libxml2: CVE-2018-14404 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Sinan Kaya <okaya@kernel.org>	2018-10-05 00:39:07 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-10-18 11:08:53 +0100
commit	536412ec4d1eccd1e7b7cc5fbf239bf34cbcbca5 (patch)
tree	565f8a1510546f79d794f8690e396ad9afe3d934 /LICENSE
parent	967d42170e079a065f6088ba21032e0b1cf734d9 (diff)
download	poky-536412ec4d1eccd1e7b7cc5fbf239bf34cbcbca5.tar.gz

libxml2: CVE-2018-14404

* CVE-2018-14404 A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application. Affects libxml <= 2.9.8 CVE: CVE-2018-14404 Ref: https://access.redhat.com/security/cve/cve-2018-14404 (From OE-Core rev: 06d7f9039b005c2112e28336ac1c30e5120ec815) Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'LICENSE')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: