IBM MQ Appliance has addressed multiple libxml2 vulnerabilities.
CVEID:CVE-2015-8035
**DESCRIPTION:**libxml2 is vulnerable to a denial of service, caused by the failure to properly detect compression errors by the xz_decomp function. By using specially-crafted XML data, a local attacker could exploit this vulnerability to cause the process to hang.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/107845 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2017-15412
**DESCRIPTION:**Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in libXML. By persuading a victim to visit a specially-crafted website, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/136046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID:CVE-2017-18258
**DESCRIPTION:**libxml2 is vulnerable to a denial of service, caused by a flaw in the xz_head function in xzlib.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/141432 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2018-14567
**DESCRIPTION:**libxml2 is vulnerable to a denial of service, caused by an error in xzlib.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148541 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM MQ Appliance | 9.1 LTS |
IBM MQ Appliance | 9.1 CD |
IBM MQ Appliance 9.1 LTS
Apply fixpack 9.1.0.6, or later.
IBM MQ Appliance 9.1 CD
Apply IBM MQ Appliance 9.2, or later.
None