正文

libxml2 代码问题漏洞

admin
admin V管理员 /0 评论 /7 阅读
0212
此篇文章发布距今已超过1186天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

libxml2 代码问题漏洞

  • CNNVD编号:CNNVD-201807-1562
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2018-14404
  • 漏洞类型: 代码问题
  • 发布时间: 2018-07-19
  • 威胁类型: 远程
  • 更新时间: 2021-03-18
  • 厂        商: canonical
  • 漏洞来源: Red Hat

漏洞简介

Libxml2是GNOME项目组所研发的一个基于C语言的用来解析XML文档的函数库,它支持多种编码格式、Xpath解析、Well-formed和valid验证等。

Libxml2 2.9.8及之前版本中的‘xpath.c:xmlXPathCompOpEval()’函数存在安全漏洞。攻击者可借助无效的XPath表达式利用该漏洞造成拒绝服务(空指针逆向引用和应用程序崩溃)。

漏洞公告

目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:

http://xmlsoft.org/

参考网址

来源:UBUNTU

链接:https://usn.ubuntu.com/3739-2/

来源:UBUNTU

链接:https://usn.ubuntu.com/3739-1/

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20190719-0002/

来源:MISC

链接:https://bugzilla.redhat.com/show_bug.cgi?id=1595985

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

来源:MISC

链接:https://gitlab.gnome.org/GNOME/libxml2/issues/10

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

来源:MISC

链接:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:1543

来源:access.redhat.com

链接:https://access.redhat.com/errata/RHSA-2019:1543

来源:www.suse.com

链接:https://www.suse.com/support/update/announcement/2019/suse-su-201913985-1.html

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/1097595

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3558/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1479/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3700/

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/1120209

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/158637/Red-Hat-Security-Advisory-2020-3194-01.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2593/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2200/

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/1170442

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.2162/

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/1138480

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3102/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/77654

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-vulnerabilities-in-libxml2/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/153343/Red-Hat-Security-Advisory-2019-1543-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/157435/Red-Hat-Security-Advisory-2020-1827-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159727/Red-Hat-Security-Advisory-2020-4298-01.html

受影响实体

  • Canonical Ubuntu_linux:12.04:~~Esm~~~  
    <!--
    2000-1-1
    -->
  • Canonical Ubuntu_linux:14.04:~~Lts~~~  
    <!--
    2000-1-1
    -->
  • Canonical Ubuntu_linux:16.04:~~Lts~~~  
    <!--
    2000-1-1
    -->
  • Canonical Ubuntu_linux:18.04:~~Lts~~~  
    <!--
    2000-1-1
    -->

补丁

    暂无