Apple Security Advisory 2016-02-25-1 - Apple TV 7.2.1 is now available and addresses code execution, information disclosure, access bypass, and various other vulnerabilities.
bf6f4fe66d502f5d2cfe52364aee2616a8b6313109616db2da1627ad5a4b40a6
Apple Security Advisory 2015-08-13-3 - iOS 8.4.1 is now available and addresses vulnerabilities in the afc command, AirTraffic, symlinks, and more.
020b218144f569aac2a2448bd8543614a7004d2d836ed7be26e0c593885fa013
Apple Security Advisory 2015-08-13-2 - OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD plug-in, IOBluetoothHCIController, and more.
1ccd5f307af57152abb6e4f0da773ca4420fb7a6e98f26301366a9071ecc9a33
Mandriva Linux Security Advisory 2015-111 - It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior.
6c45babaeca1ec041e913e0a86d595448e15db3a18b9abd9cc95bfd525ba2526
Red Hat Security Advisory 2015-0749-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity attacks, possibly resulting in a denial of service or an information leak on the system. The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat.
15c49fedfd4a3e46ea1a642a1d02d9c329ca365e3e9985dba2151d5b6dfb8796
Debian Linux Security Advisory 2978-2 - It was discovered that the update released for libxml2 in DSA 2978 fixing CVE-2014-0191 was incomplete. This caused libxml2 to still fetch external entities regardless of whether entity substitution or validation is enabled.
75ca24bacda68087f871e1aa68638a3e79c95dcff8d9fdea640df8af5b8a3b46
VMware Security Advisory 2014-0012 - VMware vSphere product updates address a Cross Site Scripting issue, a certificate validation issue and security vulnerabilities in third-party libraries.
7ae55e0d099a866f9060eaf2dd855d5f0aec675081fb0bc4925cd992333a41a6
Gentoo Linux Security Advisory 201409-8 - A vulnerability in libxml2 allows a remote attacker to cause Denial of Service. Versions less than 2.9.1-r4 are affected.
3d3e51ebf497b1002f4ac43821208f034b3bdc6899d6ce505e3b73fa6133ac3c
Debian Linux Security Advisory 2978-1 - Daniel P. Berrange discovered a denial of service vulnerability in libxml2 entity substitution.
96bb50e05e81d8361c9c05da3dc727523563121ff34368ca08616401748b2e92
Red Hat Security Advisory 2014-0513-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity attacks, possibly resulting in a denial of service or an information leak on the system. An out-of-bounds read flaw was found in the way libxml2 detected the end of an XML file. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to crash.
3d551b6c132f55a4510bfa07d62cbc76c5971974060b32e4b1e88be27977c857
Ubuntu Security Notice 2214-1 - Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service.
64ca427162a57b3fc78c8d1d6777e7a05d14345a9139d949bb434394a88f5e63
Mandriva Linux Security Advisory 2014-086 - It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors.
d404a08a5cc0f16dce907a42080b5f7aa2e914d54fe5089305065117c76c4b23