Lucene search
UbuntuUSN-2214-1HistoryMay 15, 2014 - 12:00 a.m.
libxml2 vulnerability
2014-05-1500:00:00
ubuntu.com
62
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
AI Score
8.4
Confidence
High
EPSS
0.024
Percentile
90.1%
Releases
- Ubuntu 14.04 ESM
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04
- Ubuntu 10.04
Packages
- libxml2 - GNOME XML library
Details
Daniel Berrange discovered that libxml2 would incorrectly perform entity
substitution even when requested not to. If a user or automated system were
tricked into opening a specially crafted document, an attacker could
possibly cause resource consumption, resulting in a denial of service.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.04 | noarch | libxml2 | < 2.9.1+dfsg1-3ubuntu4.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libxml2-dbg | < 2.9.1+dfsg1-3ubuntu4.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libxml2-dev | < 2.9.1+dfsg1-3ubuntu4.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libxml2-udeb | < 2.9.1+dfsg1-3ubuntu4.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libxml2-utils | < 2.9.1+dfsg1-3ubuntu4.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libxml2-utils-dbg | < 2.9.1+dfsg1-3ubuntu4.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | python-libxml2 | < 2.9.1+dfsg1-3ubuntu4.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | python-libxml2-dbg | < 2.9.1+dfsg1-3ubuntu4.1 | UNKNOWN |
| Ubuntu | 13.10 | noarch | libxml2 | < 2.9.1+dfsg1-3ubuntu2.1 | UNKNOWN |
| Ubuntu | 13.10 | noarch | libxml2-dbg | < 2.9.1+dfsg1-3ubuntu2.1 | UNKNOWN |
References
Related
centos
centos
libxml2 security update
2015-04-01 03:26:34
libxml2 security update
2014-05-19 13:08:11
fedora
fedora
[SECURITY] Fedora 20 Update: mingw-libxml2-2.9.2-1.fc20
2015-01-02 05:01:49
[SECURITY] Fedora 21 Update: mingw-libxml2-2.9.2-1.fc21
2015-01-02 05:01:30
[SECURITY] Fedora 21 Update: libxml2-2.9.1-7.fc21
2015-04-07 07:30:19
debiancve
debiancve
CVE-2014-0191
2015-01-21 14:59:00
ibm
ibm
mageia
mageia
Updated libxml2 packages fix CVE-2014-0191
2014-05-10 23:46:24
Updated kdelibs4 packages fix security vulnerability and various bugs
2014-08-12 13:16:46
prion
prion
Design/Logic Flaw
2015-01-21 14:59:00
Design/Logic Flaw
2015-01-21 18:59:00
nessus
nessus
Amazon Linux AMI : libxml2 (ALAS-2014-341)
2014-10-12 00:00:00
openSUSE Security Update : libxml2 (openSUSE-SU-2014:0645-1)
2014-06-13 00:00:00
openvas
openvas
CentOS Update for libxml2 CESA-2015:0749 centos7
2015-04-01 00:00:00
Ubuntu: Security Advisory (USN-2214-1)
2014-05-19 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-341)
2015-09-08 00:00:00
debian
debian
[DLA-0016-1] libxml2 security update
2014-07-19 15:07:28
libxml2 security update
2014-07-19 14:43:46
[SECURITY] [DSA 2978-1] libxml2 security update
2014-07-11 14:29:53
freebsd
freebsd
libxml2 -- entity substitution DoS
2013-12-03 00:00:00
redhat
redhat
(RHSA-2015:0749) Moderate: libxml2 security update
2015-03-30 00:00:00
(RHSA-2014:0513) Moderate: libxml2 security update
2014-05-19 00:00:00
veracode
veracode
XML External Entities (XXE)
2018-08-06 02:11:43
ubuntucve
ubuntucve
CVE-2014-0191
2014-05-07 00:00:00
securityvulns
securityvulns
libxml2 DoS
2014-05-07 00:00:00
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
2014-12-11 00:00:00
APPLE-SA-2015-08-13-3 iOS 8.4.1
2015-08-17 00:00:00
gentoo
gentoo
libxml2: Denial of service
2014-09-19 00:00:00
nvd
nvd
cve
cve
amazon
amazon
Medium: libxml2
2014-05-21 10:31:00
cvelist
cvelist
CVE-2014-0191
2015-01-21 02:00:00
CVE-2015-0386
2015-01-21 18:00:00
aix
aix
AIX libxml2 vulnerability,VIOS libxml2 vulnerability
2014-08-15 10:26:30
osv
osv
libxml2 - security update
2015-02-07 00:00:00
libxml2 - security update
2014-07-11 00:00:00
ruby2.2-rubygem-nokogiri-1.6.8.1-1.3 on GA media
2024-06-15 00:00:00
oraclelinux
oraclelinux
libxml2 security update
2014-05-19 00:00:00
libxml2 security update
2015-03-30 00:00:00
libxml2 security update
2015-12-07 00:00:00
archlinux
archlinux
libxml2: Denial of service
2014-10-24 00:00:00
exploitpack
exploitpack
eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection
2015-10-30 00:00:00
exploitdb
exploitdb
eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection
2015-10-30 00:00:00
vmware
vmware
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
apple
apple
About the security content of Apple TV 7.2.1 - Apple Support
2017-01-23 03:54:31
About the security content of Apple TV 7.2.1
2016-02-25 00:00:00
suse
suse
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
oracle
oracle
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00
Oracle Critical Patch Update Advisory - October 2015
2015-10-20 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
AI Score
8.4
Confidence
High
EPSS
0.024
Percentile
90.1%
Related for USN-2214-1