[Tech ARP] BIOS Option Of The Week - V-Link Data Rate

news · November 29, 2015

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512

Package : libxml2

Version : 2.7.8.dfsg-2+squeeze15

CVE ID : CVE-2015-8241 CVE-2015-8317

Debian Bug : 806384

CVE-2015-8241

Buffer overread with XML parser in xmlNextChar

CVE-2015-8317

- issues in the xmlPar[censored]MLDecl function:

If we fail conversing the current input stream while

processing the encoding declaration of the XMLDecl

then it's safer to just abort there and not try to

report further errors.

- If the string is not properly terminated do not try to convert

to the given encoding.

Additional fix for off by one error in previous patch for CVE-2015-7942

(thanks to Salvatore for spotting this)

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJWW4AXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w

ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5

NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHaKQP/jUee9iJKtYJozOatRGIWIAJ

jgVKT+CnMgBYNwKT0zMjHkQDiTp040BzFlDrkjHkBAanzFwU7hWECLEE2UOEwPsA

BK+oQ2cSMXGWNNU55CJJNB/1+vBAuALgVGo0O+1stDp7Rv7jhIAuw2nEjpzXaAqZ

dsW/xYu3PsL2xcD7l60gEvErSshXUa0SK1e7RLWOrrFTTQQja1KXeHkMAEQCRfkj

sJTdHKxCLLSscKX4E6I56R95r3cScdE2ol383nEiGS8J+VmTcrrFKqKz0h7saac0

qI3/zCunZoGOd4q0F0TBYobCAFdSfNXDc+/Ev+ETBxtKrVxSb3K3LpsoTETb7DV8

ic0y2TI67lV/RlFW/MSwZBGGROGbcEBeH1pNUX5zzpioRwHc8jCXkkMeILAZq9bD

HLV8u1SLXUb16VxHJGEXs7gPmPAA5D/k5XQ+L8wm7eE9ZrfYnbYyg5Ebw1DUZGfj

3QotJkAK8iEZHoPf65s617+maEecBn9ROnkdxYqVcAH2DKfEPC/feyn1tTurc6nq

R8bYwv+idrbkdqxu/mSwqNLYjQ2eTpUyMaraeqk3P/7G6cXZ/VAPc2t9Qs7rl0I7

RGFbTrx6iUg+rIxS+l8fUKAXeGvaa5/4aCFfR9WT+JHU5RcMiTMOf5SOftzG6mdq

DavsA5azNhMsIcLv20n/

=wO2r

-----END PGP SIGNATURE-----

Recommended Posts