ArchLinux: 201605-27: libxml2: multiple issues
Summary
- CVE-2016-1762 (denial of service)
A vulnerability has been discovered that allows remote attackers to
cause a denial of service (memory corruption) via a crafted XML document.
- CVE-2016-1833 (denial of service)
A maliciously crafted file could cause the application to crash due to
a heap-based out-of-bounds memory read.
- CVE-2016-1834 (arbitrary code execution)
It has been discovered that a heap-buffer-overflow could happen in
xmlStrncat.
- CVE-2016-1835 (arbitrary code execution)
It has been discovered that a maliciously crafted file could cause the
application to crash due to a heap use-after-free in xmlSAX2AttributeNs.
- CVE-2016-1836 (arbitrary code execution)
It has been discovered that a heap-use-after free can happen in the
xmlDictComputeFastKey.
- CVE-2016-1837 (arbitrary code execution)
It has been discovered that a maliciously crafted file could cause the
application to crash due to a Heap use-after-free in
htmlParsePubidLiteral and htmlParseSystemiteral.
- CVE-2016-1838 (denial of service)
It has been discovered that a heap-based buffer overread could happen
in xmlParserPrintFileContextInternal
- CVE-2016-1839 (denial of service)
It has been discovered that a heap-based buffer overread could happen
in xmlDictAddString.
- CVE-2016-1840 (arbitrary code execution)
It has been discovered that a heap-buffer overflow could happen in
xmlFAParsePosCharGroup
- CVE-2016-3627 (denial of service)
A vulnerability was found in a way libxml2 parses certain files. With
the libxml2 in recovery mode, a maliciously crafted filed could cause
libxml2 to crash.
- CVE-2016-3705 (arbitrary code execution)
It is possible to trigger a stack overflow using a carefully crafted
invalid XML file, the stack overflow occurs before libxml2 determines
the XML file is invalid.
- CVE-2016-4483 (denial of service)
It has been discovered that parsing a maliciously crafted XML file
could cause the application to crash if recover mode is used.
Resolution
Upgrade to 2.9.4+0+gbdec218-2.
# pacman -Syu "libxml2>=2.9.4+0+gbdec218-2"
The problems have been fixed upstream in version 2.9.4.
References
https://access.redhat.com/security/cve/CVE-2016-1762 https://access.redhat.com/security/cve/CVE-2016-1833 https://access.redhat.com/security/cve/CVE-2016-1834 https://access.redhat.com/security/cve/CVE-2016-1835 https://access.redhat.com/security/cve/CVE-2016-1836 https://access.redhat.com/security/cve/CVE-2016-1837 https://access.redhat.com/security/cve/CVE-2016-1838 https://access.redhat.com/security/cve/CVE-2016-1839 https://access.redhat.com/security/cve/CVE-2016-1840 https://access.redhat.com/security/cve/CVE-2016-3627 https://access.redhat.com/security/cve/CVE-2016-3705 https://access.redhat.com/security/cve/CVE-2016-4483
Workaround
None.