Description
A heap-based buffer overflow flaw was found in the way libxml2 parsed
certain crafted XML input. A remote attacker could provide a specially
crafted XML file that, when opened in an application linked against
libxml2, would cause the application to crash or execute arbitrary code
with the permissions of the user running the application (CVE-2016-1834,
CVE-2016-1840).
Multiple denial of service flaws were found in libxml2. A remote attacker
could provide a specially crafted XML file that, when processed by an
application using libxml2, could cause that application to crash
(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836,
CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2015-8806,
CVE-2016-2073, CVE-2016-4483, CVE-2016-4447, CVE-2016-4448,
CVE-2016-4449).
The libxml2 package has been updated to version 2.9.4, fixing these issues
and other bugs.