SB2017061637 - Input validation error in libxml2 (Alpine package)
Published: June 16, 2017
Security Bulletin ID
SB2017061637
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2017-5969)
The vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference) via a crafted XML document.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=1647bdc21ffc22aacee5ea142d372445d1fd5b03
- https://git.alpinelinux.org/aports/commit/?id=5e57be93778177ca048236091d2814a4ad205903
- https://git.alpinelinux.org/aports/commit/?id=9ba0323ae03ecb1319c9174e281260c37544fa1d
- https://git.alpinelinux.org/aports/commit/?id=a6c278e2f3d21e7ffc9b25ad0cd3845c3caafcf9
- https://git.alpinelinux.org/aports/commit/?id=a49c9e6942d3d44160b5470c06957e99a8191d7f
- https://git.alpinelinux.org/aports/commit/?id=23378989c95591c62d00888e83710e5424685eaa
- https://git.alpinelinux.org/aports/commit/?id=80f4efd8ae07abf0f36afd88e30f5a1ed1f94628
- https://git.alpinelinux.org/aports/commit/?id=b17579f3fe79dcad883955f228745b24b76c4a16
- https://git.alpinelinux.org/aports/commit/?id=f952adf5ff909e9fb868e2c5a8ab0558be22ee68
- https://git.alpinelinux.org/aports/commit/?id=fae1547c146cf95cc9bce7d385a9280239c20107