FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-3281

This CVE name corresponds to:

Entered	Topic
2008-10-15	libxml2 -- two vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-3281 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2008-3281
Phase	Assigned(20080724)

Description

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

References

Source	Reference
BUGTRAQ	20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff
MLIST	[xml] 20080820 Security fix for libxml2
MLIST	[Security-announce] 20081030 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff
MISC	http://www.vmware.com/security/advisories/VMSA-2008-0017.html
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=458086
CONFIRM	http://svn.gnome.org/viewvc/libxml2?view=revision&revision=3772
CONFIRM	http://xmlsoft.org/news.html
CONFIRM	http://wiki.rpath.com/Advisories:rPSA-2008-0325
CONFIRM	http://support.apple.com/kb/HT3613
CONFIRM	http://support.apple.com/kb/HT3639
APPLE	APPLE-SA-2009-06-08-1
APPLE	APPLE-SA-2009-06-17-1
DEBIAN	DSA-1631
FEDORA	FEDORA-2008-7395
FEDORA	FEDORA-2008-7594
GENTOO	GLSA-200812-06
MANDRIVA	MDVSA-2008:180
MANDRIVA	MDVSA-2008:192
REDHAT	RHSA-2008:0836
SUSE	SUSE-SR:2008:018
UBUNTU	USN-640-1
UBUNTU	USN-644-1
BID	30783
OVAL	oval:org.mitre.oval:def:6496
OVAL	oval:org.mitre.oval:def:9812
SECUNIA	35379
VUPEN	ADV-2008-2843
VUPEN	ADV-2008-2971
VUPEN	ADV-2008-2419
SECTRACK	1020728
SECUNIA	31728
SECUNIA	31558
SECUNIA	31748
SECUNIA	31590
SECUNIA	31855
SECUNIA	32488
SECUNIA	31566
SECUNIA	32807
SECUNIA	32974
SECUNIA	31982
VUPEN	ADV-2009-1522
VUPEN	ADV-2009-1621