SB2015121403 - Amazon Linux AMI update for libxml2

Description

This security bulletin contains information about 11 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2015-1819)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

2) Resource management error (CVE-ID: CVE-2015-5312)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

3) Heap-based buffer overflow (CVE-ID: CVE-2015-7497)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3. A remote attacker can use unspecified vectors. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

4) Heap-based buffer overflow (CVE-ID: CVE-2015-7498)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3. A remote attacker can use unspecified vectors related to extracting errors after an encoding conversion failure. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

5) Heap-based buffer overflow (CVE-ID: CVE-2015-7499)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3. A remote attacker can use unspecified vectors. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

6) Out-of-bounds read (CVE-ID: CVE-2015-7500)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary error in the xmlParseMisc function in parser.c. A remote attacker can create unspecified vectors related to incorrect entities boundaries and start tags, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

7) Input validation error (CVE-ID: CVE-2015-7941)

The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. "context dependent" seems to point to MiTM attack due to: If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service.

8) Buffer overflow (CVE-ID: CVE-2015-7942)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.

9) Buffer overflow (CVE-ID: CVE-2015-8241)

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

10) Stack-based buffer overflow (CVE-ID: CVE-2015-8242)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser when processing crafted XML data. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

11) Out-of-bounds read (CVE-ID: CVE-2015-8317)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary error in the xmlParseXMLDecl function in parser.c. A remote attacker can create an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Remediation

Install update from vendor's website.

References

• https://alas.aws.amazon.com/ALAS-2015-628.html