First published: Fri Oct 30 2015(Updated: )
A vulnerability in libxml2 was found causing DoS by exhausting CPU when parsing specially crafted XML document. Upstream bug: <a href="https://bugzilla.gnome.org/show_bug.cgi?id=756733">https://bugzilla.gnome.org/show_bug.cgi?id=756733</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
rubygems/nokogiri | >=1.6.0<=1.6.7.0 | 1.6.7.1 |
Ubuntu | =12.04 | |
Ubuntu | =14.04 | |
Ubuntu | =15.04 | |
Ubuntu | =15.10 | |
Red Hat Enterprise Linux Desktop | =6.0 | |
Red Hat Enterprise Linux HPC Node | =6.0 | |
Red Hat Enterprise Linux Server | =6.0 | |
Red Hat Enterprise Linux Workstation | =6.0 | |
iPhone OS | <=9.2.1 | |
Apple iOS and macOS | <=10.11.3 | |
tvOS | <=9.1 | |
Apple iOS, iPadOS, and watchOS | <=2.1 | |
libxml2-devel | <=2.9.2 | |
HP IceWall Federation Agent | =3.0 | |
HP Icewall File Manager | =3.0 | |
Debian Linux | =7.0 | |
Debian Linux | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-5312 is considered a medium-severity vulnerability due to its potential to cause denial of service by exhausting CPU resources.
To fix CVE-2015-5312, update the libxml2 library to a version greater than 2.9.2 or upgrade to a patched version of affected software packages.
CVE-2015-5312 affects various software including Nokogiri, libxml2, and multiple versions of Ubuntu and Red Hat Linux.
CVE-2015-5312 is a denial-of-service vulnerability caused by parsing specially crafted XML documents.
Yes, CVE-2015-5312 can be exploited remotely if a vulnerable application processes untrusted XML input.