WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately. This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It was fixed by Michael Adams and Andrew Nacin of the WordPress […]
Posts Tagged XML
14 results.
(Dec 17) Qt could be made to consume resources and hang if it processed XML data.
Comment
Debian: 2779-1: libxml2: denial of service
Oct15
on October 15, 2013
at 4:23 am
Posted In: Uncategorized
(Oct 13) Aki Helin of OUSPG discovered many out-of-bounds read issues in libxml2, the GNOME project’s XML parser library, which can lead to denial of service issues when handling XML documents that end abruptly. [More…]
The following issues have been fixed:
[-] Administrators were unable connect to remote MySQL servers if their passwords contained the ampersand (“&”) symbol. (141662)
[-] Panel failed to back up subscriptions with additional vhost/ssl/nginx settings with XML-unescaped symbols (141708)
[-] (Linux only) Panel did not concatenate chained certificates bundles provided by Geotrust to the main certificate in the nginx configuration. (113865)
[-] Customers could not use the controls on the “File Sharing” tab if they set the preferred domain with the “www” prefix.
[-] (Linux only) Customers could not access the “File Sharing” tab after Panel was upgraded to version 11.5 if client.id for the administrator was not 1. (141589)
[-] File sharing did not work for domains with international domain names.
[-] (Linux only) PhpMyAdmin failed to export databases with the error “502 Bad Gateway” (141734)
[-] (Linux only) Some upgrade scripts failed if the client.id for administrator was not 1. (141589)
(Jul 17) It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely. [More…]
Debian: 2659-1: libapache-mod-security: XML external entity process
Apr12
on April 12, 2013
at 7:50 am
Posted In: Uncategorized
(Apr 10) Timur Yunusov and Alexey Osipov from Positive Technologies discovered that the XML files parser of ModSecurity, an Apache module whose purpose is to tighten the Web application security, is vulnerable to XML external entities attacks. A specially-crafted XML file provided by a [More…]
Debian: 2652-1: libxml2: external entity expansion
Mar27
on March 27, 2013
at 6:33 am
Posted In: Uncategorized
(Mar 26) Brad Hill of iSEC Partners discovered that many XML implementations are vulnerable to external entity expansion issues, which can be used for various purposes such as firewall circumvention, disguising an IP address, and denial-of-service. libxml2 was susceptible to these [More…]
Debian: 2602-1: zendframework: XML external entity inclusi
Jan09
on January 9, 2013
at 9:14 pm
Posted In: Uncategorized
(Jan 8) Yury Dyachenko discovered that Zend Framework uses the PHP XML parser in an insecure way, allowing attackers to open files and trigger HTTP requests, potentially accessing restricted information. [More…]
Debian: 2580-1: libxml2: buffer overflow
Dec05
on December 5, 2012
at 4:44 pm
Posted In: Uncategorized
(Dec 2) Jueri Aedla discovered a buffer overflow in the libxml XML library, which could result in the execution of arbitrary code. For the stable distribution (squeeze), this problem has been fixed in [More…]
The following bug has been fixed:
[-] “Default domain” for IP address can’t be changed from one domain to another.
[-] Database copying process hangs after lost connection with MySQL.
[-] Migration fails if site application already exists on destination server.
[-] httpdmng –reconfigure-all fails with error “MySQL server has gone away”.
[-] Not valid XML breaks site application restoring.
[-] There is unable to browse default domain on IP address because of wrong nginx configuration.
[-] vhosts_bootstrap.conf is misconfigured after stop/start nginx service.
[-] Conflict resolving process fails when migration alot of plesk entities with error “MySQL server has gone away”.
The following bugs have been fixed:
[-] “Default domain” for IP address can’t be changed from one domain to another (104647)
[-] Database copying process hangs after lost connection with MySQL (112291, 115718)
[-] httpdmng –reconfigure-all fails with error “MySQL server has gone away” (112291, 115718)
[-] There is unable to browse default domain on IP address because of wrong nginx configuration (113601)
[-] vhosts_bootstrap.conf is misconfigured after stop/start nginx service (114103)
[-] Conflict resolving process fails when migration alot of plesk entities with error “MySQL server has gone away” (112291, 115718)
[-] Not valid XML breaks site application restoring
[-] Migration fails if site application already exists on destination server
Debian: 2534-1: postgresql-8.4: Multiple vulnerabilities
Aug28
on August 28, 2012
at 3:26 am
Posted In: Uncategorized
(Aug 25) Two vulnerabilities related to XML processing were discovered in PostgreSQL, an SQL database. CVE-2012-3488 [More…]
Debian: 2525-1: expat: Multiple vulnerabilities
Aug09
on August 9, 2012
at 4:54 am
Posted In: Uncategorized
(Aug 6) It was discovered that Expat, a C library to parse XML, is vulnerable to denial of service through hash collisions and a memory leak in pool handling. [More…]
Debian: 2520-1: openoffice.org: Multiple heap-based buffer
Aug04
on August 4, 2012
at 4:39 am
Posted In: Uncategorized
(Aug 2) Timo Warns from PRE-CERT discovered multiple heap-based buffer overflows in OpenOffice.org, an office productivity suite. The issues lies in the XML manifest encryption tag parsing code. Using specially crafted files, an attacker can cause application crash and could cause arbitrary code execution. [More…]