Debian LTS: DLA-1641-1: mxml security update

    Date25 Jan 2019
    CategoryDebian LTS
    459
    Posted ByAnthony Pell
    Several stack exhaustion conditions were found in mxml that can easily crash when parsing xml files.
    
    Package        : mxml
    Version        : 2.6-2+deb8u1
    CVE ID         : CVE-2016-4570 CVE-2016-4571 CVE-2018-20004
    Debian Bug     : 825855 918007
    
    
    Several stack exhaustion conditions were found in mxml that can easily
    crash when parsing xml files.
    
    CVE-2016-4570
    
        The mxmlDelete function in mxml-node.c allows remote attackers to
        cause a denial of service (stack consumption) via crafted xml file.
    
    CVE-2016-4571
    
        The mxml_write_node function in mxml-file.c allows remote attackers
        to cause a denial of service (stack consumption) via crafted xml
        file
    
    CVE-2018-20004
    
        A stack-based buffer overflow in mxml_write_node via vectors
        involving a double-precision floating point number.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    2.6-2+deb8u1.
    
    We recommend that you upgrade your mxml packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.