CVE-2015-8242

Published: 18 November 2015

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

Priority

Status

Package	Release	Status
libxml2 Launchpad, Ubuntu, Debian	precise	Released (2.7.8.dfsg-5.1ubuntu4.13)
	trusty	Released (2.9.1+dfsg1-3ubuntu4.6)
	upstream	Released (2.9.3)
	vivid	Released (2.9.2+dfsg1-3ubuntu0.2)
	wily	Released (2.9.2+zdfsg1-4ubuntu0.2)
	Patches: upstream: https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2

References

https://ubuntu.com/security/notices/USN-2834-1
https://www.cve.org/CVERecord?id=CVE-2015-8242
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805146
https://bugzilla.gnome.org/show_bug.cgi?id=756372

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›