Advisories ยป MGASA-2016-0263

Updated libxml2 packages fix security vulnerability

Publication date: 26 Jul 2016
Modification date: 26 Jul 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1762 , CVE-2016-1834 , CVE-2016-1833 , CVE-2016-1835 , CVE-2016-1836 , CVE-2016-1837 , CVE-2016-1838 , CVE-2016-1839 , CVE-2016-1840 , CVE-2015-8806 , CVE-2016-2073 , CVE-2016-4483 , CVE-2016-4447 , CVE-2016-4448 , CVE-2016-4449

Description

A heap-based buffer overflow flaw was found in the way libxml2 parsed
certain crafted XML input. A remote attacker could provide a specially
crafted XML file that, when opened in an application linked against
libxml2, would cause the application to crash or execute arbitrary code
with the permissions of the user running the application (CVE-2016-1834,
CVE-2016-1840).

Multiple denial of service flaws were found in libxml2. A remote attacker
could provide a specially crafted XML file that, when processed by an
application using libxml2, could cause that application to crash
(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836,
CVE-2016-1837, CVE-2016-1838, CVE-2016-1839,  CVE-2015-8806,
CVE-2016-2073, CVE-2016-4483, CVE-2016-4447, CVE-2016-4448,
CVE-2016-4449).

The libxml2 package has been updated to version 2.9.4, fixing these issues
and other bugs.

References

SRPMS

5/core