Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:853E5589D5EE11B72526D65C16FA38B8
HistoryFeb 20, 2020 - 12:00 a.m.

USN-4274-1: libxml2 vulnerabilities | Cloud Foundry

2020-02-2000:00:00
Cloud Foundry
www.cloudfoundry.org
19

0.006 Low

EPSS

Percentile

78.5%

JSON

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04
  • Canonical Ubuntu 16.04
  • Canonical Ubuntu 18.04

Description

It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-19956, CVE-2020-7595)

CVEs contained in this USN include: CVE-2019-19956, CVE-2020-7595.

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • cflinuxfs3
    • All versions prior to 0.163.0
  • Xenial Stemcells
    • 621.x versions prior to 621.57
    • 456.x versions prior to 456.98
    • 315.x versions prior to 315.169
    • 250.x versions prior to 250.183
    • 170.x versions prior to 170.203
    • 97.x versions prior to 97.232
    • All other stemcells not listed.
  • CF Deployment 
    •   * All versions prior to v12.33.0

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

  • cflinuxfs3
  • *       * Upgrade All versions to 0.163.0 or greater
  • Xenial Stemcells
    • Upgrade 621.x versions to 621.57 or greater
    • Upgrade 456.x versions to 456.98 or greater
    • Upgrade 315.x versions to 315.169 or greater
    • Upgrade 250.x versions to 250.183 or greater
    • Upgrade 170.x versions to 170.203 or greater
    • Upgrade 97.x versions to 97.232 or greater
    • All other stemcells should be upgraded to the latest version available on bosh.io.
  • CF Deployment
    • Upgrade All versions to v12.33.0 or greater

References

History

2020-02-10: Initial vulnerability report published.

Related

nessus 50
openvas 30
ics 2
ubuntu 1
fedora 5
redhat 22
oraclelinux 2
ibm 10
photon 6
centos 1
amazon 2
almalinux 1
suse 2
mageia 3
cvelist 2
alpinelinux 2
cve 2
prion 2
redhatcve 2
ubuntucve 2
veracode 2
debiancve 2
nvd 2
osv 6
debian 2
cbl_mariner 1
github 2
f5 1
rubygems 1
gentoo 1
archlinux 1
altlinux 2
freebsd 2
tenable 1
oracle 5
nessus
nessus
Photon OS 1.0: Libxml2 PHSA-2020-1.0-0271
2020-02-06 00:00:00
Photon OS 3.0: Libxml2 PHSA-2020-3.0-0055
2020-02-06 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS : libxml2 vulnerabilities (USN-4274-1)
2020-02-12 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4274-1)
2020-02-11 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1670)
2020-06-16 00:00:00
Fedora: Security Advisory for mingw-libxml2 (FEDORA-2020-7694e8be73)
2020-05-02 00:00:00
ics
ics
Siemens SINEMA Remote Connect Server
2021-04-13 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
ubuntu
ubuntu
libxml2 vulnerabilities
2020-02-10 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: mingw-libxml2-2.9.10-1.fc32
2020-05-01 04:08:08
[SECURITY] Fedora 30 Update: libxml2-2.9.10-3.fc30
2020-04-30 02:51:35
[SECURITY] Fedora 31 Update: mingw-libxml2-2.9.10-3.fc31
2020-09-19 22:45:29
redhat
redhat
(RHSA-2020:4479) Moderate: libxml2 security update
2020-11-03 12:08:23
(RHSA-2020:3996) Moderate: libxml2 security and bug fix update
2020-09-29 07:49:53
(RHSA-2020:2646) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update
2020-06-22 13:04:38
oraclelinux
oraclelinux
libxml2 security and bug fix update
2020-10-06 00:00:00
libxml2 security update
2020-11-10 00:00:00
ibm
ibm
Security Bulletin: IBM MQ Appliance is affected by libxml2 vulnerabilities (CVE-2019-19956, CVE-2019-20388, CVE-2020-7595)
2021-01-20 12:25:59
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in Libxml2
2023-12-07 22:45:08
Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by vulnerabilities in libxml2
2021-06-21 20:35:29
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0271
2020-02-05 00:00:00
Important Photon OS Security Update - PHSA-2020-0271
2020-02-05 00:00:00
Important Photon OS Security Update - PHSA-2020-0203
2020-01-30 00:00:00
centos
centos
libxml2 security update
2020-10-20 18:27:26
amazon
amazon
Medium: libxml2
2020-10-26 18:09:00
Medium: libxml2
2020-10-22 18:25:00
almalinux
almalinux
Moderate: libxml2 security update
2020-11-03 12:08:23
suse
suse
Security update for libxml2 (moderate)
2020-05-23 00:00:00
Security update for libxml2 (moderate)
2020-06-08 00:00:00
mageia
mageia
Updated libxml2 packages fix security vulnerability
2020-07-05 01:47:21
Updated libxml2 packages fix security vulnerability
2020-01-05 18:37:51
Updated libxml2_2 packages fix security vulnerabilities
2020-02-25 00:44:46
cvelist
cvelist
CVE-2019-19956
2019-12-24 15:12:57
CVE-2020-7595
2020-01-21 22:54:14
alpinelinux
alpinelinux
CVE-2019-19956
2019-12-24 16:15:11
CVE-2020-7595
2020-01-21 23:15:13
cve
cve
CVE-2019-19956
2019-12-24 16:15:11
CVE-2020-7595
2020-01-21 23:15:13
prion
prion
Memory corruption
2019-12-24 16:15:00
Design/Logic Flaw
2020-01-21 23:15:00
redhatcve
redhatcve
CVE-2019-19956
2020-01-08 09:59:17
CVE-2020-7595
2020-02-06 19:14:18
ubuntucve
ubuntucve
CVE-2019-19956
2019-12-24 00:00:00
CVE-2020-7595
2020-01-21 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-01-21 03:40:01
Denial Of Service (DoS)
2020-01-22 13:00:16
debiancve
debiancve
CVE-2019-19956
2019-12-24 16:15:11
CVE-2020-7595
2020-01-21 23:15:13
nvd
nvd
CVE-2019-19956
2019-12-24 16:15:11
CVE-2020-7595
2020-01-21 23:15:13
osv
osv
libxml2 - security update
2019-12-28 00:00:00
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation
2020-02-24 19:12:36
libxml2 - security update
2020-09-09 00:00:00
debian
debian
[SECURITY] [DLA 2048-1] libxml2 security update
2019-12-28 17:59:43
[SECURITY] [DLA 2369-1] libxml2 security update
2020-09-09 22:41:50
cbl_mariner
cbl_mariner
CVE-2020-7595 affecting package libxml2 2.9.10-4
2020-10-08 18:09:52
github
github
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation
2020-02-24 19:12:36
Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.12
2021-05-17 20:52:05
f5
f5
K04460334 : libxml2 2.9.10 vulnerability CVE-2020-7595
2021-04-16 00:00:00
rubygems
rubygems
libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
2020-02-11 21:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2020-10-20 00:00:00
archlinux
archlinux
[ASA-202011-15] libxml2: multiple issues
2020-11-17 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.10-alt4
2020-11-06 00:00:00
Security fix for the ALT Linux 9 package libxml2 version 1:2.9.10-alt4
2020-11-09 00:00:00
freebsd
freebsd
libxml -- multiple vulnerabilities
2020-01-21 00:00:00
Gitlab -- Multiple Vulnerabilities
2020-04-30 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
oracle
oracle
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2020
2020-07-14 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00

0.006 Low

EPSS

Percentile

78.5%

JSON
Related for CFOUNDRY:853E5589D5EE11B72526D65C16FA38B8
nessus50openvas30ics2ubuntu1fedora5redhat22oraclelinux2ibm10photon6centos1amazon2almalinux1suse2mageia3cvelist2alpinelinux2cve2prion2redhatcve2ubuntucve2veracode2debiancve2nvd2osv6debian2cbl_mariner1github2f51rubygems1gentoo1archlinux1altlinux2freebsd2tenable1oracle5