafted XML document, a
different vulnerability than CVE-2016-1833,
CVE-2016-1836, CVE-2016-1837, CVE-2016-1838,
CVE-2016-1839, and CVE-2016-1840 (bsc#981041).
- CVE-2016-3705: The (1) xmlParserEntityCheck and (2)
xmlParseAttValueComplex functions in parser.c in libxml2
did not properly keep track of the recursion depth,
which allowed context-dependent attackers to cause a
denial of service (stack consumption and application
crash) via a crafted XML document containing a large
number of nested entity references (bsc#975947).
- CVE-2016-1762: libxml2 allowed remote attackers to
execute arbitrary code or cause a denial of service
(memory corruption) via a crafted XML document
(bsc#981040).
This non-security issue was fixed :
- bnc#983288: Fix attribute decoding during XML schema
validation
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top