CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
Confidence
Low
EPSS
Percentile
90.1%
Package : libxml2
Version : 2.7.8.dfsg-2+squeeze11
CVE ID : CVE-2014-0191 CVE-2014-3660
Debian Bug : 768089
It was discovered that the update released for libxml2 in DSA 2978 fixing
CVE-2014-0191 was incomplete. This caused libxml2 to still fetch external
entities regardless of whether entity substitution or validation is
enabled.
In addition, this update addresses a regression introduced in DSA 3057 by
the patch fixing CVE-2014-3660. This caused libxml2 to not parse an
entity when it's used first in another entity referenced from an
attribute value.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | i386 | libxml2-utils | < 2.9.1+dfsg1-5 | libxml2-utils_2.9.1+dfsg1-5_i386.deb |
Debian | 7 | powerpc | libxml2-dbg | < 2.8.0+dfsg1-7+wheezy3 | libxml2-dbg_2.8.0+dfsg1-7+wheezy3_powerpc.deb |
Debian | 7 | ia64 | libxml2-utils-dbg | < 2.8.0+dfsg1-7+wheezy3 | libxml2-utils-dbg_2.8.0+dfsg1-7+wheezy3_ia64.deb |
Debian | 8 | kfreebsd-i386 | libxml2-utils-dbg | < 2.9.1+dfsg1-5 | libxml2-utils-dbg_2.9.1+dfsg1-5_kfreebsd-i386.deb |
Debian | 8 | i386 | libxml2-dbg | < 2.9.1+dfsg1-5 | libxml2-dbg_2.9.1+dfsg1-5_i386.deb |
Debian | 8 | mips | python-libxml2 | < 2.9.1+dfsg1-5 | python-libxml2_2.9.1+dfsg1-5_mips.deb |
Debian | 7 | amd64 | libxml2 | < 2.8.0+dfsg1-7+wheezy3 | libxml2_2.8.0+dfsg1-7+wheezy3_amd64.deb |
Debian | 7 | s390x | libxml2-dbg | < 2.8.0+dfsg1-7+wheezy3 | libxml2-dbg_2.8.0+dfsg1-7+wheezy3_s390x.deb |
Debian | 6 | i386 | libxml2-utils | < 2.7.8.dfsg-2+squeeze11 | libxml2-utils_2.7.8.dfsg-2+squeeze11_i386.deb |
Debian | 8 | mipsel | libxml2-utils-dbg | < 2.9.1+dfsg1-5 | libxml2-utils-dbg_2.9.1+dfsg1-5_mipsel.deb |