Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2015-7942

Published: 23 October 2015

The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.

Priority

Medium

Status

Package Release Status
libxml2
Launchpad, Ubuntu, Debian 		precise
Released (2.7.8.dfsg-5.1ubuntu4.12)
trusty
Released (2.9.1+dfsg1-3ubuntu4.5)
upstream
Released (2.9.2+really2.9.1+dfsg1-0.1)
vivid
Released (2.9.2+dfsg1-3ubuntu0.1)
wily
Released (2.9.2+zdfsg1-4ubuntu0.1)
Patches:
upstream: https://git.gnome.org/browse/libxml2/commit/?id=bd0526e66a56e75a18da8c15c4750db8f801c52d
upstream: https://git.gnome.org/browse/libxml2/commit/?id=41ac9049a27f52e7a1f3b341f8714149fc88d450

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading