First published: Wed Nov 16 2016(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Xmlsoft Libxml2 | <=2.9.4 | |
Xmlsec Project Xmlsec | <=1.2.23 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
All of | ||
Xmlsoft Libxml2 | <=2.9.4 | |
Xmlsec Project Xmlsec | <=1.2.23 | |
debian/libxml2 | 2.9.10+dfsg-6.7+deb11u4 2.9.10+dfsg-6.7+deb11u5 2.9.14+dfsg-1.3~deb12u1 2.12.7+dfsg+really2.9.14-0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-9318 is a vulnerability in libxml2 version 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, that allows remote attackers to conduct XML External Entity (XXE) attacks.
CVE-2016-9318 has a severity rating of 5.5 (medium).
Versions 2.9.4 and earlier of libxml2 are affected by CVE-2016-9318.
To fix CVE-2016-9318 in libxml2, you should update to version 2.9.4+dfsg1-6.1ubuntu1.2 or later.
You can find more information about CVE-2016-9318 at the following references: [Bugzilla](https://bugzilla.gnome.org/show_bug.cgi?id=772726), [GitHub](https://github.com/lsh123/xmlsec/issues/43), [SecurityFocus](http://www.securityfocus.com/bid/94347).