SB2016091102 - Data Handling in Libxml2
Published: September 11, 2016 Updated: July 28, 2020
Security Bulletin ID
SB2016091102
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Data Handling (CVE-ID: CVE-2016-5153)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.
Remediation
Install update from vendor's website.
References
- http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html
- http://rhn.redhat.com/errata/RHSA-2016-1854.html
- http://www.debian.org/security/2016/dsa-3660
- http://www.securityfocus.com/bid/92717
- http://www.securitytracker.com/id/1036729
- https://codereview.chromium.org/2188623006
- https://codereview.chromium.org/2189813002/
- https://crbug.com/631052
- https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html
- https://security.gentoo.org/glsa/201610-09