Lucene search
DebianDEBIAN:DLA-151-1:ED039HistoryFeb 07, 2015 - 4:07 p.m.
[SECURITY] [DLA 151-1] libxml2 security update
2015-02-0716:07:17
lists.debian.org
16
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
6.9
Confidence
Low
EPSS
0.024
Percentile
90.1%
Package : libxml2
Version : 2.7.8.dfsg-2+squeeze11
CVE ID : CVE-2014-0191 CVE-2014-3660
Debian Bug : 768089
It was discovered that the update released for libxml2 in DSA 2978 fixing
CVE-2014-0191 was incomplete. This caused libxml2 to still fetch external
entities regardless of whether entity substitution or validation is
enabled.
In addition, this update addresses a regression introduced in DSA 3057 by
the patch fixing CVE-2014-3660. This caused libxml2 to not parse an
entity when it's used first in another entity referenced from an
attribute value.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 8 | i386 | libxml2-utils | < 2.9.1+dfsg1-5 | libxml2-utils_2.9.1+dfsg1-5_i386.deb |
| Debian | 7 | powerpc | libxml2-dbg | < 2.8.0+dfsg1-7+wheezy3 | libxml2-dbg_2.8.0+dfsg1-7+wheezy3_powerpc.deb |
| Debian | 7 | ia64 | libxml2-utils-dbg | < 2.8.0+dfsg1-7+wheezy3 | libxml2-utils-dbg_2.8.0+dfsg1-7+wheezy3_ia64.deb |
| Debian | 8 | kfreebsd-i386 | libxml2-utils-dbg | < 2.9.1+dfsg1-5 | libxml2-utils-dbg_2.9.1+dfsg1-5_kfreebsd-i386.deb |
| Debian | 8 | i386 | libxml2-dbg | < 2.9.1+dfsg1-5 | libxml2-dbg_2.9.1+dfsg1-5_i386.deb |
| Debian | 8 | mips | python-libxml2 | < 2.9.1+dfsg1-5 | python-libxml2_2.9.1+dfsg1-5_mips.deb |
| Debian | 7 | amd64 | libxml2 | < 2.8.0+dfsg1-7+wheezy3 | libxml2_2.8.0+dfsg1-7+wheezy3_amd64.deb |
| Debian | 7 | s390x | libxml2-dbg | < 2.8.0+dfsg1-7+wheezy3 | libxml2-dbg_2.8.0+dfsg1-7+wheezy3_s390x.deb |
| Debian | 6 | i386 | libxml2-utils | < 2.7.8.dfsg-2+squeeze11 | libxml2-utils_2.7.8.dfsg-2+squeeze11_i386.deb |
| Debian | 8 | mipsel | libxml2-utils-dbg | < 2.9.1+dfsg1-5 | libxml2-utils-dbg_2.9.1+dfsg1-5_mipsel.deb |
Related
openvas
openvas
Oracle: Security Advisory (ELSA-2015-0749)
2015-10-06 00:00:00
Fedora Update for libxml2 FEDORA-2015-4658
2015-04-08 00:00:00
Fedora Update for libxml2 FEDORA-2015-4719
2015-04-12 00:00:00
ibm
ibm
fedora
fedora
[SECURITY] Fedora 21 Update: libxml2-2.9.1-7.fc21
2015-04-07 07:30:19
[SECURITY] Fedora 20 Update: libxml2-2.9.1-4.fc20
2015-04-11 09:07:39
[SECURITY] Fedora 20 Update: mingw-libxml2-2.9.2-1.fc20
2015-01-02 05:01:49
osv
osv
libxml2 - security update
2015-02-07 00:00:00
libxml2 - security update
2014-07-11 00:00:00
libxml2 - security update
2014-10-29 00:00:00
nessus
nessus
Debian DLA-80-1 : libxml2 security update
2015-03-26 00:00:00
Fedora 20 : libxml2-2.9.1-4.fc20 (2015-4719)
2015-04-13 00:00:00
Debian DLA-151-1 : libxml2 security update
2015-03-26 00:00:00
debian
debian
[SECURITY] [DLA 80-1] libxml2 security update
2014-10-29 21:33:56
[SECURITY] [DSA 2978-2] libxml2 security update
2015-02-06 22:40:48
[DLA-0016-1] libxml2 security update
2014-07-19 15:07:28
archlinux
archlinux
libxml2: Denial of service
2014-10-24 00:00:00
oraclelinux
oraclelinux
libxml2 security update
2015-03-30 00:00:00
libxml2 security update
2014-11-20 00:00:00
libxml2 security update
2014-10-16 00:00:00
freebsd
freebsd
libxml2 -- entity substitution DoS
2013-12-03 00:00:00
libxml2 -- Denial of service
2014-10-16 00:00:00
redhat
redhat
(RHSA-2015:0749) Moderate: libxml2 security update
2015-03-30 00:00:00
(RHSA-2014:1885) Moderate: libxml2 security update
2014-11-20 00:00:00
(RHSA-2014:1655) Moderate: libxml2 security update
2014-10-16 00:00:00
centos
centos
libxml2 security update
2015-04-01 03:26:34
libxml2 security update
2014-10-21 15:08:38
libxml2 security update
2014-11-20 21:10:50
debiancve
debiancve
mageia
mageia
Updated libxml2 packages fix CVE-2014-0191
2014-05-10 23:46:24
Updated libxml2 packages fix security vulnerability
2014-10-23 17:27:57
Updated kdelibs4 packages fix security vulnerability and various bugs
2014-08-12 13:16:46
prion
prion
Design/Logic Flaw
2015-01-21 14:59:00
Privilege escalation
2014-11-04 16:55:00
Code injection
2015-12-15 21:59:00
veracode
veracode
XML External Entities (XXE)
2018-08-06 02:11:43
Denial Of Service (DoS)
2018-08-13 07:27:07
Denial Of Service (DoS)
2019-01-15 09:02:26
ubuntucve
ubuntucve
securityvulns
securityvulns
libxml2 DoS
2014-05-07 00:00:00
libxml DoS
2014-10-27 00:00:00
[ MDVSA-2014:204 ] libxml2
2014-10-27 00:00:00
gentoo
gentoo
libxml2: Denial of service
2014-09-19 00:00:00
libxml2: Denial of service
2014-12-10 00:00:00
ubuntu
ubuntu
libxml2 vulnerability
2014-05-15 00:00:00
libxml2 vulnerability
2014-10-27 00:00:00
nvd
nvd
cve
cve
amazon
amazon
Medium: libxml2
2014-05-21 10:31:00
Medium: libxml2
2014-11-11 10:26:00
cvelist
cvelist
aix
aix
AIX libxml2 vulnerability,VIOS libxml2 vulnerability
2014-08-15 10:26:30
f5
f5
K15872 : libxml2 vulnerability CVE-2014-3660
2015-09-16 00:00:00
SOL15872 - libxml2 vulnerability CVE-2014-3660
2014-12-04 00:00:00
exploitpack
exploitpack
eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection
2015-10-30 00:00:00
exploitdb
exploitdb
eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection
2015-10-30 00:00:00
github
github
Nokogiri subject to DoS via libxml2 vulnerability
2018-08-21 19:03:04
vmware
vmware
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
6.9
Confidence
Low
EPSS
0.024
Percentile
90.1%
Related for DEBIAN:DLA-151-1:ED039