[3.5] libxml2: XML External Entity vulnerability (CVE-2016-9318)
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and
other products, does not offer a flag
directly indicating that the current document may be read but other
files may not be opened, which makes it
easier for remote attackers to conduct XML External Entity (XXE) attacks
via a crafted document.
References:
https://nvd.nist.gov/vuln/detail/CVE-2016-9318
Patch:
https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0
(from redmine: issue id 7126, created on 2017-04-13, closed on 2017-04-13)
- Relations:
- parent #7125 (closed)
- Changesets:
- Revision 0c50a730 by Natanael Copa on 2017-04-13T08:40:25Z:
main/libxml2: sec fix for CVE-2016-9318
fixes #7126