libxml2 xmlCurrentChar()函数 UTF-8解析远程拒绝服务漏洞

漏洞信息详情

libxml2 xmlCurrentChar()函数 UTF-8解析远程拒绝服务漏洞

• CNNVD编号：CNNVD-200801-169
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2007-6284
  
• 漏洞类型：
  
  
  资源管理错误
  
• 发布时间：
  
  2008-01-11
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2008-01-11
  
• 厂        商：
  
  redhat
• 漏洞来源：
  Brad Fitzpatrick

libxml2软件包提供允许用户操控XML文件的函数库，包含有读、修改和写XML和HTML文件支持。

libxml库在处理包含畸形数据的XML文件时存在漏洞，远程攻击者可能利用此漏洞导致系统不可用。

libxml库的UTF-8解码函数xmlCurrentChar()没有检查UTF-8的正确性，如果用户使用链接到该库的应用程序打开了包含有多字节组合的畸形XML内容的话，就会导致函数库陷入死循环挂起，消耗大量系统资源。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

VideoLAN VLC media player 0.8.6f

VideoLAN VLC media player 0.8.6h

http://www.videolan.org/vlc/

Sun Solaris 10

Sun T125731-02.zip

http://sunsolve.sun.com/patchDownload.do?target=T125731-02.zip

VideoLAN VLC media player 0.8.6b

VideoLAN VLC media player 0.8.6h

http://www.videolan.org/vlc/

VideoLAN VLC media player 0.8.6e

VideoLAN VLC media player 0.8.6h

http://www.videolan.org/vlc/

VideoLAN VLC media player 0.8.6 g

VideoLAN VLC media player 0.8.6h

http://www.videolan.org/vlc/

VideoLAN VLC media player 0.8.6 d

VideoLAN VLC media player 0.8.6h

http://www.videolan.org/vlc/

VideoLAN VLC media player 0.8.6

VideoLAN VLC media player 0.8.6h

http://www.videolan.org/vlc/

来源: REDHAT

名称: RHSA-2008:0032

链接:http://www.redhat.com/support/errata/RHSA-2008-0032.html

来源: FEDORA

名称: FEDORA-2008-0477

链接:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html

来源: FEDORA

名称: FEDORA-2008-0462

链接:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.html

来源: issues.rpath.com

链接:https://issues.rpath.com/browse/RPL-2121

来源: MISC

链接:https://bugzilla.redhat.com/show_bug.cgi?id=425927

来源: www.xmlsoft.org

链接:http://www.xmlsoft.org/news.html

来源: UBUNTU

名称: USN-569-1

链接:http://www.ubuntulinux.org/support/documentation/usn/usn-569-1

来源: BID

名称: 27248

链接:http://www.securityfocus.com/bid/27248

来源: BUGTRAQ

名称: 20080115 rPSA-2008-0017-1 libxml2

链接:http://www.securityfocus.com/archive/1/archive/1/486410/100/0/threaded

来源: SUSE

名称: SUSE-SR:2008:002

链接:http://www.novell.com/linux/security/advisories/suse_security_summary_report.html

来源: MANDRIVA

名称: MDVSA-2008:010

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:010

来源: VUPEN

名称: ADV-2008-2094

链接:http://www.frsirt.com/english/advisories/2008/2094/references

来源: VUPEN

名称: ADV-2008-0144

链接:http://www.frsirt.com/english/advisories/2008/0144

来源: VUPEN

名称: ADV-2008-0117

链接:http://www.frsirt.com/english/advisories/2008/0117

来源: DEBIAN

名称: DSA-1461

链接:http://www.debian.org/security/2008/dsa-1461

来源: SUNALERT

名称: 103201

链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1

来源: SECTRACK

名称: 1019181

链接:http://securitytracker.com/id?1019181

来源: GENTOO

名称: GLSA-200801-20

链接:http://security.gentoo.org/glsa/glsa-200801-20.xml

来源: SECUNIA

名称: 31074

链接:http://secunia.com/advisories/31074

来源: SECUNIA

名称: 28716

链接:http://secunia.com/advisories/28716

来源: SECUNIA

名称: 28636

链接:http://secunia.com/advisories/28636

来源: SECUNIA

名称: 28475

链接:http://secunia.com/advisories/28475

来源: SECUNIA

名称: 28470

链接:http://secunia.com/advisories/28470

来源: SECUNIA

名称: 28466

链接:http://secunia.com/advisories/28466

来源: SECUNIA

名称: 28458

链接:http://secunia.com/advisories/28458

来源: SECUNIA

名称: 28452

链接:http://secunia.com/advisories/28452

来源: SECUNIA

名称: 28450

链接:http://secunia.com/advisories/28450

来源: SECUNIA

名称: 28444

链接:http://secunia.com/advisories/28444

来源: SECUNIA

名称: 28439

链接:http://secunia.com/advisories/28439

来源: SECUNIA

名称: 28444

链接:http://mail.gnome.org/archives/xml/2008-January/msg00036.html

来源: APPLE

名称: APPLE-SA-2008-07-11

链接:http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html

来源: bugs.gentoo.org

链接:http://bugs.gentoo.org/show_bug.cgi?id=202628

来源: BUGTRAQ

名称: 20080329 VMSA-2008-0006 Updated libxml2 service console package

链接:http://www.securityfocus.com/archive/1/archive/1/490306/100/0/threaded

来源: VUPEN

名称: ADV-2008-1033

链接:http://www.frsirt.com/english/advisories/2008/1033/references

来源: support.avaya.com

链接:http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm

来源: support.avaya.com

链接:http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm

来源: SUNALERT

名称: 201514

链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1

来源: SECUNIA

名称: 29591

链接:http://secunia.com/advisories/29591

来源: SECUNIA

名称: 28740

链接:http://secunia.com/advisories/28740

来源: MLIST

名称: [Security-announce] 20080328 VMSA-2008-0006 Updated libxml2 service console package

链接:http://lists.vmware.com/pipermail/security-announce/2008/000009.html

来源: oval:org.mitre.oval:def:5216

名称: oval:org.mitre.oval:def:5216

链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5216

来源：NSFOCUS
名称：11382
链接：http://www.nsfocus.net/vulndb/11382