[arch-security] [ASA-201605-27] libxml2: multiple issues

Levente Polyak anthraxx at archlinux.org
Thu May 26 17:27:48 UTC 2016


Arch Linux Security Advisory ASA-201605-27
==========================================

Severity: High
Date    : 2016-05-26
CVE-ID  : CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835
          CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839
          CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483
Package : libxml2
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package libxml2 before version 2.9.4+0+gbdec218-2 is vulnerable to
multiple issues including arbitrary code execution and denial of
service.

Resolution
==========

Upgrade to 2.9.4+0+gbdec218-2.

# pacman -Syu "libxml2>=2.9.4+0+gbdec218-2"

The problems have been fixed upstream in version 2.9.4.

Workaround
==========

None.

Description
===========

- CVE-2016-1762 (denial of service)

A vulnerability has been discovered that allows remote attackers to
cause a denial of service (memory corruption) via a crafted XML document.

- CVE-2016-1833 (denial of service)

A maliciously crafted file could cause the application to crash due to
a heap-based out-of-bounds memory read.

- CVE-2016-1834 (arbitrary code execution)

It has been discovered that a heap-buffer-overflow could happen in
xmlStrncat.

- CVE-2016-1835 (arbitrary code execution)

It has been discovered that a maliciously crafted file could cause the
application to crash due to a heap use-after-free in xmlSAX2AttributeNs.

- CVE-2016-1836 (arbitrary code execution)

It has been discovered that a heap-use-after free can happen in the
xmlDictComputeFastKey.

- CVE-2016-1837 (arbitrary code execution)

It has been discovered that a maliciously crafted file could cause the
application to crash due to a Heap use-after-free in
htmlParsePubidLiteral and htmlParseSystemiteral.

- CVE-2016-1838 (denial of service)

It has been discovered that a heap-based buffer overread could happen
in xmlParserPrintFileContextInternal

- CVE-2016-1839 (denial of service)

It has been discovered that a heap-based buffer overread could happen
in xmlDictAddString.

- CVE-2016-1840 (arbitrary code execution)

It has been discovered that a heap-buffer overflow could happen in
xmlFAParsePosCharGroup

- CVE-2016-3627 (denial of service)

A vulnerability was found in a way libxml2 parses certain files. With
the libxml2 in recovery mode, a maliciously crafted filed could cause
libxml2 to crash.

- CVE-2016-3705 (arbitrary code execution)

It is possible to trigger a stack overflow using a carefully crafted
invalid XML file, the stack overflow occurs before libxml2 determines
the XML file is invalid.

- CVE-2016-4483 (denial of service)

It has been discovered that parsing a maliciously crafted XML file
could cause the application to crash if recover mode is used.

Impact
======

A remote attacker is able to use a carefully crafted XML file that,
when processed, is leading to denial of service or arbitrary code
execution.

References
==========

https://access.redhat.com/security/cve/CVE-2016-1762
https://access.redhat.com/security/cve/CVE-2016-1833
https://access.redhat.com/security/cve/CVE-2016-1834
https://access.redhat.com/security/cve/CVE-2016-1835
https://access.redhat.com/security/cve/CVE-2016-1836
https://access.redhat.com/security/cve/CVE-2016-1837
https://access.redhat.com/security/cve/CVE-2016-1838
https://access.redhat.com/security/cve/CVE-2016-1839
https://access.redhat.com/security/cve/CVE-2016-1840
https://access.redhat.com/security/cve/CVE-2016-3627
https://access.redhat.com/security/cve/CVE-2016-3705
https://access.redhat.com/security/cve/CVE-2016-4483

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160526/5b488cfa/attachment.asc>


More information about the arch-security mailing list