libxml2: XML External Entity vulnerability (CVE-2016-9318)
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and
other products, does not offer a flag
directly indicating that the current document may be read but other
files may not be opened, which makes it
easier for remote attackers to conduct XML External Entity (XXE) attacks
via a crafted document.
References:
https://nvd.nist.gov/vuln/detail/CVE-2016-9318
Patch:
https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0
(from redmine: issue id 7125, created on 2017-04-13, closed on 2017-04-13)
- Relations:
- child #7126 (closed)
- child #7127 (closed)
- child #7128 (closed)
- child #7129 (closed)
- Changesets:
- Revision f5ccdd14 by Natanael Copa on 2017-04-13T08:32:56Z:
main/libxml2: sec fix for CVE-2016-9318
ref #7125