|Category:||Debian Local Security Checks|
|Title:||Debian LTS: Security Advisory for libxml2 (DLA-2369-1)|
|Summary:||The remote host is missing an update for the 'libxml2'; package(s) announced via the DLA-2369-1 advisory.|
The remote host is missing an update for the 'libxml2'
package(s) announced via the DLA-2369-1 advisory.
Several security vulnerabilities were corrected in libxml2, the GNOME
Global buffer-overflow in the htmlParseTryOrFinish function.
The xz_head function in libxml2 allows remote attackers to cause a
denial of service (memory consumption) via a crafted LZMA file,
because the decoder functionality does not restrict memory usage to
what is required for a legitimate file.
A NULL pointer dereference vulnerability exists in the
xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an
invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.
Applications processing untrusted XSL format inputs may be
vulnerable to a denial of service attack.
If the option --with-lzma is used, allows remote attackers to cause
a denial of service (infinite loop) via a crafted XML file.
The xmlParseBalancedChunkMemoryRecover function has a memory leak
related to newDoc->oldNs.
A memory leak was found in the xmlSchemaValidateStream function of
libxml2. Applications that use this library may be vulnerable to
memory not being freed leading to a denial of service.
Infinite loop in xmlStringLenDecodeEntities can cause a denial of
Out-of-bounds read restricted to xmllint --htmlout.
'libxml2' package(s) on Debian Linux.
For Debian 9 stretch, these problems have been fixed in version
We recommend that you upgrade your libxml2 packages.
Common Vulnerability Exposure (CVE) ID: CVE-2017-8872|
Common Vulnerability Exposure (CVE) ID: CVE-2020-7595
SuSE Security Announcement: openSUSE-SU-2020:0681 (Google Search)
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.