UbuntuUpdates.org

Package "libxml2-utils"

Name: libxml2-utils

Description:

XML utilities

Latest version: 2.9.4+dfsg1-6.1ubuntu1.7
Release: bionic (18.04)
Level: updates
Repository: main
Head package: libxml2
Homepage: http://xmlsoft.org

Links


Download "libxml2-utils"


Other versions of "libxml2-utils" in Bionic

Repository Area Version
base main 2.9.4+dfsg1-6.1ubuntu1
security main 2.9.4+dfsg1-6.1ubuntu1.7

Changelog

Version: 2.9.4+dfsg1-6.1ubuntu1.2 2018-08-14 20:06:34 UTC

  libxml2 (2.9.4+dfsg1-6.1ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: XXE attacks
    - debian/patches/CVE-2016-9318.patch: fix in parser.c.
    - CVE-2016-9318
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-18258.patch: fix in xzlib.c.
    - CVE-2017-18258
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14404.patch: fix in xpath.c.
    - CVE-2018-14404
  * SECURITY UPDATE: Infinite loop in LZMA decompression
    - debian/patches/CVE-2018-14567.patch: fix in xzlib.c.
    - CVE-2018-14567
  * SECURITY UPDATE: Infinite recursion/Denial of service
    - debian/patches/CVE-2017-16932.patch: fix in parser.c and
      add some error check files result/errors/759579.xml,
      result/errors/759579.xml.err, result/errors/759579.xml.str,
      test/errors/759579.xml.
    - CVE-2017-16932

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 10 Aug 2018 15:30:23 -0300

CVE-2016-9318 libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current docume
CVE-2017-18258 The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA
CVE-2018-14404 A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath e
CVE-2017-16932 parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.



About   -   Send Feedback to @ubuntu_updates