aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/vuxml/vuln.xml40
1 files changed, 40 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 4cd837628e9..c7e0c5e1b60 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,46 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="f1e0164e-b67b-11dd-a55e-00163e000016">
+ <topic>libxml2 -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libxml2</name>
+ <range><lt>2.6.32_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Secunia reports:</p>
+ <blockquote cite="http://secunia.com/Advisories/32773/">
+ <p>Two vulnerabilities have been reported in Libxml2, which can be
+ exploited by malicious people to cause a DoS (Denial of Service) or
+ to potentially compromise an application using the library.</p>
+ <p>1) An integer overflow error in the "xmlSAX2Characters()" function
+ can be exploited to trigger a memory corruption via a specially</p>
+ <p>Successful exploitation may allow execution of arbitrary code, but
+ requires e.g. that the user is tricked into processing an overly
+ large XML file (2GB or more).</p>
+ <p>2) An integer overflow error in the "xmlBufferResize()" function
+ can be exploited to trigger the execution of an infinite loop.
+ The vulnerabilities are reported in version 2.7.2.</p>
+ <p>Other versions may also be affected.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2008-4225</cvename>
+ <cvename>CVE-2008-4226</cvename>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=470466</url>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=470480</url>
+ <url>http://secunia.com/Advisories/32773/</url>
+ </references>
+ <dates>
+ <discovery>2008-11-18</discovery>
+ <entry>2008-11-19</entry>
+ </dates>
+ </vuln>
+
<vuln vid="937adf01-b64a-11dd-a55e-00163e000016">
<topic>openfire -- multiple vulnerabilities</topic>
<affects>