libxml2 - Arch Linux
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-672 | 2.9.8-4 | 2.9.8-5 | Medium | Fixed | |
| AVG-671 | 2.9.5+6+g07e227ed-1 | 2.9.6+3+g5af594d8-1 | Medium | Fixed | |
| AVG-56 | 2.9.4+4+g3169602-1 | 2.9.4+12+ge905f08-1 | Critical | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2018-9251 | AVG-672 | Medium | Yes | Denial of service | A security issue has been found in libxml2 <= 2.9.8 compiled with LZMA support enabled, in the xz_decomp function in xzlib.c. This flaw allows a remote... |
| CVE-2017-18258 | AVG-671 | Medium | Yes | Denial of service | A security issue has been found in libxml2 <= 2.9.6 compiled with LZMA support enabled, in the xz_head function in xzlib.c. This flaw allows a remote... |
| CVE-2016-5131 | AVG-56 | Critical | Yes | Arbitrary code execution | Bugs in xmlXPathEvalExpr and xmlXPtrRangeToFunction can lead to a use- after-free and allow control of the instruction pointer. |
| CVE-2016-4658 | AVG-56 | Critical | Yes | Arbitrary code execution | A use-after-free vulnerability via namespace nodes in XPointer ranges was found in libxml2. |
Advisories
| Date | Advisory | Group | Severity | Description |
|---|---|---|---|---|
| 01 Oct 2018 | ASA-201810-3 | AVG-672 | Medium | denial of service |
| 01 Nov 2016 | ASA-201611-2 | AVG-56 | Critical | arbitrary code execution |