Vulnerability CVE-2016-4449: Information
Description
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Severity: HIGH (7.1) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libxml2 | sisyphus | 2.9.3.0.5.6511-alt1 | 2.12.7-alt1 | ALT-PU-2016-1221-1 | 160389 | Fixed |
libxml2 | p10 | 2.9.3.0.5.6511-alt1 | 2.9.12-alt1.p10.1 | ALT-PU-2016-1221-1 | 160389 | Fixed |
libxml2 | p9 | 2.9.3.0.5.6511-alt1 | 2.9.10-alt6.p9.1 | ALT-PU-2016-1221-1 | 160389 | Fixed |
libxml2 | p8 | 2.9.4.0.12.e905-alt1 | 2.9.4.0.12.e905-alt1 | ALT-PU-2017-1252-1 | 179256 | Fixed |
libxml2 | c10f1 | 2.9.3.0.5.6511-alt1 | 2.9.12-alt1.p10.1 | ALT-PU-2016-1221-1 | 160389 | Fixed |
libxml2 | c9f2 | 2.9.3.0.5.6511-alt1 | 2.9.12-alt1.c9f2.1 | ALT-PU-2016-1221-1 | 160389 | Fixed |
libxml2 | p11 | 2.9.3.0.5.6511-alt1 | 2.12.7-alt1 | ALT-PU-2016-1221-1 | 160389 | Fixed |