| Errata ID | 399 |
|---|---|
| Date | 2016-02-05 |
| Source package | libxml2 |
| Fixed in version | 2.8.0+dfsg1-7.52.201601281723 |
| Description | A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or crash the application. This update addresses the following issue(s): * Denial of service processing a crafted XML document (CVE-2015-1819) * Out-of-bounds memory access (CVE-2015-7941) * Heap-buffer-overflow in xmlParseConditionalSections (CVE-2015-7942) * Denial of service if xz enabled (CVE-2015-8035) * Denial of service (CPU consumption) in xmlStringLenDecodeEntities when processing specially crafted XML input (CVE-2015-5312) * Denial of service due to heap-based buffer overflow in the xmlDictComputeFastQKey (CVE-2015-7497) * Denial of service due to heap-based buffer overflow in xmlParseXmlDecl (CVE-2015-7498) * Information discosure due to heap-based buffer overflow in the xmlGROW (CVE-2015-7499) * Denial of service due to out-of-bounds heap read in xmlParseMisc (CVE-2015-7500) * Denial of service (heap-based buffer over-read and application crash) via crafted XML data due to Buffer overread with XML parser in xmlNextChar (CVE-2015-8241) * Out-of-bounds heap read when parsing file with unfinished xml declaration (CVE-2015-8317) |
| Additional notes | |
| CVE ID | CVE-2015-1819 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-8241 CVE-2015-8317 |
| UCS Bug number | #38907 |
