[security-announce] libxml2: CVE-2015-8242: Security Update

Sona Sarmadi sona.sarmadi at enea.com
Thu Feb 25 12:42:51 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Enea Linux Security Advisory

=========================================================
Product/package: libxml2 2.9.1
Severity: Low
CVE Name: CVE-2015-8242
Layer: poky
=========================================================

This security update fixes buffer overread with HTML parser in push
mode in xmlSAX2TextNode [NEEDINFO].

Description:
The xmlSAX2TextNode function in SAX2.c in the push interface in the
HTML parser in libxml2 before 2.9.3 allows context-dependent attackers
to cause a denial of service (stack-based buffer over-read and
application crash) or obtain sensitive information via crafted XML data.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242

Patch:is backported from:
http://git.yoctoproject.org/cgit/cgit.cgi/poky/patch/?id=436e2044451bf25
bcac3d17e3dd85dc8ea99e7d0

Correction for Enea Linux 5.0:
http://git.enea.com/cgit/linux/poky.git/patch/?id=04f8b06b024193eb147345
8b92dac16809c29e08

How to get the latest patches
=============================
- - If you have already cloned meta-enea, update it to get new
security patches.

cd Enea-Linux-5.0/poky
git pull

- - If you have not yet cloned needed repositories, do it as described
below. (All patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-fsl-ppc.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-
openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.


Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWzui7AAoJEAilI68fskZdGioIAMa7DvresC5nOOCoGjc4SCSJ
5EFo13Oe8UWkNDTLh76aPrB85s915IWeXTNk8LuY8VDxW4UjFAnulULVTCLVfFoh
4FJsyZaDYFNNX+fYANoJoJh1prfVcDuMw5R/dRxHGZHkee7MSfP5Lcbf4TU1yGrC
ERUsOFZIoPAhqWVzmgCrwkjIMf+9bKmIj0h7f+ClSnBoc/dD54x4hOynLBJDslKU
QMPZtzhK1rXHteRw2mvYjI0CUIyOv/ydvnfVBzPbRRUm17mE12slE5sAzyeDky45
vsYfXuGxSWtF33O+GjVJhkTn7LFwpmqshfwv4kKnlNlK5P4zQynoKAKC60H0CaU=
=q6/K
-----END PGP SIGNATURE-----



More information about the security-announce mailing list