libxml2: code execution [LWN.net]

Package(s):

libxml2

CVE #(s):

CVE-2011-3919

Created:

January 12, 2012

Updated:

September 26, 2012

Description:

From the Red Hat advisory:

A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)

Alerts:

Red Hat	RHSA-2012:0018-01	2012-01-11
Red Hat	RHSA-2012:0016-01	2012-01-11
Red Hat	RHSA-2012:0017-01	2012-01-11
CentOS	CESA-2012:0016	2012-01-11
CentOS	CESA-2012:0017	2012-01-11
CentOS	CESA-2012:0018	2012-01-11
Oracle	ELSA-2012-0016	2012-01-12
Oracle	ELSA-2012-0018	2012-01-12
Scientific Linux	SL-libx-20120111	2012-01-11
Scientific Linux	SL-libx-20120112	2012-01-12
Scientific Linux	SL-libx-20120111	2012-01-11
Oracle	ELSA-2012-0017	2012-01-12
Mandriva	MDVSA-2012:005	2012-01-16
openSUSE	openSUSE-SU-2012:0107-1	2012-01-19
Ubuntu	USN-1334-1	2012-01-19
SUSE	SUSE-SU-2012:0117-1	2012-01-24
Debian	DSA-2394-1	2012-01-26
Red Hat	RHSA-2012:0104-01	2012-02-08
Gentoo	201202-09	2012-02-29
Oracle	ELSA-2012-0324	2012-03-09
Oracle	ELSA-2012-1288	2012-09-18
Fedora	FEDORA-2012-13820	2012-09-26
Fedora	FEDORA-2012-13824	2012-09-27
Red Hat	RHSA-2013:0217-01	2013-01-31
CentOS	CESA-2013:0217	2013-02-01
Oracle	ELSA-2013-0217	2013-02-01
Scientific Linux	SL-ming-20130201	2013-02-01

(Log in to post comments)