| nessus
via4
|
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_SU-2017-0164-1.NASL | | description | This update for libxml2 fixes the following issues :
- CVE-2016-9318: libxml2 did not offer a flag directly indicating that the current document may be read but other files may not be opened, which made it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document (bsc#1010675).
- Prevent NULL dereference in xpointer.c and xmlDumpElementContent, and infinite recursion in xmlParseConditionalSections when in recovery mode(bnc#1014873)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-11-30 | | plugin id | 96566 | | published | 2017-01-17 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96566 | | title | SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:0164-1) |
| NASL family | Huawei Local Security Checks | | NASL id | EULEROS_SA-2017-1070.NASL | | description | According to the version of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :
- libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.(CVE-2016-9318)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-11-14 | | plugin id | 99936 | | published | 2017-05-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99936 | | title | EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2017-1070) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_SU-2017-1366-1.NASL | | description | This update for libxml2 fixes the following issues :
- Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873]
- CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497)
- CVE-2014-0191: External parameter entity loaded when entity substitution is disabled could cause a DoS.
(bsc#876652)
- CVE-2016-9318: XML External Entity (XXE) could be abused via crafted document. (bsc#1010675)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-11-30 | | plugin id | 100352 | | published | 2017-05-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=100352 | | title | SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1366-1) |
| NASL family | PhotonOS Local Security Checks | | NASL id | PHOTONOS_PHSA-2017-0001_LIBXML2.NASL | | description | An update of the libxml2 package has been released. | | last seen | 2019-02-08 | | modified | 2019-02-07 | | plugin id | 121663 | | published | 2019-02-07 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=121663 | | title | Photon OS 1.0: Libxml2 PHSA-2017-0001 |
| NASL family | Huawei Local Security Checks | | NASL id | EULEROS_SA-2017-1069.NASL | | description | According to the version of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :
- libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.(CVE-2016-9318)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-11-14 | | plugin id | 99916 | | published | 2017-05-02 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99916 | | title | EulerOS 2.0 SP1 : libxml2 (EulerOS-SA-2017-1069) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_SU-2017-1557-1.NASL | | description | This update for libxml2 fixes the following issues: Security issues fixed :
- CVE-2017-9050: heap-based buffer overflow (xmlDictAddString func) [bsc#1039069, bsc#1039661]
- CVE-2017-9049: heap-based buffer overflow (xmlDictComputeFastKey func) [bsc#1039066]
- CVE-2017-9048: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039063]
- CVE-2017-9047: stack overflow vulnerability (xmlSnprintfElementContent func) [bsc#1039064] A clarification for the previously released update: For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new
-noxxe flag if possible (bnc#1010675, bnc#1013930).
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-11-30 | | plugin id | 100780 | | published | 2017-06-14 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=100780 | | title | SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:1557-1) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_SU-2017-0380-1.NASL | | description | This update for libxml2 fixes the following issues :
- CVE-2016-4658: use-after-free error could lead to crash [bsc#1005544]
- Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873]
- CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497).
For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new
-noxxe flag if possible (bnc#1010675, bnc#1013930).
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-11-30 | | plugin id | 97015 | | published | 2017-02-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97015 | | title | SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:0380-1) |
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201711-01.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201711-01 (libxml2: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.
Impact :
A remote attacker, by enticing a user to process a specially crafted XML document, could remotely execute arbitrary code, conduct XML External Entity (XXE) attacks, or cause a Denial of Service condition.
Workaround :
There is no known workaround at this time. | | last seen | 2019-02-21 | | modified | 2018-03-27 | | plugin id | 104492 | | published | 2017-11-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=104492 | | title | GLSA-201711-01 : libxml2: Multiple vulnerabilities |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2017-A3A47973EB.NASL | | description | Update to latest upstream release, includes several security related fixes.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2017-04-20 | | plugin id | 99491 | | published | 2017-04-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99491 | | title | Fedora 25 : libxml2 (2017-a3a47973eb) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2017-BE8574D593.NASL | | description | Update to latest upstream release, includes several security related fixes.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2017-04-20 | | plugin id | 99492 | | published | 2017-04-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99492 | | title | Fedora 24 : libxml2 (2017-be8574d593) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2017-244.NASL | | description | This update for libxml2 fixes the following issues :
- CVE-2016-4658: use-after-free error could lead to crash [bsc#1005544]
- Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873]
- CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497).
For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930).
This update was imported from the SUSE:SLE-12-SP2:Update update project. | | last seen | 2019-02-21 | | modified | 2017-02-13 | | plugin id | 97116 | | published | 2017-02-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=97116 | | title | openSUSE Security Update : libxml2 (openSUSE-2017-244) |
| NASL family | PhotonOS Local Security Checks | | NASL id | PHOTONOS_PHSA-2017-0001.NASL | | description | An update of [openssh,linux,libxml2] packages for PhotonOS has been released. | | last seen | 2019-02-21 | | modified | 2019-02-07 | | plugin id | 111850 | | published | 2018-08-17 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=111850 | | title | Photon OS 1.0: Libxml2 / Linux / Openssh PHSA-2017-0001 (deprecated) |
|
