nessus
via4
|
NASL family | SuSE Local Security Checks | NASL id | SUSE_SU-2017-1366-1.NASL | description | This update for libxml2 fixes the following issues :
- Fix NULL dereference in xpointer.c when in recovery mode
[bsc#1014873]
- CVE-2016-9597: An XML document with many opening tags
could have caused a overflow of the stack not detected
by the recursion limits, allowing for DoS (bsc#1017497)
- CVE-2014-0191: External parameter entity loaded when
entity substitution is disabled could cause a DoS.
(bsc#876652)
- CVE-2016-9318: XML External Entity (XXE) could be abused
via crafted document. (bsc#1010675)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-11-30 | plugin id | 100352 | published | 2017-05-23 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=100352 | title | SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1366-1) |
NASL family | Huawei Local Security Checks | NASL id | EULEROS_SA-2017-1069.NASL | description | According to the version of the libxml2 packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerability :
- libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and
earlier and other products, does not offer a flag
directly indicating that the current document may be
read but other files may not be opened, which makes it
easier for remote attackers to conduct XML External
Entity (XXE) attacks via a crafted
document.(CVE-2016-9318)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-11-14 | plugin id | 99916 | published | 2017-05-02 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=99916 | title | EulerOS 2.0 SP1 : libxml2 (EulerOS-SA-2017-1069) |
NASL family | PhotonOS Local Security Checks | NASL id | PHOTONOS_PHSA-2017-0001_LIBXML2.NASL | description | An update of the libxml2 package has been released. | last seen | 2019-02-08 | modified | 2019-02-07 | plugin id | 121663 | published | 2019-02-07 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=121663 | title | Photon OS 1.0: Libxml2 PHSA-2017-0001 |
NASL family | SuSE Local Security Checks | NASL id | SUSE_SU-2017-1557-1.NASL | description | This update for libxml2 fixes the following issues: Security issues
fixed :
- CVE-2017-9050: heap-based buffer overflow
(xmlDictAddString func) [bsc#1039069, bsc#1039661]
- CVE-2017-9049: heap-based buffer overflow
(xmlDictComputeFastKey func) [bsc#1039066]
- CVE-2017-9048: stack overflow vulnerability
(xmlSnprintfElementContent func) [bsc#1039063]
- CVE-2017-9047: stack overflow vulnerability
(xmlSnprintfElementContent func) [bsc#1039064] A
clarification for the previously released update: For
CVE-2016-9318 we decided not to ship a fix since it can
break existing setups. Please take appropriate actions
if you parse untrusted XML files and use the new
-noxxe flag if possible (bnc#1010675, bnc#1013930).
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-11-30 | plugin id | 100780 | published | 2017-06-14 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=100780 | title | SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:1557-1) |
NASL family | SuSE Local Security Checks | NASL id | OPENSUSE-2017-244.NASL | description | This update for libxml2 fixes the following issues :
- CVE-2016-4658: use-after-free error could lead to crash
[bsc#1005544]
- Fix NULL dereference in xpointer.c when in recovery mode
[bsc#1014873]
- CVE-2016-9597: An XML document with many opening tags
could have caused a overflow of the stack not detected
by the recursion limits, allowing for DoS (bsc#1017497).
For CVE-2016-9318 we decided not to ship a fix since it can break
existing setups. Please take appropriate actions if you parse
untrusted XML files and use the new -noxxe flag if possible
(bnc#1010675, bnc#1013930).
This update was imported from the SUSE:SLE-12-SP2:Update update
project. | last seen | 2019-01-16 | modified | 2017-02-13 | plugin id | 97116 | published | 2017-02-13 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=97116 | title | openSUSE Security Update : libxml2 (openSUSE-2017-244) |
NASL family | PhotonOS Local Security Checks | NASL id | PHOTONOS_PHSA-2017-0001.NASL | description | An update of [openssh,linux,libxml2] packages for PhotonOS has been
released. | last seen | 2019-02-08 | modified | 2019-02-07 | plugin id | 111850 | published | 2018-08-17 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=111850 | title | Photon OS 1.0: Libxml2 / Linux / Openssh PHSA-2017-0001 (deprecated) |
NASL family | SuSE Local Security Checks | NASL id | SUSE_SU-2017-0164-1.NASL | description | This update for libxml2 fixes the following issues :
- CVE-2016-9318: libxml2 did not offer a flag directly
indicating that the current document may be read but
other files may not be opened, which made it easier for
remote attackers to conduct XML External Entity (XXE)
attacks via a crafted document (bsc#1010675).
- Prevent NULL dereference in xpointer.c and
xmlDumpElementContent, and infinite recursion in
xmlParseConditionalSections when in recovery
mode(bnc#1014873)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-11-30 | plugin id | 96566 | published | 2017-01-17 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=96566 | title | SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:0164-1) |
NASL family | Huawei Local Security Checks | NASL id | EULEROS_SA-2017-1070.NASL | description | According to the version of the libxml2 packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerability :
- libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and
earlier and other products, does not offer a flag
directly indicating that the current document may be
read but other files may not be opened, which makes it
easier for remote attackers to conduct XML External
Entity (XXE) attacks via a crafted
document.(CVE-2016-9318)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-11-14 | plugin id | 99936 | published | 2017-05-03 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=99936 | title | EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2017-1070) |
NASL family | Gentoo Local Security Checks | NASL id | GENTOO_GLSA-201711-01.NASL | description | The remote host is affected by the vulnerability described in GLSA-201711-01
(libxml2: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in libxml2. Please review
the CVE identifiers referenced below for details.
Impact :
A remote attacker, by enticing a user to process a specially crafted XML
document, could remotely execute arbitrary code, conduct XML External
Entity (XXE) attacks, or cause a Denial of Service condition.
Workaround :
There is no known workaround at this time. | last seen | 2019-01-16 | modified | 2018-03-27 | plugin id | 104492 | published | 2017-11-10 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=104492 | title | GLSA-201711-01 : libxml2: Multiple vulnerabilities |
NASL family | Fedora Local Security Checks | NASL id | FEDORA_2017-BE8574D593.NASL | description | Update to latest upstream release, includes several security related
fixes.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues. | last seen | 2019-01-16 | modified | 2017-04-20 | plugin id | 99492 | published | 2017-04-20 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=99492 | title | Fedora 24 : libxml2 (2017-be8574d593) |
NASL family | Fedora Local Security Checks | NASL id | FEDORA_2017-A3A47973EB.NASL | description | Update to latest upstream release, includes several security related
fixes.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues. | last seen | 2019-01-16 | modified | 2017-04-20 | plugin id | 99491 | published | 2017-04-20 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=99491 | title | Fedora 25 : libxml2 (2017-a3a47973eb) |
NASL family | SuSE Local Security Checks | NASL id | SUSE_SU-2017-0380-1.NASL | description | This update for libxml2 fixes the following issues :
- CVE-2016-4658: use-after-free error could lead to crash
[bsc#1005544]
- Fix NULL dereference in xpointer.c when in recovery mode
[bsc#1014873]
- CVE-2016-9597: An XML document with many opening tags
could have caused a overflow of the stack not detected
by the recursion limits, allowing for DoS (bsc#1017497).
For CVE-2016-9318 we decided not to ship a fix since it
can break existing setups. Please take appropriate
actions if you parse untrusted XML files and use the new
-noxxe flag if possible (bnc#1010675, bnc#1013930).
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-11-30 | plugin id | 97015 | published | 2017-02-06 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=97015 | title | SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:0380-1) |
|