diff options
-rw-r--r-- | security/vuxml/vuln.xml | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 4cd837628e9..c7e0c5e1b60 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,46 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="f1e0164e-b67b-11dd-a55e-00163e000016"> + <topic>libxml2 -- multiple vulnerabilities</topic> + <affects> + <package> + <name>libxml2</name> + <range><lt>2.6.32_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/Advisories/32773/"> + <p>Two vulnerabilities have been reported in Libxml2, which can be + exploited by malicious people to cause a DoS (Denial of Service) or + to potentially compromise an application using the library.</p> + <p>1) An integer overflow error in the "xmlSAX2Characters()" function + can be exploited to trigger a memory corruption via a specially</p> + <p>Successful exploitation may allow execution of arbitrary code, but + requires e.g. that the user is tricked into processing an overly + large XML file (2GB or more).</p> + <p>2) An integer overflow error in the "xmlBufferResize()" function + can be exploited to trigger the execution of an infinite loop. + The vulnerabilities are reported in version 2.7.2.</p> + <p>Other versions may also be affected.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-4225</cvename> + <cvename>CVE-2008-4226</cvename> + <url>https://bugzilla.redhat.com/show_bug.cgi?id=470466</url> + <url>https://bugzilla.redhat.com/show_bug.cgi?id=470480</url> + <url>http://secunia.com/Advisories/32773/</url> + </references> + <dates> + <discovery>2008-11-18</discovery> + <entry>2008-11-19</entry> + </dates> + </vuln> + <vuln vid="937adf01-b64a-11dd-a55e-00163e000016"> <topic>openfire -- multiple vulnerabilities</topic> <affects> |