Cisco Bug: CSCur83687 - libxml2 security update
Feb 05, 2017
- Cisco Unified Communications Manager (CallManager)
Known Affected Releases
10.0(1.10000.24) 10.5(1.10000.7) 10.5(2.10000.2) 11.0(0.98000.20) 8.6(2.10000.30) 9.1(2.10000.28)
Symptom: Cisco Unified Communications Manager (CallManager) includes a version of libxml2 that is affected by the vulnerabilities identified by the following Common Vunlerability and Exposure (CVE IDs:) CVE-2014-3660: A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. This bug was opened to address the potential impact on this product. Conditions: Cisco Unified Communications Manager (CallManager) running versions not containing this bugfix.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases