FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxml2 -- multiple vulnerabilities

Affected packages
libxml2 < 2.9.3

Details

VuXML ID e5423caf-8fb8-11e5-918c-bcaec565249c
Discovery 2015-11-20
Entry 2015-11-20

reports:

CVE-2015-5312 Another entity expansion issue (David Drysdale).

CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey (David Drysdale).

CVE-2015-7498 Avoid processing entities after encoding conversion failures (Daniel Veillard).

CVE-2015-7499 (1) Add xmlHaltParser() to stop the parser (Daniel Veillard).

CVE-2015-7499 (2) Detect incoherency on GROW (Daniel Veillard).

CVE-2015-7500 Fix memory access error due to incorrect entities boundaries (Daniel Veillard).

CVE-2015-7941 (1) Stop parsing on entities boundaries errors (Daniel Veillard).

CVE-2015-7941 (2) Cleanup conditional section error handling (Daniel Veillard).

CVE-2015-7942 Another variation of overflow in Conditional sections (Daniel Veillard).

CVE-2015-7942 (2) Fix an error in previous Conditional section patch (Daniel Veillard).

CVE-2015-8035 Fix XZ compression support loop (Daniel Veillard).

CVE-2015-8242 Buffer overead with HTML parser in push mode (Hugh Davenport)

[source]

References

CVE Name CVE-2015-5312
CVE Name CVE-2015-7497
CVE Name CVE-2015-7498
CVE Name CVE-2015-7499
CVE Name CVE-2015-7500
CVE Name CVE-2015-7941
CVE Name CVE-2015-7942
CVE Name CVE-2015-8035
CVE Name CVE-2015-8241
CVE Name CVE-2015-8242
URL http://www.openwall.com/lists/oss-security/2015/11/18/23
URL http://xmlsoft.org/news.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.