{"id":"MGASA-2015-0457","summary":"Updated libxml2 packages fix security vulnerabilities","details":"Updated libxml2 packages fix security vulnerabilities:\n\nIn libxml2 before 2.9.3, one case where when dealing with entities expansion,\nit failed to exit, leading to a denial of service (CVE-2015-5312).\n\nIn libxml2 before 2.9.3, it was possible to hit a negative offset in the name\nindexing used to randomize the dictionary key generation, causing a heap\nbuffer overflow in xmlDictComputeFastQKey (CVE-2015-7497).\n\nIn libxml2 before 2.9.3, after encoding conversion failures, the parser was\ncontinuing to process to extract more errors, which can potentially lead to\nunexpected behaviour (CVE-2015-7498).\n\nIn libxml2 before 2.9.3, the parser failed to detect a case where the current\npointer to the input was out of range, leaving it in an incoherent state\n(CVE-2015-7499).\n\nIn libxml2 before 2.9.3, a memory access error could happen while processing\na start tag due to incorrect entities boundaries (CVE-2015-7500).\n\nIn libxml2 before 2.9.3, a buffer overread in xmlNextChar due to extra\nprocessing of MarkupDecl after EOF has been reached (CVE-2015-8241).\n\nIn libxml2 before 2.9.3, stack-basedb uffer overead with HTML parser in push\nmode (CVE-2015-8242).\n\nIn libxml2 before 2.9.3, out of bounds heap reads could happen due to failure\nprocessing the encoding declaration of the XMLDecl in xmlParseEncodingDecl\n(CVE-2015-8317).\n\nIn libxml2 before 2.9.3, out of bounds memory access via unclosed html\ncomment (CVE-2015-8710).\n","modified":"2026-04-16T01:46:08.535245878Z","published":"2015-11-26T20:47:39Z","upstream":["CVE-2015-5312","CVE-2015-7497","CVE-2015-7498","CVE-2015-7499","CVE-2015-7500","CVE-2015-8241","CVE-2015-8242","CVE-2015-8317","CVE-2015-8710"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0457.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=17170"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2015/11/18/23"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2015/11/22/3"},{"type":"WEB","url":"http://www.ubuntu.com/usn/usn-2875-1/"},{"type":"WEB","url":"http://www.xmlsoft.org/news.html"}],"affected":[{"package":{"name":"libxml2","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libxml2?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.3-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0457.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}