Wind River Support Network

HomeDefectsLIN9-6695

Fixed

LIN9-6695 : Security Advisory - libxml2 - CVE-2017-18258

Created: Apr 16, 2018 Updated: Dec 3, 2018

Resolved Date: May 27, 2018

Found In Version: 9.0.0.15

Fix Version: 9.0.0.16

Severity: Standard

Applicable for: Wind River Linux 9

Component/s: Userspace

Description

The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.

https://nvd.nist.gov/vuln/detail/CVE-2017-18258

Other Downloads

Wind River Linux 9.0.0.16
Wind River Linux 9.0.0.17
Wind River Linux 9.0.0.18
Wind River Linux 9.0.0.19
Wind River Linux 9.0.0.20
Wind River Linux 9.0.0.21
Wind River Linux 9.0.0.22
Wind River Linux 9.0.0.23
Wind River Linux 9.0.0.24
Wind River Linux 9.0.0.25
Wind River Linux 9.0.0.26

CVEs

CVE-2017-18258