Guest

Preview Tool

Cisco Bug: CSCur83687 - libxml2 security update

Last Modified

Feb 05, 2017

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

10.0(1.10000.24) 10.5(1.10000.7) 10.5(2.10000.2) 11.0(0.98000.20) 8.6(2.10000.30) 9.1(2.10000.28)

Description (partial)

Symptom:
Cisco Unified Communications Manager (CallManager) includes a version of libxml2 that is affected by the vulnerabilities identified by the
following Common Vunlerability and Exposure (CVE IDs:) 

CVE-2014-3660:

A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could
provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of
service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior.

This bug was opened to address the potential impact on this product.

Conditions:
Cisco Unified Communications Manager (CallManager) running versions not containing this bugfix.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.