[arch-security] [ASA-201605-27] libxml2: multiple issues
Arch Linux Security Advisory ASA-201605-27 ========================================== Severity: High Date : 2016-05-26 CVE-ID : CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 Package : libxml2 Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package libxml2 before version 2.9.4+0+gbdec218-2 is vulnerable to multiple issues including arbitrary code execution and denial of service. Resolution ========== Upgrade to 2.9.4+0+gbdec218-2. # pacman -Syu "libxml2>=2.9.4+0+gbdec218-2" The problems have been fixed upstream in version 2.9.4. Workaround ========== None. Description =========== - CVE-2016-1762 (denial of service) A vulnerability has been discovered that allows remote attackers to cause a denial of service (memory corruption) via a crafted XML document. - CVE-2016-1833 (denial of service) A maliciously crafted file could cause the application to crash due to a heap-based out-of-bounds memory read. - CVE-2016-1834 (arbitrary code execution) It has been discovered that a heap-buffer-overflow could happen in xmlStrncat. - CVE-2016-1835 (arbitrary code execution) It has been discovered that a maliciously crafted file could cause the application to crash due to a heap use-after-free in xmlSAX2AttributeNs. - CVE-2016-1836 (arbitrary code execution) It has been discovered that a heap-use-after free can happen in the xmlDictComputeFastKey. - CVE-2016-1837 (arbitrary code execution) It has been discovered that a maliciously crafted file could cause the application to crash due to a Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral. - CVE-2016-1838 (denial of service) It has been discovered that a heap-based buffer overread could happen in xmlParserPrintFileContextInternal - CVE-2016-1839 (denial of service) It has been discovered that a heap-based buffer overread could happen in xmlDictAddString. - CVE-2016-1840 (arbitrary code execution) It has been discovered that a heap-buffer overflow could happen in xmlFAParsePosCharGroup - CVE-2016-3627 (denial of service) A vulnerability was found in a way libxml2 parses certain files. With the libxml2 in recovery mode, a maliciously crafted filed could cause libxml2 to crash. - CVE-2016-3705 (arbitrary code execution) It is possible to trigger a stack overflow using a carefully crafted invalid XML file, the stack overflow occurs before libxml2 determines the XML file is invalid. - CVE-2016-4483 (denial of service) It has been discovered that parsing a maliciously crafted XML file could cause the application to crash if recover mode is used. Impact ====== A remote attacker is able to use a carefully crafted XML file that, when processed, is leading to denial of service or arbitrary code execution. References ========== https://access.redhat.com/security/cve/CVE-2016-1762 https://access.redhat.com/security/cve/CVE-2016-1833 https://access.redhat.com/security/cve/CVE-2016-1834 https://access.redhat.com/security/cve/CVE-2016-1835 https://access.redhat.com/security/cve/CVE-2016-1836 https://access.redhat.com/security/cve/CVE-2016-1837 https://access.redhat.com/security/cve/CVE-2016-1838 https://access.redhat.com/security/cve/CVE-2016-1839 https://access.redhat.com/security/cve/CVE-2016-1840 https://access.redhat.com/security/cve/CVE-2016-3627 https://access.redhat.com/security/cve/CVE-2016-3705 https://access.redhat.com/security/cve/CVE-2016-4483
participants (1)
-
Levente Polyak