漏洞信息详情
libxml2 代码问题漏洞
- CNNVD编号:CNNVD-201807-1562
- 危害等级: 高危
- CVE编号: CVE-2018-14404
- 漏洞类型: 代码问题
- 发布时间: 2018-07-19
- 威胁类型: 远程
- 更新时间: 2021-03-18
- 厂 商: canonical
- 漏洞来源: Red Hat
漏洞简介
Libxml2是GNOME项目组所研发的一个基于C语言的用来解析XML文档的函数库,它支持多种编码格式、Xpath解析、Well-formed和valid验证等。
Libxml2 2.9.8及之前版本中的‘xpath.c:xmlXPathCompOpEval()’函数存在安全漏洞。攻击者可借助无效的XPath表达式利用该漏洞造成拒绝服务(空指针逆向引用和应用程序崩溃)。
漏洞公告
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:
http://xmlsoft.org/
参考网址
来源:UBUNTU
链接:https://usn.ubuntu.com/3739-2/
来源:UBUNTU
链接:https://usn.ubuntu.com/3739-1/
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20190719-0002/
来源:MISC
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1595985
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2020/09/msg00009.HTML
来源:MISC
链接:https://gitlab.gnome.org/GNOME/libxml2/issues/10
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2018/09/msg00035.HTML
来源:MISC
链接:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:1543
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:1543
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2019/suse-su-201913985-1.HTML
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1097595
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3558/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1479/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3700/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1120209
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158637/Red-Hat-Security-Advisory-2020-3194-01.HTML
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2593/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2200/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1170442
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.2162/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1138480
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3102/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/77654
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-vulnerabilities-in-libxml2/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/153343/Red-Hat-Security-Advisory-2019-1543-01.HTML
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157435/Red-Hat-Security-Advisory-2020-1827-01.HTML
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159727/Red-Hat-Security-Advisory-2020-4298-01.HTML
受影响实体
- Canonical Ubuntu_linux:12.04:~~Esm~~~
- Canonical Ubuntu_linux:14.04:~~Lts~~~
- Canonical Ubuntu_linux:16.04:~~Lts~~~
- Canonical Ubuntu_linux:18.04:~~Lts~~~
补丁
暂无
评论