Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.
http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://secunia.com/advisories/35036
http://secunia.com/advisories/36207
http://secunia.com/advisories/36338
http://secunia.com/advisories/36417
http://secunia.com/advisories/36631
http://secunia.com/advisories/37346
http://secunia.com/advisories/37471
http://support.apple.com/kb/HT3937
http://support.apple.com/kb/HT3949
http://support.apple.com/kb/HT4225
http://www.cert.fi/en/reports/2009/vulnerability2009085.html
http://www.codenomicon.com/labs/xml/
http://www.debian.org/security/2009/dsa-1859
http://www.mail-archive.com/[email protected]/msg678527.html
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/36010
http://www.ubuntu.com/usn/USN-815-1
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/2420
http://www.vupen.com/english/advisories/2009/3184
http://www.vupen.com/english/advisories/2009/3217
http://www.vupen.com/english/advisories/2009/3316
https://bugzilla.redhat.com/show_bug.cgi?id=515195
https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10129
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8639
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html
OR
cpe:2.3:a:xmlsoft:libxml:1.8.17:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
89117 | VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check) | Nessus | Misc. | critical |
79462 | OracleVM 2.1 : libxml2 (OVMSA-2009-0018) | Nessus | OracleVM Local Security Checks | critical |
67909 | Oracle Linux 3 / 4 / 5 : libxml / libxml2 (ELSA-2009-1206) | Nessus | Oracle Linux Local Security Checks | medium |
60637 | Scientific Linux Security Update : libxml and libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | medium |
56772 | FreeBSD : libxml -- Stack consumption vulnerability (5a7d4110-0b7a-11e1-846b-00235409fd3e) | Nessus | FreeBSD Local Security Checks | medium |
51756 | SuSE 10 Security Update : libxml (ZYPP Patch Number 6482) | Nessus | SuSE Local Security Checks | medium |
49636 | GLSA-201009-07 : libxml2: Denial of Service | Nessus | Gentoo Local Security Checks | medium |
5578 | Apple iOS < 4.0 Multiple Vulnerabilities | Nessus Network Monitor | Mobile Devices | critical |
44726 | Debian DSA-1861-1 : libxml - several vulnerabilities | Nessus | Debian Local Security Checks | medium |
44724 | Debian DSA-1859-1 : libxml2 - several vulnerabilities | Nessus | Debian Local Security Checks | medium |
42870 | VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components. | Nessus | VMware ESX Local Security Checks | critical |
42478 | Safari < 4.0.4 Multiple Vulnerabilities | Nessus | Windows | high |
42477 | Mac OS X : Apple Safari < 4.0.4 | Nessus | MacOS X Local Security Checks | high |
801003 | Safari < 4.0.4 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
5232 | Safari < 4.0.4 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
800795 | Mac OS X 10.6 < 10.6.2 Multiple Vulnerabilities | Log Correlation Engine | Operating System Detection | high |
5227 | Mac OS X 10.6 < 10.6.2 Multiple Vulnerabilities | Nessus Network Monitor | Generic | critical |
42434 | Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
42433 | Mac OS X Multiple Vulnerabilities (Security Update 2009-006) | Nessus | MacOS X Local Security Checks | critical |
42021 | openSUSE 10 Security Update : libxml2 (libxml2-6405) | Nessus | SuSE Local Security Checks | medium |
42020 | openSUSE 10 Security Update : libxml (libxml-6477) | Nessus | SuSE Local Security Checks | medium |
41325 | SuSE9 Security Update : libxml.rpm (YOU Patch Number 12504) | Nessus | SuSE Local Security Checks | medium |
41004 | openSUSE Security Update : libxml (libxml-1278) | Nessus | SuSE Local Security Checks | medium |
41002 | openSUSE Security Update : libxml (libxml-1278) | Nessus | SuSE Local Security Checks | medium |
40778 | Google Chrome < 2.0.172.43 Multiple Vulnerabilities | Nessus | Windows | high |
40604 | Fedora 10 : libxml-1.8.17-24.fc10 (2009-8594) | Nessus | Fedora Local Security Checks | critical |
40603 | Fedora 11 : libxml-1.8.17-24.fc11 (2009-8582) | Nessus | Fedora Local Security Checks | critical |
40602 | Fedora 11 : mingw32-libxml2-2.7.3-2.fc11 (2009-8580) | Nessus | Fedora Local Security Checks | medium |
40584 | Mandriva Linux Security Advisory : libxml (MDVSA-2009:200-1) | Nessus | Mandriva Local Security Checks | medium |
40576 | Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : libxml2 vulnerabilities (USN-815-1) | Nessus | Ubuntu Local Security Checks | critical |
40575 | openSUSE Security Update : libxml2 (libxml2-1175) | Nessus | SuSE Local Security Checks | medium |
40573 | openSUSE Security Update : libxml2 (libxml2-1175) | Nessus | SuSE Local Security Checks | medium |
40570 | Fedora 11 : libxml2-2.7.3-3.fc11 (2009-8498) | Nessus | Fedora Local Security Checks | medium |
40569 | Fedora 10 : libxml2-2.7.3-2.fc10 (2009-8491) | Nessus | Fedora Local Security Checks | medium |
40544 | RHEL 3 / 4 / 5 : libxml and libxml2 (RHSA-2009:1206) | Nessus | Red Hat Local Security Checks | medium |
40533 | CentOS 3 / 5 : libxml / libxml2 (CESA-2009:1206) | Nessus | CentOS Local Security Checks | medium |