- Document libxml2 -- multiple vulnerabilities

This commit is contained in:
Thomas Abthorpe 2008-11-19 21:07:47 +00:00
parent 1badbdfada
commit 592e12bfdd
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=223060

View file

@ -34,6 +34,46 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="f1e0164e-b67b-11dd-a55e-00163e000016">
<topic>libxml2 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>libxml2</name>
<range><lt>2.6.32_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/Advisories/32773/">
<p>Two vulnerabilities have been reported in Libxml2, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
to potentially compromise an application using the library.</p>
<p>1) An integer overflow error in the "xmlSAX2Characters()" function
can be exploited to trigger a memory corruption via a specially</p>
<p>Successful exploitation may allow execution of arbitrary code, but
requires e.g. that the user is tricked into processing an overly
large XML file (2GB or more).</p>
<p>2) An integer overflow error in the "xmlBufferResize()" function
can be exploited to trigger the execution of an infinite loop.
The vulnerabilities are reported in version 2.7.2.</p>
<p>Other versions may also be affected.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-4225</cvename>
<cvename>CVE-2008-4226</cvename>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=470466</url>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=470480</url>
<url>http://secunia.com/Advisories/32773/</url>
</references>
<dates>
<discovery>2008-11-18</discovery>
<entry>2008-11-19</entry>
</dates>
</vuln>
<vuln vid="937adf01-b64a-11dd-a55e-00163e000016">
<topic>openfire -- multiple vulnerabilities</topic>
<affects>