Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 25 May 2016 12:29:04 +0530
From: Huzaifa Sidhpurwala <huzaifas@...hat.com>
To: oss-security@...ts.openwall.com
Subject: 3 libxml2 issues

Hi All,

The following issues were reported to us:

1. CVE-2016-4447: libxml2: Heap-based buffer underreads due to xmlParseName

https://bugzilla.redhat.com/show_bug.cgi?id=1338686

2. CVE-2016-4448 libxml2: Format string vulnerability

https://bugzilla.redhat.com/show_bug.cgi?id=1338700

3. CVE-2016-4449 libxml2: Inappropriate fetch of entities content

https://bugzilla.redhat.com/show_bug.cgi?id=1338701


Each of the Red Hat bugs , contain links to the commits which fix these
issues. (The upstream bugs are currently private)


-- 
Huzaifa Sidhpurwala / Red Hat Product Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ