Search...

AIX 7.2 TL 0 : libxml2 (IV80616)

2016-02-23T00:00:00

ID AIX_IV80616.NASL
Type nessus
Reporter This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.
Modified 2016-02-23T00:00:00

Description

The remote AIX host has a version of libxml2 installed that is affected by the following vulnerabilities :

A heap-based buffer overflow condition exists in the xmlParseEntityDecl() and xmlParseConditionalSections() functions within file parser.c due to a failure to properly stop parsing invalid input. An unauthenticated, remote attacker can exploit this, via specially crafted XML data, to cause a denial of service condition or potentially disclose sensitive memory contents. (CVE-2015-7941)

A heap-based buffer overflow condition exists in the xmlParseConditionalSections() function within file parser.c due to not properly skipping intermediary entities. An unauthenticated, remote attacker can exploit this, via specially crafted XML data, to cause a denial of service condition. (CVE-2015-7942)

A buffer overflow condition exists in the xmlNextChar() function due to improper bounds checking. A local attacker can exploit this, via a malformed XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-8241)

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(88884);
  script_version("2.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id(
    "CVE-2015-7941",
    "CVE-2015-7942",
    "CVE-2015-8241"
  );
  script_bugtraq_id(
    74241,
    77621,
    79507
  );

  script_name(english:"AIX 7.2 TL 0 : libxml2 (IV80616)");
  script_summary(english:"Checks the version of the libxml2 packages and iFixes.");

  script_set_attribute(attribute:"synopsis", value:
"The remote AIX host has a version of libxml2 installed that is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote AIX host has a version of libxml2 installed that is
affected by the following vulnerabilities :

  - A heap-based buffer overflow condition exists in the
    xmlParseEntityDecl() and xmlParseConditionalSections()
    functions within file parser.c due to a failure to
    properly stop parsing invalid input. An unauthenticated,
    remote attacker can exploit this, via specially crafted
    XML data, to cause a denial of service condition or
    potentially disclose sensitive memory contents.
    (CVE-2015-7941)

  - A heap-based buffer overflow condition exists in the
    xmlParseConditionalSections() function within file
    parser.c due to not properly skipping intermediary
    entities. An unauthenticated, remote attacker can
    exploit this, via specially crafted XML data, to cause a
    denial of service condition. (CVE-2015-7942)

  - A buffer overflow condition exists in the xmlNextChar()
    function due to improper bounds checking. A local
    attacker can exploit this, via a malformed XML file, to
    cause a denial of service condition or the execution of
    arbitrary code. (CVE-2015-8241)");
  script_set_attribute(attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/libxml2_advisory2.asc");
  script_set_attribute(attribute:"solution", value:
"Install the appropriate interim fix.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/02/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.2");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"AIX Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");

  exit(0);
}



include("audit.inc");
include("global_settings.inc");
include("aix.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
oslevel = get_kb_item("Host/AIX/version");
if (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, "AIX");
if ( oslevel != "AIX-7.2" )
{
  oslevel = ereg_replace(string:oslevel, pattern:"-", replace:" ");
  audit(AUDIT_OS_NOT, "AIX 7.2", oslevel);
}

oslevelcomplete = chomp(get_kb_item("Host/AIX/oslevelsp"));
if (isnull(oslevelcomplete)) audit(AUDIT_UNKNOWN_APP_VER, "AIX");
oslevelparts = split(oslevelcomplete, sep:'-', keep:0);
if ( max_index(oslevelparts) != 4 ) audit(AUDIT_UNKNOWN_APP_VER, "AIX");
ml = oslevelparts[1];
version_report = "AIX " + oslevel + " ML " + ml;
if ( ml != "00")
{
  audit(AUDIT_OS_NOT, "ML 00", version_report);
}

if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);

if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This AIX package check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );

flag = 0;

if (aix_check_ifix(release:"7.2", ml:"00", patch:"IV80616s1a", package:"bos.rte.control", minfilesetver:"7.2.0.0", maxfilesetver:"7.2.0.0") &lt; 0) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : aix_report_get()
  );
}
else
{
  tested = aix_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bos.rte.control");
}

JSON Vulners Source

Initial Source

{"id": "AIX_IV80616.NASL", "bulletinFamily": "scanner", "title": "AIX 7.2 TL 0 : libxml2 (IV80616)", "description": "The remote AIX host has a version of libxml2 installed that is\naffected by the following vulnerabilities :\n\n - A heap-based buffer overflow condition exists in the\n xmlParseEntityDecl() and xmlParseConditionalSections()\n functions within file parser.c due to a failure to\n properly stop parsing invalid input. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n XML data, to cause a denial of service condition or\n potentially disclose sensitive memory contents.\n (CVE-2015-7941)\n\n - A heap-based buffer overflow condition exists in the\n xmlParseConditionalSections() function within file\n parser.c due to not properly skipping intermediary\n entities. An unauthenticated, remote attacker can\n exploit this, via specially crafted XML data, to cause a\n denial of service condition. (CVE-2015-7942)\n\n - A buffer overflow condition exists in the xmlNextChar()\n function due to improper bounds checking. A local\n attacker can exploit this, via a malformed XML file, to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2015-8241)", "published": "2016-02-23T00:00:00", "modified": "2016-02-23T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/88884", "reporter": "This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.", "references": ["http://aix.software.ibm.com/aix/efixes/security/libxml2_advisory2.asc"], "cvelist": ["CVE-2015-7941", "CVE-2015-8241", "CVE-2015-7942"], "type": "nessus", "lastseen": "2021-01-06T09:17:45", "edition": 29, "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K61570943", "SOL61570943"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122795", "OPENVAS:1361412562310807268", "OPENVAS:703430", "OPENVAS:1361412562310120618", "OPENVAS:1361412562310871513", "OPENVAS:1361412562310871514", "OPENVAS:1361412562310105550", "OPENVAS:1361412562310122794", "OPENVAS:1361412562310842535", "OPENVAS:1361412562310703430"]}, {"type": "cve", "idList": ["CVE-2015-7941", "CVE-2015-8241", "CVE-2015-7942"]}, {"type": "aix", "idList": ["LIBXML2_ADVISORY2.ASC"]}, {"type": "nessus", "idList": ["AIX_U866671.NASL", "AIX_IV80617.NASL", "UBUNTU_USN-2812-1.NASL", "FEDORA_2016-189A7BF68C.NASL", "AIX_U870330.NASL", "AIX_U868931.NASL", "DEBIAN_DLA-355.NASL", "AIX_IV80586.NASL", "AIX_IV80588.NASL", "FEDORA_2016-A9EE80B01D.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3430-1:A974A", "DEBIAN:DLA-355-1:F71E7", "DEBIAN:DLA-334-1:C1669"]}, {"type": "fedora", "idList": ["FEDORA:473D96090BE2", "FEDORA:454A0601DA33", "FEDORA:8FB206094351", "FEDORA:4959A6092042"]}, {"type": "ubuntu", "idList": ["USN-2834-1", "USN-2812-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-2549", "ELSA-2015-2550"]}, {"type": "centos", "idList": ["CESA-2015:2549", "CESA-2015:2550"]}, {"type": "redhat", "idList": ["RHSA-2015:2550", "RHSA-2015:2549"]}, {"type": "freebsd", "idList": ["E5423CAF-8FB8-11E5-918C-BCAEC565249C"]}, {"type": "amazon", "idList": ["ALAS-2015-628", "ALAS2-2019-1220"]}, {"type": "archlinux", "idList": ["ASA-201512-6"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:1EC71DA3FB8309BFA0C5B2A494033370"]}, {"type": "suse", "idList": ["SUSE-SU-2016:0786-1"]}, {"type": "gentoo", "idList": ["GLSA-201701-37"]}, {"type": "apple", "idList": ["APPLE:HT206167", "APPLE:HT206166", "APPLE:HT206169", "APPLE:HT206168"]}], "modified": "2021-01-06T09:17:45", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2021-01-06T09:17:45", "rev": 2}, "vulnersScore": 7.6}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88884);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2015-7941\",\n \"CVE-2015-7942\",\n \"CVE-2015-8241\"\n );\n script_bugtraq_id(\n 74241,\n 77621,\n 79507\n );\n\n script_name(english:\"AIX 7.2 TL 0 : libxml2 (IV80616)\");\n script_summary(english:\"Checks the version of the libxml2 packages and iFixes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of libxml2 installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AIX host has a version of libxml2 installed that is\naffected by the following vulnerabilities :\n\n - A heap-based buffer overflow condition exists in the\n xmlParseEntityDecl() and xmlParseConditionalSections()\n functions within file parser.c due to a failure to\n properly stop parsing invalid input. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n XML data, to cause a denial of service condition or\n potentially disclose sensitive memory contents.\n (CVE-2015-7941)\n\n - A heap-based buffer overflow condition exists in the\n xmlParseConditionalSections() function within file\n parser.c due to not properly skipping intermediary\n entities. An unauthenticated, remote attacker can\n exploit this, via specially crafted XML data, to cause a\n denial of service condition. (CVE-2015-7942)\n\n - A buffer overflow condition exists in the xmlNextChar()\n function due to improper bounds checking. A local\n attacker can exploit this, via a malformed XML file, to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2015-8241)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/libxml2_advisory2.asc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install the appropriate interim fix.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item(\"Host/AIX/version\");\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nif ( oslevel != \"AIX-7.2\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 7.2\", oslevel);\n}\n\noslevelcomplete = chomp(get_kb_item(\"Host/AIX/oslevelsp\"));\nif (isnull(oslevelcomplete)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\noslevelparts = split(oslevelcomplete, sep:'-', keep:0);\nif ( max_index(oslevelparts) != 4 ) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nml = oslevelparts[1];\nversion_report = \"AIX \" + oslevel + \" ML \" + ml;\nif ( ml != \"00\")\n{\n audit(AUDIT_OS_NOT, \"ML 00\", version_report);\n}\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"00\", patch:\"IV80616s1a\", package:\"bos.rte.control\", minfilesetver:\"7.2.0.0\", maxfilesetver:\"7.2.0.0\") < 0) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : aix_report_get()\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bos.rte.control\");\n}\n", "naslFamily": "AIX Local Security Checks", "pluginID": "88884", "cpe": ["cpe:/o:ibm:aix:7.2"], "scheme": null}

{"f5": [{"lastseen": "2016-09-26T17:23:07", "bulletinFamily": "software", "cvelist": ["CVE-2015-7941", "CVE-2015-7942"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for affected F5 products, you should permit management access to F5 products only over a secure network, and limit shell access to trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-05-24T00:00:00", "published": "2016-02-15T00:00:00", "id": "SOL61570943", "href": "http://support.f5.com/kb/en-us/solutions/public/k/61/sol61570943.html", "type": "f5", "title": "SOL61570943 - libXML2 vulnerabilities CVE-2015-7941 and CVE-2015-7942", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-19T00:24:04", "bulletinFamily": "software", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-7499", "CVE-2014-3660", "CVE-2015-7942"], "edition": 1, "description": "\nF5 Product Development has assigned ID 561663 (BIG-IP), ID 572608 (BIG-IQ), ID 572609 (Enterprise Manager), and INSTALLER-2127 (Traffix) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H61570943 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0| Low*| libXML2 \nBIG-IP AAM| 11.4.0 - 11.6.0| 12.0.0- 12.1.0| Low*| libXML2 \nBIG-IP AFM| 11.3.0 - 11.6.0| 12.0.0- 12.1.0| Low*| libXML2 \nBIG-IP Analytics| 11.0.0 - 11.6.0| 12.0.0- 12.1.0| Low*| libXML2 \nBIG-IP APM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0- 12.1.0| Low*| libXML2 \nBIG-IP ASM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0- 12.1.0| Low*| libXML2 \nBIG-IP DNS| None| 12.0.0- 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low*| libXML2 \nBIG-IP GTM| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None| Low*| libXML2 \nBIG-IP Link Controller| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| 12.0.0- 12.1.0| Low*| libXML2 \nBIG-IP PEM| 11.3.0 - 11.6.0| 12.0.0- 12.1.0| Low*| libXML2 \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low*| libXML2 \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low*| libXML2 \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low*| libXML2 \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Medium| libXML2 \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Medium| libXML2 \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Medium| libXML2 \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Medium| libXML2 \nBIG-IQ ADC| 4.5.0| None| Medium| libXML2 \nBIG-IQ Centralized Management| 5.0.0 - 5.1.0 \n4.6.0| 5.2.0| Medium| libXML2 \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Medium| libXML2 \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| Low| libXML2 \n \n* Although BIG-IP software contains the vulnerable code, the BIG-IP system does not use the vulnerable code in any way.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nTo mitigate this vulnerability for affected F5 products, you should permit management access to F5 products only over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP and Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 13.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "modified": "2017-07-18T23:58:00", "published": "2016-02-16T02:07:00", "href": "https://support.f5.com/csp/article/K61570943", "id": "F5:K61570943", "title": "Multiple libXML2 vulnerabilities", "type": "f5", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2020-04-07T18:45:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7941", "CVE-2015-7942"], "description": "The remote host is missing a security patch.", "modified": "2020-04-03T00:00:00", "published": "2016-02-16T00:00:00", "id": "OPENVAS:1361412562310105550", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105550", "type": "openvas", "title": "F5 BIG-IP - SOL61570943 - libXML2 vulnerabilities CVE-2015-7941 and CVE-2015-7942", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP - SOL61570943 - libXML2 vulnerabilities CVE-2015-7941 and CVE-2015-7942\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105550\");\n script_cve_id(\"CVE-2015-7941\", \"CVE-2015-7942\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"2020-04-03T06:15:47+0000\");\n\n script_name(\"F5 BIG-IP - SOL61570943 - libXML2 vulnerabilities CVE-2015-7941 and CVE-2015-7942\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/k/61/sol61570943.html\");\n\n script_tag(name:\"impact\", value:\"CVE-2015-7941libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.CVE-2015-7942The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.\nThe xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-02-16 16:25:25 +0100 (Tue, 16 Feb 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0-12.1.0;' );\n\ncheck_f5['AAM'] = make_array( 'affected', '11.4.0-11.6.0;',\n 'unaffected', '12.0.0-;12.1.0;' );\n\ncheck_f5['AFM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0-;12.1.0;' );\n\ncheck_f5['AVR'] = make_array( 'affected', '11.0.0-11.6.0;',\n 'unaffected', '12.0.0-;12.1.0;' );\n\ncheck_f5['APM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0-;12.1.0;' );\n\ncheck_f5['ASM'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0-;12.1.0;' );\n\ncheck_f5['LC'] = make_array( 'affected', '11.0.0-11.6.0;10.1.0-10.2.4;',\n 'unaffected', '12.0.0-;12.1.0;' );\n\ncheck_f5['PEM'] = make_array( 'affected', '11.3.0-11.6.0;',\n 'unaffected', '12.0.0-;12.1.0;' );\n\nif( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7941", "CVE-2015-7942", "CVE-2015-8035"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-02-17T00:00:00", "id": "OPENVAS:1361412562310807268", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807268", "type": "openvas", "title": "Fedora Update for mingw-libxml2 FEDORA-2016-189", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libxml2 FEDORA-2016-189\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807268\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-17 06:25:35 +0100 (Wed, 17 Feb 2016)\");\n script_cve_id(\"CVE-2015-8035\", \"CVE-2015-7942\", \"CVE-2015-7941\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-libxml2 FEDORA-2016-189\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-libxml2 on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-189\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libxml2\", rpm:\"mingw-libxml2~2.9.3~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7941", "CVE-2015-1819", "CVE-2015-7942", "CVE-2015-8035"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-11-17T00:00:00", "id": "OPENVAS:1361412562310842535", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842535", "type": "openvas", "title": "Ubuntu Update for libxml2 USN-2812-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for libxml2 USN-2812-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842535\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-17 05:31:05 +0100 (Tue, 17 Nov 2015)\");\n script_cve_id(\"CVE-2015-1819\", \"CVE-2015-7941\", \"CVE-2015-7942\", \"CVE-2015-8035\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for libxml2 USN-2812-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Florian Weimer discovered that libxml2\nincorrectly handled certain XML data. If a user or automated system were tricked\ninto opening a specially crafted document, an attacker could possibly cause resource\nconsumption, resulting in a denial of service. This issue only affected\nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-1819)\n\nMichal Zalewski discovered that libxml2 incorrectly handled certain XML\ndata. If a user or automated system were tricked into opening a specially\ncrafted document, an attacker could possibly cause libxml2 to crash,\nresulting in a denial of service. This issue only affected\nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-7941)\n\nKostya Serebryany discovered that libxml2 incorrectly handled certain XML\ndata. If a user or automated system were tricked into opening a specially\ncrafted document, an attacker could possibly cause libxml2 to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2015-7942)\n\nGustavo Grieco discovered that libxml2 incorrectly handled certain XML\ndata. If a user or automated system were tricked into opening a specially\ncrafted document, an attacker could possibly cause libxml2 to crash,\nresulting in a denial of service. This issue only affected\nUbuntu 14.04 LTS. (CVE-2015-8035)\");\n script_tag(name:\"affected\", value:\"libxml2 on Ubuntu 15.10,\n Ubuntu 15.04,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2812-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2812-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(15\\.04|14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.9.2+dfsg1-3ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.2+dfsg1-3ubuntu0.1\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.9.1+dfsg1-3ubuntu4.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.1+dfsg1-3ubuntu4.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.7.8.dfsg-5.1ubuntu4.12\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.2+zdfsg1-4ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.9.2+zdfsg1-4ubuntu0.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-7499", "CVE-2015-7942"], "description": "Oracle Linux Local Security Checks ELSA-2015-2549", "modified": "2018-09-28T00:00:00", "published": "2015-12-08T00:00:00", "id": "OPENVAS:1361412562310122795", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122795", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2549", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2549.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122795\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-08 11:03:28 +0200 (Tue, 08 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2549\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2549 - libxml2 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2549\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2549.html\");\n script_cve_id(\"CVE-2015-5312\", \"CVE-2015-7497\", \"CVE-2015-7498\", \"CVE-2015-7499\", \"CVE-2015-7500\", \"CVE-2015-7941\", \"CVE-2015-7942\", \"CVE-2015-8241\", \"CVE-2015-8242\", \"CVE-2015-8317\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.6~20.0.1.el6_7.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.6~20.0.1.el6_7.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.6~20.0.1.el6_7.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libxml2-static\", rpm:\"libxml2-static~2.7.6~20.0.1.el6_7.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-7499", "CVE-2015-7942"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-12-08T00:00:00", "id": "OPENVAS:1361412562310871513", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871513", "type": "openvas", "title": "RedHat Update for libxml2 RHSA-2015:2549-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libxml2 RHSA-2015:2549-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871513\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-08 10:45:32 +0100 (Tue, 08 Dec 2015)\");\n script_cve_id(\"CVE-2015-5312\", \"CVE-2015-7497\", \"CVE-2015-7498\", \"CVE-2015-7499\",\n \"CVE-2015-7500\", \"CVE-2015-7941\", \"CVE-2015-7942\", \"CVE-2015-8241\",\n \"CVE-2015-8242\", \"CVE-2015-8317\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for libxml2 RHSA-2015:2549-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The libxml2 library is a development toolbox\n providing the implementation of various XML standards.\n\nSeveral denial of service flaws were found in libxml2, a library providing\nsupport for reading, modifying, and writing XML and HTML files. A remote\nattacker could provide a specially crafted XML or HTML file that, when\nprocessed by an application using libxml2, would cause that application to\nuse an excessive amount of CPU, leak potentially sensitive information, or\nin certain cases crash the application. (CVE-2015-5312, CVE-2015-7497,\nCVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941, CVE-2015-7942,\nCVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957, BZ#1281955)\n\nRed Hat would like to thank the GNOME project for reporting CVE-2015-7497,\nCVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242,\nand CVE-2015-8317. Upstream acknowledges Kostya Serebryany of Google as the\noriginal reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and\nCVE-2015-7500 Hugh Davenport as the original reporter of CVE-2015-8241 and\nCVE-2015-8242 and Hanno Boeck as the original reporter of CVE-2015-8317.\n\nAll libxml2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct these issues. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\");\n script_tag(name:\"affected\", value:\"libxml2 on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2549-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-December/msg00014.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.6~20.el6_7.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.7.6~20.el6_7.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.6~20.el6_7.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.6~20.el6_7.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-1819", "CVE-2015-7499", "CVE-2015-7942"], "description": "Oracle Linux Local Security Checks ELSA-2015-2550", "modified": "2018-09-28T00:00:00", "published": "2015-12-08T00:00:00", "id": "OPENVAS:1361412562310122794", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122794", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2550", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2550.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122794\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-08 11:03:27 +0200 (Tue, 08 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2550\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2550 - libxml2 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2550\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2550.html\");\n script_cve_id(\"CVE-2015-5312\", \"CVE-2015-7497\", \"CVE-2015-7498\", \"CVE-2015-7499\", \"CVE-2015-7500\", \"CVE-2015-7941\", \"CVE-2015-7942\", \"CVE-2015-8241\", \"CVE-2015-8242\", \"CVE-2015-8317\", \"CVE-2015-1819\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.0.1.el7_2.2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.0.1.el7_2.2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.0.1.el7_2.2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libxml2-static\", rpm:\"libxml2-static~2.9.1~6.0.1.el7_2.2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-03-17T22:58:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-1819", "CVE-2015-7499", "CVE-2015-7942"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-12-15T00:00:00", "id": "OPENVAS:1361412562310120618", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120618", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-628)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120618\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 02:51:29 +0200 (Tue, 15 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-628)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in libxml2. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update libxml2 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-628.html\");\n script_cve_id(\"CVE-2015-7497\", \"CVE-2015-7500\", \"CVE-2015-7499\", \"CVE-2015-8241\", \"CVE-2015-7498\", \"CVE-2015-8242\", \"CVE-2015-1819\", \"CVE-2015-5312\", \"CVE-2015-8317\", \"CVE-2015-7942\", \"CVE-2015-7941\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.2.50.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.9.1~6.2.50.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python26\", rpm:\"libxml2-python26~2.9.1~6.2.50.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python27\", rpm:\"libxml2-python27~2.9.1~6.2.50.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.2.50.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-static\", rpm:\"libxml2-static~2.9.1~6.2.50.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-1819", "CVE-2015-7499", "CVE-2015-7942"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-12-08T00:00:00", "id": "OPENVAS:1361412562310871514", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871514", "type": "openvas", "title": "RedHat Update for libxml2 RHSA-2015:2550-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libxml2 RHSA-2015:2550-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871514\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-08 10:49:09 +0100 (Tue, 08 Dec 2015)\");\n script_cve_id(\"CVE-2015-1819\", \"CVE-2015-5312\", \"CVE-2015-7497\", \"CVE-2015-7498\",\n \"CVE-2015-7499\", \"CVE-2015-7500\", \"CVE-2015-7941\", \"CVE-2015-7942\",\n \"CVE-2015-8241\", \"CVE-2015-8242\", \"CVE-2015-8317\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for libxml2 RHSA-2015:2550-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The libxml2 library is a development toolbox\n providing the implementation of various XML standards.\n\nSeveral denial of service flaws were found in libxml2, a library providing\nsupport for reading, modifying, and writing XML and HTML files. A remote\nattacker could provide a specially crafted XML or HTML file that, when\nprocessed by an application using libxml2, would cause that application to\nuse an excessive amount of CPU, leak potentially sensitive information, or\nin certain cases crash the application. (CVE-2015-1819, CVE-2015-5312,\nCVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941,\nCVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957,\nBZ#1281955)\n\nRed Hat would like to thank the GNOME project for reporting CVE-2015-7497,\nCVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242,\nand CVE-2015-8317. Upstream acknowledges Kostya Serebryany of Google as the\noriginal reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and\nCVE-2015-7500 Hugh Davenport as the original reporter of CVE-2015-8241 and\nCVE-2015-8242 and Hanno Boeck as the original reporter of CVE-2015-8317.\nThe CVE-2015-1819 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll libxml2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct these issues. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\");\n script_tag(name:\"affected\", value:\"libxml2 on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2550-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-December/msg00015.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.el7_2.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.9.1~6.el7_2.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.el7_2.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.el7_2.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:52:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-1819", "CVE-2015-7499", "CVE-2015-7942", "CVE-2015-8035"], "description": "Several vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause that application to use an\nexcessive amount of CPU, leak potentially sensitive information, or\ncrash the application.", "modified": "2017-07-07T00:00:00", "published": "2015-12-23T00:00:00", "id": "OPENVAS:703430", "href": "http://plugins.openvas.org/nasl.php?oid=703430", "type": "openvas", "title": "Debian Security Advisory DSA 3430-1 (libxml2 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3430.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3430-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703430);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-1819\", \"CVE-2015-5312\", \"CVE-2015-7497\", \"CVE-2015-7498\", \"CVE-2015-7499\", \"CVE-2015-7500\", \"CVE-2015-7941\", \"CVE-2015-7942\", \"CVE-2015-8035\", \"CVE-2015-8241\", \"CVE-2015-8317\");\n script_name(\"Debian Security Advisory DSA 3430-1 (libxml2 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-12-23 00:00:00 +0100 (Wed, 23 Dec 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3430.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libxml2 on Debian Linux\");\n script_tag(name: \"insight\", value: \"XML is a metalanguage to let you design your own markup language.\nA regular markup language defines a way to describe information in\na certain class of documents (eg HTML). XML lets you define your\nown customized markup languages for many classes of document. It\ncan do this because it's written in SGML, the international standard\nmetalanguage for markup languages.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy), these problems have been fixed\nin version 2.8.0+dfsg1-7+wheezy5.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.9.1+dfsg1-5+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.9.3+dfsg1-1 or earlier versions.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.9.3+dfsg1-1 or earlier versions.\n\nWe recommend that you upgrade your libxml2 packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause that application to use an\nexcessive amount of CPU, leak potentially sensitive information, or\ncrash the application.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.8.0+dfsg1-7+wheezy5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.8.0+dfsg1-7+wheezy5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.8.0+dfsg1-7+wheezy5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.8.0+dfsg1-7+wheezy5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.8.0+dfsg1-7+wheezy5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.8.0+dfsg1-7+wheezy5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.8.0+dfsg1-7+wheezy5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.8.0+dfsg1-7+wheezy5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.9.1+dfsg1-5+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.9.1+dfsg1-5+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.9.1+dfsg1-5+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.9.1+dfsg1-5+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.1+dfsg1-5+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.9.1+dfsg1-5+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.9.1+dfsg1-5+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.9.1+dfsg1-5+deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-1819", "CVE-2015-7499", "CVE-2015-7942", "CVE-2015-8035"], "description": "Several vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause that application to use an\nexcessive amount of CPU, leak potentially sensitive information, or\ncrash the application.", "modified": "2019-03-18T00:00:00", "published": "2015-12-23T00:00:00", "id": "OPENVAS:1361412562310703430", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703430", "type": "openvas", "title": "Debian Security Advisory DSA 3430-1 (libxml2 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3430.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3430-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703430\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-1819\", \"CVE-2015-5312\", \"CVE-2015-7497\", \"CVE-2015-7498\", \"CVE-2015-7499\", \"CVE-2015-7500\", \"CVE-2015-7941\", \"CVE-2015-7942\", \"CVE-2015-8035\", \"CVE-2015-8241\", \"CVE-2015-8317\");\n script_name(\"Debian Security Advisory DSA 3430-1 (libxml2 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-23 00:00:00 +0100 (Wed, 23 Dec 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3430.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"libxml2 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy), these problems have been fixed\nin version 2.8.0+dfsg1-7+wheezy5.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.9.1+dfsg1-5+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.9.3+dfsg1-1 or earlier versions.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.9.3+dfsg1-1 or earlier versions.\n\nWe recommend that you upgrade your libxml2 packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause that application to use an\nexcessive amount of CPU, leak potentially sensitive information, or\ncrash the application.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.8.0+dfsg1-7+wheezy5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.8.0+dfsg1-7+wheezy5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.8.0+dfsg1-7+wheezy5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.8.0+dfsg1-7+wheezy5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.8.0+dfsg1-7+wheezy5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.8.0+dfsg1-7+wheezy5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.8.0+dfsg1-7+wheezy5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.8.0+dfsg1-7+wheezy5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.9.1+dfsg1-5+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.9.1+dfsg1-5+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.9.1+dfsg1-5+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.9.1+dfsg1-5+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.1+dfsg1-5+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.9.1+dfsg1-5+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.9.1+dfsg1-5+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.9.1+dfsg1-5+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2021-02-02T06:21:30", "description": "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", "edition": 6, "cvss3": {}, "published": "2015-12-15T21:59:00", "title": "CVE-2015-8241", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8241"], "modified": "2017-09-14T01:29:00", "cpe": ["cpe:/a:hp:icewall_file_manager:3.0", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:xmlsoft:libxml2:2.9.2", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/a:hp:icewall_federation_agent:3.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2015-8241", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8241", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:a:hp:icewall_file_manager:3.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:21:30", "description": "libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.\n\"context dependent\" seems to point to MiTM attack due to: If a user or automated system were tricked into opening a specially\ncrafted document, an attacker could possibly cause libxml2 to crash,\nresulting in a denial of service. This issue only affected\nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04.", "edition": 4, "cvss3": {}, "published": "2015-11-18T16:59:00", "title": "CVE-2015-7941", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7941"], "modified": "2017-09-14T01:29:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:xmlsoft:libxml2:2.9.2", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2015-7941", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7941", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:21:30", "description": "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.", "edition": 6, "cvss3": {}, "published": "2015-11-18T16:59:00", "title": "CVE-2015-7942", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7942"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/a:hp:icewall_file_manager:3.0", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:apple:tvos:9.1", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:apple:watchos:2.1", "cpe:/o:apple:iphone_os:9.2.1", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:xmlsoft:libxml2:2.9.2", "cpe:/o:apple:mac_os_x:10.11.3", "cpe:/a:hp:icewall_federation_agent:3.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2015-7942", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7942", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.11.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:watchos:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:9.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe:2.3:a:hp:icewall_file_manager:3.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:apple:iphone_os:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "aix": [{"lastseen": "2020-04-22T00:52:10", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7941", "CVE-2015-8241", "CVE-2015-7942"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Mon Feb 22 08:06:13 CST 2016\n|Updated: Thu Aug 11 12:11:35 CDT 2016 \n|Update: Changed the iFix name for the AIX 7.1.3 fix. No changes relevant\n| to AIX 7.1.3 were made to the fix.\n\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/libxml2_advisory2.asc\nhttps://aix.software.ibm.com/aix/efixes/security/libxml2_advisory2.asc\nftp://aix.software.ibm.com/aix/efixes/security/libxml2_advisory2.asc\n\n\nSecurity Bulletin: Vulnerabilities in LibXML2 affect AIX\n CVE-2015-7941 CVE-2015-7942 CVE-2015-8241\n\n\n===============================================================================\n\nSUMMARY:\n\n There are multiple vulnerabilities in LibXML2 that impact AIX.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2015-7941 \n DESCRIPTION: Libxml2 is vulnerable to a denial of service, caused by a\n heap-based buffer overflow in the xmlParseEntityDecl or\n xmlParseConditionalSections function. By using a specially-crafted XML\n data, a remote attacker could exploit this vulnerability to trigger an\n out-of-bounds read and cause the system to crash.\n CVSS Base Score: 4.3 \n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/108071 for more\n information.\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n \n CVEID: CVE-2015-7942\n DESCRIPTION: Libxml2 is vulnerable to a denial of service, caused by a\n heap-based buffer overflow in the xmlParseConditionalSections function.\n By using a specially-crafted XML data, a remote attacker could exploit\n this vulnerability to trigger an out-of-bounds read and cause the\n system to crash.\n CVSS Base Score: 4.3\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/108073 for more\n information.\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n CVEID: CVE-2015-8241\n DESCRIPTION: libxml2 is vulnerable to a buffer overflow, caused by\n improper bounds checking by the XML parser in xmlNextChar. By using a\n malformed XML file, a local attacker could overflow a buffer and\n execute arbitrary code on the system or cause the application to crash.\n CVSS Base Score: 5.9\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/108169 for more\n information.\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n \n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 5.3, 6.1, 7.1, 7.2\n VIOS 2.2.x\n\n The following fileset levels are vulnerable:\n \n key_fileset = aix\n\n Fileset Lower Level Upper Level KEY \n -----------------------------------------------------\n bos.rte.control 5.3.12.0 5.3.12.9 key_w_fs\n bos.rte.control 6.1.9.0 6.1.9.100 key_w_fs\n bos.rte.control 7.1.3.0 7.1.3.46 key_w_fs\n bos.rte.control 7.1.4.0 7.1.4.0 key_w_fs\n bos.rte.control 7.2.0.0 7.2.0.0 key_w_fs\n \n Note: to find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i bos.rte.control\n\n REMEDIATION:\n\n A. APARS\n \n IBM has assigned the following APARs to this problem:\n\n AIX Level APAR Availability SP KEY\n ------------------------------------------------\n 5.3.12 IV80617 N/A N/A key_w_apar\n 6.1.9 IV80588 5/20/16 SP7 key_w_apar\n 7.1.4 IV80586 5/20/16 SP2 key_w_apar\n 7.2.0 IV80616 5/20/16 SP2 key_w_apar\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IV80617\n http://www.ibm.com/support/docview.wss?uid=isg1IV80588\n http://www.ibm.com/support/docview.wss?uid=isg1IV80586\n http://www.ibm.com/support/docview.wss?uid=isg1IV80616\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n Fixes are available.\n\n The fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/libxml2_fix2.tar\n http://aix.software.ibm.com/aix/efixes/security/libxml2_fix2.tar\n https://aix.software.ibm.com/aix/efixes/security/libxml2_fix2.tar \n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n\n \n AIX Level Interim Fix (*.Z) KEY\n ----------------------------------------------\n 5.3.12.x IV80617s9a.160120.epkg.Z key_w_fix\n 6.1.9.x IV80588s6a.160121.epkg.Z key_w_fix\n| 7.1.3.x IV80586s1a.160713.epkg.Z key_w_fix\n 7.1.4.x IV80586s1a.160713.epkg.Z key_w_fix\n 7.2.0.x IV80616s1a.160722.epkg.Z key_w_fix\n \n VIOS Level Interim Fix (*.Z) KEY\n -----------------------------------------------\n 2.2.4.0 IV80588s6a.160121.epkg.Z key_w_fix\n \n\n To extract the fixes from the tar file:\n\n tar xvf libxml2_fix2.tar\n cd libxml2_fix2\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command as the followng:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n 72045867e0660eb92ef58660f4594746d7d50643fefe72c8f8e53b77f80cdd18 IV80586s1a.160713.epkg.Z key_w_csum\n 10ebb3487e540b54cd0620cfcd23c7d8ca68b789ad8bf98c93686da239ccedee IV80588s6a.160121.epkg.Z key_w_csum\n 9a013e6a7f82459eafd6380c0f4b1bd2fc974178944ee277e6e3eeaf4c235072 IV80616s1a.160722.epkg.Z key_w_csum\n 8cff222b94a53ee6f2ddace7c6257280734c0396be5757309759d4ae2003be90 IV80617s9a.160120.epkg.Z key_w_csum\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/libxml2_advisory2.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/libxml2_advisory2.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/libxml2_advisory2.asc.sig \n\n C. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can either:\n\n A. Download the key from our web page:\n\nhttp://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS v3 Guide: http://www.first.org/cvss/user-guide\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n\n\nACKNOWLEDGEMENTS:\n\n None \n\n\nCHANGE HISTORY:\n\n First Issued: Mon Feb 22 08:06:13 CST 2016\n Updated: Fri May 27 08:25:24 CDT 2016\n Update: Fix added for AIX 7.1.3.6.\n Updated: Tue Jul 5 11:30:23 CDT 2016\n Update: Changed impacted upper level fileset for AIX 7.1.4\n from: bos.rte.control 7.1.4.1\n to: bos.rte.control 7.1.4.0\n The new upper fileset level appropriately reflects that AIX 7.1 TL4 SP2\n is not vulnerable.\n Updated: Fri Jul 22 13:11:47 CDT 2016\n Update: Changed impacted upper level fileset for AIX 7.2.0\n from: bos.rte.control 7.2.0.1\n to: bos.rte.control 7.2.0.0\n The new upper fileset level appropriately reflects that AIX 7.2 TL0 SP2\n is not vulnerable. New iFixes issued for AIX 7.1 TL4 and 7.2 TL0 with\n corrected upper level fileset checks. \n Updated: Thu Jul 28 09:02:05 CDT 2016\n Update: Clarified that many of the iFixes work across TLs, indepedent of\n SP.\n| Updated: Thu Aug 11 12:11:35 CDT 2016\n| Update: Changed the iFix name for the AIX 7.1.3 fix. No changes relevant\n| to AIX 7.1.3 were made to the fix. \n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n \n", "edition": 16, "modified": "2016-08-11T12:11:35", "published": "2016-02-22T08:06:13", "id": "LIBXML2_ADVISORY2.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/libxml2_advisory2.asc", "title": "Vulnerabilities in LibXML2 affect AIX,Vulnerabilities in LibXML2 affect VIOS", "type": "aix", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:17:45", "description": "The remote AIX host has a version of libxml2 installed that is\naffected by the following vulnerabilities :\n\n - A heap-based buffer overflow condition exists in the\n xmlParseEntityDecl() and xmlParseConditionalSections()\n functions within file parser.c due to a failure to\n properly stop parsing invalid input. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n XML data, to cause a denial of service condition or\n potentially disclose sensitive memory contents.\n (CVE-2015-7941)\n\n - A heap-based buffer overflow condition exists in the\n xmlParseConditionalSections() function within file\n parser.c due to not properly skipping intermediary\n entities. An unauthenticated, remote attacker can\n exploit this, via specially crafted XML data, to cause a\n denial of service condition. (CVE-2015-7942)\n\n - A buffer overflow condition exists in the xmlNextChar()\n function due to improper bounds checking. A local\n attacker can exploit this, via a malformed XML file, to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2015-8241)", "edition": 29, "published": "2016-02-23T00:00:00", "title": "AIX 7.1 TL 3 : libxml2 (IV80586)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7941", "CVE-2015-8241", "CVE-2015-7942"], "modified": "2016-02-23T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV80586.NASL", "href": "https://www.tenable.com/plugins/nessus/88882", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88882);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2015-7941\",\n \"CVE-2015-7942\",\n \"CVE-2015-8241\"\n );\n script_bugtraq_id(\n 74241,\n 77621,\n 79507\n );\n\n script_name(english:\"AIX 7.1 TL 3 : libxml2 (IV80586)\");\n script_summary(english:\"Checks the version of the libxml2 packages and iFixes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of libxml2 installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AIX host has a version of libxml2 installed that is\naffected by the following vulnerabilities :\n\n - A heap-based buffer overflow condition exists in the\n xmlParseEntityDecl() and xmlParseConditionalSections()\n functions within file parser.c due to a failure to\n properly stop parsing invalid input. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n XML data, to cause a denial of service condition or\n potentially disclose sensitive memory contents.\n (CVE-2015-7941)\n\n - A heap-based buffer overflow condition exists in the\n xmlParseConditionalSections() function within file\n parser.c due to not properly skipping intermediary\n entities. An unauthenticated, remote attacker can\n exploit this, via specially crafted XML data, to cause a\n denial of service condition. (CVE-2015-7942)\n\n - A buffer overflow condition exists in the xmlNextChar()\n function due to improper bounds checking. A local\n attacker can exploit this, via a malformed XML file, to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2015-8241)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/libxml2_advisory2.asc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install the appropriate interim fix.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item(\"Host/AIX/version\");\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nif ( oslevel != \"AIX-7.1\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 7.1\", oslevel);\n}\n\noslevelcomplete = chomp(get_kb_item(\"Host/AIX/oslevelsp\"));\nif (isnull(oslevelcomplete)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\noslevelparts = split(oslevelcomplete, sep:'-', keep:0);\nif ( max_index(oslevelparts) != 4 ) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nml = oslevelparts[1];\nversion_report = \"AIX \" + oslevel + \" ML \" + ml;\nif ( ml != \"03\" && ml != \"04\" )\n{\n audit(AUDIT_OS_NOT, \"ML 03/04\", version_report);\n}\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", patch:\"IV80586s1a\", package:\"bos.rte.control\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.46\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"04\", patch:\"IV80586s1a\", package:\"bos.rte.control\", minfilesetver:\"7.1.4.0\", maxfilesetver:\"7.1.4.0\") < 0) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : aix_report_get()\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bos.rte.control\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:17:45", "description": "The remote AIX host has a version of libxml2 installed that is\naffected by the following vulnerabilities :\n\n - A heap-based buffer overflow condition exists in the\n xmlParseEntityDecl() and xmlParseConditionalSections()\n functions within file parser.c due to a failure to\n properly stop parsing invalid input. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n XML data, to cause a denial of service condition or\n potentially disclose sensitive memory contents.\n (CVE-2015-7941)\n\n - A heap-based buffer overflow condition exists in the\n xmlParseConditionalSections() function within file\n parser.c due to not properly skipping intermediary\n entities. An unauthenticated, remote attacker can\n exploit this, via specially crafted XML data, to cause a\n denial of service condition. (CVE-2015-7942)\n\n - A buffer overflow condition exists in the xmlNextChar()\n function due to improper bounds checking. A local\n attacker can exploit this, via a malformed XML file, to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2015-8241)", "edition": 29, "published": "2016-02-23T00:00:00", "title": "AIX 6.1 TL 9 : libxml2 (IV80588)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7941", "CVE-2015-8241", "CVE-2015-7942"], "modified": "2016-02-23T00:00:00", "cpe": ["cpe:/o:ibm:aix:6.1"], "id": "AIX_IV80588.NASL", "href": "https://www.tenable.com/plugins/nessus/88883", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88883);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2015-7941\",\n \"CVE-2015-7942\",\n \"CVE-2015-8241\"\n );\n script_bugtraq_id(\n 74241,\n 77621,\n 79507\n );\n\n script_name(english:\"AIX 6.1 TL 9 : libxml2 (IV80588)\");\n script_summary(english:\"Checks the version of the libxml2 packages and iFixes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of libxml2 installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AIX host has a version of libxml2 installed that is\naffected by the following vulnerabilities :\n\n - A heap-based buffer overflow condition exists in the\n xmlParseEntityDecl() and xmlParseConditionalSections()\n functions within file parser.c due to a failure to\n properly stop parsing invalid input. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n XML data, to cause a denial of service condition or\n potentially disclose sensitive memory contents.\n (CVE-2015-7941)\n\n - A heap-based buffer overflow condition exists in the\n xmlParseConditionalSections() function within file\n parser.c due to not properly skipping intermediary\n entities. An unauthenticated, remote attacker can\n exploit this, via specially crafted XML data, to cause a\n denial of service condition. (CVE-2015-7942)\n\n - A buffer overflow condition exists in the xmlNextChar()\n function due to improper bounds checking. A local\n attacker can exploit this, via a malformed XML file, to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2015-8241)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/libxml2_advisory2.asc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install the appropriate interim fix.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item(\"Host/AIX/version\");\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nif ( oslevel != \"AIX-6.1\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 6.1\", oslevel);\n}\n\noslevelcomplete = chomp(get_kb_item(\"Host/AIX/oslevelsp\"));\nif (isnull(oslevelcomplete)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\noslevelparts = split(oslevelcomplete, sep:'-', keep:0);\nif ( max_index(oslevelparts) != 4 ) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nml = oslevelparts[1];\nversion_report = \"AIX \" + oslevel + \" ML \" + ml;\nif ( ml != \"09\")\n{\n audit(AUDIT_OS_NOT, \"ML 09\", version_report);\n}\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", patch:\"IV80588s6a\", package:\"bos.rte.control\", minfilesetver:\"6.1.9.0\", maxfilesetver:\"6.1.9.100\") < 0) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : aix_report_get()\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bos.rte.control\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:17:45", "description": "The remote AIX host has a version of libxml2 installed that is\naffected by the following vulnerabilities :\n\n - A heap-based buffer overflow condition exists in the\n xmlParseEntityDecl() and xmlParseConditionalSections()\n functions within file parser.c due to a failure to\n properly stop parsing invalid input. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n XML data, to cause a denial of service condition or\n potentially disclose sensitive memory contents.\n (CVE-2015-7941)\n\n - A heap-based buffer overflow condition exists in the\n xmlParseConditionalSections() function within file\n parser.c due to not properly skipping intermediary\n entities. An unauthenticated, remote attacker can\n exploit this, via specially crafted XML data, to cause a\n denial of service condition. (CVE-2015-7942)\n\n - A buffer overflow condition exists in the xmlNextChar()\n function due to improper bounds checking. A local\n attacker can exploit this, via a malformed XML file, to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2015-8241)", "edition": 29, "published": "2016-02-23T00:00:00", "title": "AIX 5.3 TL 12 : libxml2 (IV80617)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7941", "CVE-2015-8241", "CVE-2015-7942"], "modified": "2016-02-23T00:00:00", "cpe": ["cpe:/o:ibm:aix:5.3"], "id": "AIX_IV80617.NASL", "href": "https://www.tenable.com/plugins/nessus/88885", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88885);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2015-7941\",\n \"CVE-2015-7942\",\n \"CVE-2015-8241\"\n );\n script_bugtraq_id(\n 74241,\n 77621,\n 79507\n );\n\n script_name(english:\"AIX 5.3 TL 12 : libxml2 (IV80617)\");\n script_summary(english:\"Checks the version of the libxml2 packages and iFixes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AIX host has a version of libxml2 installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AIX host has a version of libxml2 installed that is\naffected by the following vulnerabilities :\n\n - A heap-based buffer overflow condition exists in the\n xmlParseEntityDecl() and xmlParseConditionalSections()\n functions within file parser.c due to a failure to\n properly stop parsing invalid input. An unauthenticated,\n remote attacker can exploit this, via specially crafted\n XML data, to cause a denial of service condition or\n potentially disclose sensitive memory contents.\n (CVE-2015-7941)\n\n - A heap-based buffer overflow condition exists in the\n xmlParseConditionalSections() function within file\n parser.c due to not properly skipping intermediary\n entities. An unauthenticated, remote attacker can\n exploit this, via specially crafted XML data, to cause a\n denial of service condition. (CVE-2015-7942)\n\n - A buffer overflow condition exists in the xmlNextChar()\n function due to improper bounds checking. A local\n attacker can exploit this, via a malformed XML file, to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2015-8241)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/libxml2_advisory2.asc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install the appropriate interim fix.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:5.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"AIX Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item(\"Host/AIX/version\");\nif (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nif ( oslevel != \"AIX-5.3\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 5.3\", oslevel);\n}\n\noslevelcomplete = chomp(get_kb_item(\"Host/AIX/oslevelsp\"));\nif (isnull(oslevelcomplete)) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\noslevelparts = split(oslevelcomplete, sep:'-', keep:0);\nif ( max_index(oslevelparts) != 4 ) audit(AUDIT_UNKNOWN_APP_VER, \"AIX\");\nml = oslevelparts[1];\nversion_report = \"AIX \" + oslevel + \" ML \" + ml;\nif ( ml != \"12\")\n{\n audit(AUDIT_OS_NOT, \"ML 12\", version_report);\n}\n\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This AIX package check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"5.3\", ml:\"12\", patch:\"IV80617s9a\", package:\"bos.rte.control\", minfilesetver:\"5.3.12.0\", maxfilesetver:\"5.3.12.9\") < 0) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : aix_report_get()\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bos.rte.control\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:18:27", "description": "The remote host is missing AIX PTF U866671, which is related to the\nsecurity of the package bos.rte.control.\n\nLibxml2 is vulnerable to a denial of service, caused by a heap-based\nbuffer overflow in the xmlParseEntityDecl or\nxmlParseConditionalSections function. By using a specially crafted XML\ndata, a remote attacker could exploit this vulnerability to trigger an\nout-of-bounds read and cause the system to crash. Libxml2 is\nvulnerable to a denial of service, caused by a heap-based buffer\noverflow in the xmlParseConditionalSections function. By using a\nspecially crafted XML data, a remote attacker could exploit this\nvulnerability to trigger an out-of-bounds read and cause the system to\ncrash. libxml2 is vulnerable to a buffer overflow, caused by improper\nbounds checking by the XML parser in xmlNextChar. By using a malformed\nXML file, a local attacker could overflow a buffer and execute\narbitrary code on the system or cause the application to crash.", "edition": 23, "published": "2016-05-19T00:00:00", "title": "AIX 6.1 TL 9 : bos.rte.control (U866671)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7941", "CVE-2015-8241", "CVE-2015-7942"], "modified": "2016-05-19T00:00:00", "cpe": ["cpe:/o:ibm:aix:6.1"], "id": "AIX_U866671.NASL", "href": "https://www.tenable.com/plugins/nessus/91233", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were extracted\n# from AIX Security PTF U866671. The text itself is copyright (C)\n# International Business Machines Corp.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91233);\n script_version(\"2.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-7941\", \"CVE-2015-7942\", \"CVE-2015-8241\");\n\n script_name(english:\"AIX 6.1 TL 9 : bos.rte.control (U866671)\");\n script_summary(english:\"Check for PTF U866671\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is missing AIX PTF U866671, which is related to the\nsecurity of the package bos.rte.control.\n\nLibxml2 is vulnerable to a denial of service, caused by a heap-based\nbuffer overflow in the xmlParseEntityDecl or\nxmlParseConditionalSections function. By using a specially crafted XML\ndata, a remote attacker could exploit this vulnerability to trigger an\nout-of-bounds read and cause the system to crash. Libxml2 is\nvulnerable to a denial of service, caused by a heap-based buffer\noverflow in the xmlParseConditionalSections function. By using a\nspecially crafted XML data, a remote attacker could exploit this\nvulnerability to trigger an out-of-bounds read and cause the system to\ncrash. libxml2 is vulnerable to a buffer overflow, caused by improper\nbounds checking by the XML parser in xmlNextChar. By using a malformed\nXML file, a local attacker could overflow a buffer and execute\narbitrary code on the system or cause the application to crash.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www-01.ibm.com/support/docview.wss?uid=isg1IV80588\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate missing security-related fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AIX/oslevel\", \"Host/AIX/version\", \"Host/AIX/lslpp\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nflag = 0;\n\nif ( aix_check_patch(ml:\"610009\", patch:\"U866671\", package:\"bos.rte.control.6.1.9.101\") < 0 ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:18:28", "description": "The remote host is missing AIX PTF U870330, which is related to the\nsecurity of the package bos.rte.control.\n\nLibxml2 is vulnerable to a denial of service, caused by a heap-based\nbuffer overflow in the xmlParseEntityDecl or\nxmlParseConditionalSections function. By using a specially crafted XML\ndata, a remote attacker could exploit this vulnerability to trigger an\nout-of-bounds read and cause the system to crash. Libxml2 is\nvulnerable to a denial of service, caused by a heap-based buffer\noverflow in the xmlParseConditionalSections function. By using a\nspecially crafted XML data, a remote attacker could exploit this\nvulnerability to trigger an out-of-bounds read and cause the system to\ncrash. libxml2 is vulnerable to a buffer overflow, caused by improper\nbounds checking by the XML parser in xmlNextChar. By using a malformed\nXML file, a local attacker could overflow a buffer and execute\narbitrary code on the system or cause the application to crash.", "edition": 23, "published": "2016-05-19T00:00:00", "title": "AIX 7.2 : bos.rte.control (U870330)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7941", "CVE-2015-8241", "CVE-2015-7942"], "modified": "2016-05-19T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.2"], "id": "AIX_U870330.NASL", "href": "https://www.tenable.com/plugins/nessus/91237", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were extracted\n# from AIX Security PTF U870330. The text itself is copyright (C)\n# International Business Machines Corp.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91237);\n script_version(\"2.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-7941\", \"CVE-2015-7942\", \"CVE-2015-8241\");\n\n script_name(english:\"AIX 7.2 : bos.rte.control (U870330)\");\n script_summary(english:\"Check for PTF U870330\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is missing AIX PTF U870330, which is related to the\nsecurity of the package bos.rte.control.\n\nLibxml2 is vulnerable to a denial of service, caused by a heap-based\nbuffer overflow in the xmlParseEntityDecl or\nxmlParseConditionalSections function. By using a specially crafted XML\ndata, a remote attacker could exploit this vulnerability to trigger an\nout-of-bounds read and cause the system to crash. Libxml2 is\nvulnerable to a denial of service, caused by a heap-based buffer\noverflow in the xmlParseConditionalSections function. By using a\nspecially crafted XML data, a remote attacker could exploit this\nvulnerability to trigger an out-of-bounds read and cause the system to\ncrash. libxml2 is vulnerable to a buffer overflow, caused by improper\nbounds checking by the XML parser in xmlNextChar. By using a malformed\nXML file, a local attacker could overflow a buffer and execute\narbitrary code on the system or cause the application to crash.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www-01.ibm.com/support/docview.wss?uid=isg1IV80616\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate missing security-related fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AIX/oslevel\", \"Host/AIX/version\", \"Host/AIX/lslpp\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nflag = 0;\n\nif ( aix_check_patch(ml:\"720000\", patch:\"U870330\", package:\"bos.rte.control.7.2.0.1\") < 0 ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:18:28", "description": "The remote host is missing AIX PTF U868931, which is related to the\nsecurity of the package bos.rte.control.\n\nLibxml2 is vulnerable to a denial of service, caused by a heap-based\nbuffer overflow in the xmlParseEntityDecl or\nxmlParseConditionalSections function. By using a specially crafted XML\ndata, a remote attacker could exploit this vulnerability to trigger an\nout-of-bounds read and cause the system to crash. Libxml2 is\nvulnerable to a denial of service, caused by a heap-based buffer\noverflow in the xmlParseConditionalSections function. By using a\nspecially crafted XML data, a remote attacker could exploit this\nvulnerability to trigger an out-of-bounds read and cause the system to\ncrash. libxml2 is vulnerable to a buffer overflow, caused by improper\nbounds checking by the XML parser in xmlNextChar. By using a malformed\nXML file, a local attacker could overflow a buffer and execute\narbitrary code on the system or cause the application to crash.", "edition": 23, "published": "2016-05-19T00:00:00", "title": "AIX 7.1 TL 4 : bos.rte.control (U868931)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7941", "CVE-2015-8241", "CVE-2015-7942"], "modified": "2016-05-19T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_U868931.NASL", "href": "https://www.tenable.com/plugins/nessus/91234", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were extracted\n# from AIX Security PTF U868931. The text itself is copyright (C)\n# International Business Machines Corp.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91234);\n script_version(\"2.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-7941\", \"CVE-2015-7942\", \"CVE-2015-8241\");\n\n script_name(english:\"AIX 7.1 TL 4 : bos.rte.control (U868931)\");\n script_summary(english:\"Check for PTF U868931\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is missing AIX PTF U868931, which is related to the\nsecurity of the package bos.rte.control.\n\nLibxml2 is vulnerable to a denial of service, caused by a heap-based\nbuffer overflow in the xmlParseEntityDecl or\nxmlParseConditionalSections function. By using a specially crafted XML\ndata, a remote attacker could exploit this vulnerability to trigger an\nout-of-bounds read and cause the system to crash. Libxml2 is\nvulnerable to a denial of service, caused by a heap-based buffer\noverflow in the xmlParseConditionalSections function. By using a\nspecially crafted XML data, a remote attacker could exploit this\nvulnerability to trigger an out-of-bounds read and cause the system to\ncrash. libxml2 is vulnerable to a buffer overflow, caused by improper\nbounds checking by the XML parser in xmlNextChar. By using a malformed\nXML file, a local attacker could overflow a buffer and execute\narbitrary code on the system or cause the application to crash.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www-01.ibm.com/support/docview.wss?uid=isg1IV80586\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate missing security-related fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AIX/oslevel\", \"Host/AIX/version\", \"Host/AIX/lslpp\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nflag = 0;\n\nif ( aix_check_patch(ml:\"710004\", patch:\"U868931\", package:\"bos.rte.control.7.1.4.1\") < 0 ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:43:41", "description": "CVE-2015-8241 Buffer overread with XML parser in xmlNextChar\n\nCVE-2015-8317\n\n - issues in the xmlParseXMLDecl function: If we fail\n conversing the current input stream while processing the\n encoding declaration of the XMLDecl then it's safer to\n just abort there and not try to report further errors.\n\n - If the string is not properly terminated do not try to\n convert to the given encoding.\n\nAdditional fix for off by one error in previous patch for\nCVE-2015-7942 (thanks to Salvatore for spotting this)\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 15, "published": "2015-11-30T00:00:00", "title": "Debian DLA-355-1 : libxml2 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8317", "CVE-2015-8241", "CVE-2015-7942"], "modified": "2015-11-30T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:libxml2-dbg", "p-cpe:/a:debian:debian_linux:python-libxml2", "p-cpe:/a:debian:debian_linux:python-libxml2-dbg", "p-cpe:/a:debian:debian_linux:libxml2-dev", "p-cpe:/a:debian:debian_linux:libxml2", "p-cpe:/a:debian:debian_linux:libxml2-doc", "p-cpe:/a:debian:debian_linux:libxml2-utils"], "id": "DEBIAN_DLA-355.NASL", "href": "https://www.tenable.com/plugins/nessus/87076", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-355-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87076);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8241\", \"CVE-2015-8317\");\n\n script_name(english:\"Debian DLA-355-1 : libxml2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2015-8241 Buffer overread with XML parser in xmlNextChar\n\nCVE-2015-8317\n\n - issues in the xmlParseXMLDecl function: If we fail\n conversing the current input stream while processing the\n encoding declaration of the XMLDecl then it's safer to\n just abort there and not try to report further errors.\n\n - If the string is not properly terminated do not try to\n convert to the given encoding.\n\nAdditional fix for off by one error in previous patch for\nCVE-2015-7942 (thanks to Salvatore for spotting this)\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/11/msg00016.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/libxml2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxml2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libxml2\", reference:\"2.7.8.dfsg-2+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxml2-dbg\", reference:\"2.7.8.dfsg-2+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxml2-dev\", reference:\"2.7.8.dfsg-2+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxml2-doc\", reference:\"2.7.8.dfsg-2+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxml2-utils\", reference:\"2.7.8.dfsg-2+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"python-libxml2\", reference:\"2.7.8.dfsg-2+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"python-libxml2-dbg\", reference:\"2.7.8.dfsg-2+squeeze15\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-12T10:14:01", "description": "Update to 2.9.3 which fixes various CVE's\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "published": "2016-03-04T00:00:00", "title": "Fedora 23 : mingw-libxml2-2.9.3-1.fc23 (2016-189a7bf68c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7941", "CVE-2015-7942", "CVE-2015-8035"], "modified": "2016-03-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-libxml2", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-189A7BF68C.NASL", "href": "https://www.tenable.com/plugins/nessus/89484", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-189a7bf68c.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89484);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7941\", \"CVE-2015-7942\", \"CVE-2015-8035\");\n script_xref(name:\"FEDORA\", value:\"2016-189a7bf68c\");\n\n script_name(english:\"Fedora 23 : mingw-libxml2-2.9.3-1.fc23 (2016-189a7bf68c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 2.9.3 which fixes various CVE's\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1262853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1274225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1276299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1277149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1281952\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4706f27\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"mingw-libxml2-2.9.3-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-libxml2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:14:39", "description": "Update to 2.9.3 which fixes various CVE's\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "published": "2016-03-04T00:00:00", "title": "Fedora 22 : mingw-libxml2-2.9.3-1.fc22 (2016-a9ee80b01d)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7941", "CVE-2015-7942", "CVE-2015-8035"], "modified": "2016-03-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-libxml2", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-A9EE80B01D.NASL", "href": "https://www.tenable.com/plugins/nessus/89591", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-a9ee80b01d.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89591);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7941\", \"CVE-2015-7942\", \"CVE-2015-8035\");\n script_xref(name:\"FEDORA\", value:\"2016-a9ee80b01d\");\n\n script_name(english:\"Fedora 22 : mingw-libxml2-2.9.3-1.fc22 (2016-a9ee80b01d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 2.9.3 which fixes various CVE's\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1262853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1274225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1276299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1277149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1281952\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1623b0cf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"mingw-libxml2-2.9.3-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-libxml2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:29:13", "description": "Florian Weimer discovered that libxml2 incorrectly handled certain XML\ndata. If a user or automated system were tricked into opening a\nspecially crafted document, an attacker could possibly cause resource\nconsumption, resulting in a denial of service. This issue only\naffected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04.\n(CVE-2015-1819)\n\nMichal Zalewski discovered that libxml2 incorrectly handled certain\nXML data. If a user or automated system were tricked into opening a\nspecially crafted document, an attacker could possibly cause libxml2\nto crash, resulting in a denial of service. This issue only affected\nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-7941)\n\nKostya Serebryany discovered that libxml2 incorrectly handled certain\nXML data. If a user or automated system were tricked into opening a\nspecially crafted document, an attacker could possibly cause libxml2\nto crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2015-7942)\n\nGustavo Grieco discovered that libxml2 incorrectly handled certain XML\ndata. If a user or automated system were tricked into opening a\nspecially crafted document, an attacker could possibly cause libxml2\nto crash, resulting in a denial of service. This issue only affected\nUbuntu 14.04 LTS. (CVE-2015-8035).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2015-11-17T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : libxml2 vulnerabilities (USN-2812-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7941", "CVE-2015-1819", "CVE-2015-7942", "CVE-2015-8035"], "modified": "2015-11-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:libxml2", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2812-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86897", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2812-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86897);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1819\", \"CVE-2015-7941\", \"CVE-2015-7942\", \"CVE-2015-8035\");\n script_xref(name:\"USN\", value:\"2812-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : libxml2 vulnerabilities (USN-2812-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Florian Weimer discovered that libxml2 incorrectly handled certain XML\ndata. If a user or automated system were tricked into opening a\nspecially crafted document, an attacker could possibly cause resource\nconsumption, resulting in a denial of service. This issue only\naffected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04.\n(CVE-2015-1819)\n\nMichal Zalewski discovered that libxml2 incorrectly handled certain\nXML data. If a user or automated system were tricked into opening a\nspecially crafted document, an attacker could possibly cause libxml2\nto crash, resulting in a denial of service. This issue only affected\nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-7941)\n\nKostya Serebryany discovered that libxml2 incorrectly handled certain\nXML data. If a user or automated system were tricked into opening a\nspecially crafted document, an attacker could possibly cause libxml2\nto crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2015-7942)\n\nGustavo Grieco discovered that libxml2 incorrectly handled certain XML\ndata. If a user or automated system were tricked into opening a\nspecially crafted document, an attacker could possibly cause libxml2\nto crash, resulting in a denial of service. This issue only affected\nUbuntu 14.04 LTS. (CVE-2015-8035).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2812-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libxml2\", pkgver:\"2.7.8.dfsg-5.1ubuntu4.12\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libxml2\", pkgver:\"2.9.1+dfsg1-3ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"libxml2\", pkgver:\"2.9.2+dfsg1-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libxml2\", pkgver:\"2.9.2+zdfsg1-4ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:21:13", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8317", "CVE-2015-8241", "CVE-2015-7942"], "description": "Package : libxml2\nVersion : 2.7.8.dfsg-2+squeeze15\nCVE ID : CVE-2015-8241 CVE-2015-8317\nDebian Bug : 806384\n\nCVE-2015-8241\n Buffer overread with XML parser in xmlNextChar\n\nCVE-2015-8317\n - issues in the xmlParseXMLDecl function:\n If we fail conversing the current input stream while\n processing the encoding declaration of the XMLDecl\n then it's safer to just abort there and not try to\n report further errors.\n - If the string is not properly terminated do not try to convert\n to the given encoding.\n\nAdditional fix for off by one error in previous patch for CVE-2015-7942\n(thanks to Salvatore for spotting this)\n\n", "edition": 7, "modified": "2015-11-29T23:00:36", "published": "2015-11-29T23:00:36", "id": "DEBIAN:DLA-355-1:F71E7", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201511/msg00016.html", "title": "[SECURITY] [DLA 355-1] libxml2 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:03:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-1819", "CVE-2015-7499", "CVE-2015-7942", "CVE-2015-8035"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3430-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nDecember 23, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxml2\nCVE ID : CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 \n CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942\n CVE-2015-8035 CVE-2015-8241 CVE-2015-8317\nDebian Bug : 782782 782985 783010 802827 803942 806384\n\nSeveral vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause that application to use an\nexcessive amount of CPU, leak potentially sensitive information, or\ncrash the application.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 2.8.0+dfsg1-7+wheezy5.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.9.1+dfsg1-5+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.9.3+dfsg1-1 or earlier versions.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.9.3+dfsg1-1 or earlier versions.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 13, "modified": "2015-12-23T13:19:37", "published": "2015-12-23T13:19:37", "id": "DEBIAN:DSA-3430-1:A974A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00337.html", "title": "[SECURITY] [DSA 3430-1] libxml2 security update", "type": "debian", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-11-11T13:12:29", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7942"], "description": "Package : libxml2\nVersion : 2.7.8.dfsg-2+squeeze13\nCVE ID : CVE-2015-7942\nDebian Bug : 802827\n\nCrafted xml causes out of bound memory access. heap-buffer-overflow in \nxmlParseConditionalSections.\n\n", "edition": 9, "modified": "2015-10-25T17:15:30", "published": "2015-10-25T17:15:30", "id": "DEBIAN:DLA-334-1:C1669", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201510/msg00012.html", "title": "[SECURITY] [DLA 334-1] libxml2 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7941", "CVE-2015-7942", "CVE-2015-8035"], "description": "MinGW Windows libxml2 XML processing library. ", "modified": "2016-02-17T04:02:04", "published": "2016-02-17T04:02:04", "id": "FEDORA:473D96090BE2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: mingw-libxml2-2.9.3-1.fc23", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7941", "CVE-2015-7942", "CVE-2015-8035"], "description": "MinGW Windows libxml2 XML processing library. ", "modified": "2016-02-17T04:26:04", "published": "2016-02-17T04:26:04", "id": "FEDORA:8FB206094351", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: mingw-libxml2-2.9.3-1.fc22", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1819", "CVE-2015-5312", "CVE-2015-7497", "CVE-2015-7499", "CVE-2015-7500", "CVE-2015-7941", "CVE-2015-7942", "CVE-2015-8035", "CVE-2015-8242"], "description": "This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. ", "modified": "2015-11-26T21:01:32", "published": "2015-11-26T21:01:32", "id": "FEDORA:4959A6092042", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: libxml2-2.9.3-1.fc23", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1819", "CVE-2015-5312", "CVE-2015-7497", "CVE-2015-7499", "CVE-2015-7500", "CVE-2015-7941", "CVE-2015-7942", "CVE-2015-8035", "CVE-2015-8242"], "description": "This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. ", "modified": "2015-11-30T23:26:43", "published": "2015-11-30T23:26:43", "id": "FEDORA:454A0601DA33", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: libxml2-2.9.3-1.fc22", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:40:24", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7941", "CVE-2015-1819", "CVE-2015-7942", "CVE-2015-8035"], "description": "Florian Weimer discovered that libxml2 incorrectly handled certain XML \ndata. If a user or automated system were tricked into opening a specially \ncrafted document, an attacker could possibly cause resource consumption, \nresulting in a denial of service. This issue only affected \nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-1819)\n\nMichal Zalewski discovered that libxml2 incorrectly handled certain XML \ndata. If a user or automated system were tricked into opening a specially \ncrafted document, an attacker could possibly cause libxml2 to crash, \nresulting in a denial of service. This issue only affected \nUbuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-7941)\n\nKostya Serebryany discovered that libxml2 incorrectly handled certain XML \ndata. If a user or automated system were tricked into opening a specially \ncrafted document, an attacker could possibly cause libxml2 to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2015-7942)\n\nGustavo Grieco discovered that libxml2 incorrectly handled certain XML \ndata. If a user or automated system were tricked into opening a specially \ncrafted document, an attacker could possibly cause libxml2 to crash, \nresulting in a denial of service. This issue only affected \nUbuntu 14.04 LTS. (CVE-2015-8035)", "edition": 5, "modified": "2015-11-16T00:00:00", "published": "2015-11-16T00:00:00", "id": "USN-2812-1", "href": "https://ubuntu.com/security/notices/USN-2812-1", "title": "libxml2 vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:37:13", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7497", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-7499"], "description": "Kostya Serebryany discovered that libxml2 incorrectly handled certain \nmalformed documents. If a user or automated system were tricked into \nopening a specially crafted document, an attacker could possibly cause \nlibxml2 to crash, resulting in a denial of service. (CVE-2015-5312, \nCVE-2015-7497, CVE-2015-7498, CVE-2015-7499,CVE-2015-7500)\n\nHugh Davenport discovered that libxml2 incorrectly handled certain \nmalformed documents. If a user or automated system were tricked into \nopening a specially crafted document, an attacker could possibly cause \nlibxml2 to crash, resulting in a denial of service. (CVE-2015-8241, \nCVE-2015-8242)\n\nHanno Boeck discovered that libxml2 incorrectly handled certain \nmalformed documents. If a user or automated system were tricked into \nopening a specially crafted document, an attacker could possibly cause \nlibxml2 to crash, resulting in a denial of service. This issue only applied \nto Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-8317)", "edition": 5, "modified": "2015-12-14T00:00:00", "published": "2015-12-14T00:00:00", "id": "USN-2834-1", "href": "https://ubuntu.com/security/notices/USN-2834-1", "title": "libxml2 vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:51", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-7499", "CVE-2015-7942"], "description": "[2.7.6-20.0.1]\n- Update doc/redhat.gif in tarball\n- Add libxml2-oracle-enterprise.patch and update logos in tarball\n[2.7.6-20.1]\n- Fix a series of CVEs (rhbz#1286495)\n- CVE-2015-7941 Cleanup conditional section error handling\n- CVE-2015-8317 Fail parsing early on if encoding conversion failed\n- CVE-2015-7942 Another variation of overflow in Conditional sections\n- CVE-2015-7942 Fix an error in previous Conditional section patch\n- Fix parsing short unclosed comment uninitialized access\n- CVE-2015-7498 Avoid processing entities after encoding conversion failures\n- CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey\n- CVE-2015-5312 Another entity expansion issue\n- CVE-2015-7499 Add xmlHaltParser() to stop the parser\n- CVE-2015-7499 Detect incoherency on GROW\n- CVE-2015-7500 Fix memory access error due to incorrect entities boundaries\n- CVE-2015-8242 Buffer overead with HTML parser in push mode\n- Libxml violates the zlib interface and crashes", "edition": 4, "modified": "2015-12-07T00:00:00", "published": "2015-12-07T00:00:00", "id": "ELSA-2015-2549", "href": "http://linux.oracle.com/errata/ELSA-2015-2549.html", "title": "libxml2 security update", "type": "oraclelinux", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:08", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2014-0191", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-1819", "CVE-2015-7499", "CVE-2014-3660", "CVE-2015-7942"], "description": "[2.9.1-6.0.1.el7_1.2]\n- Update doc/redhat.gif in tarball\n- Add libxml2-oracle-enterprise.patch and update logos in tarball\n[2.9.1-6.2]\n- Fix a series of CVEs (rhbz#1286496)\n- CVE-2015-7941 Stop parsing on entities boundaries errors\n- CVE-2015-7941 Cleanup conditional section error handling\n- CVE-2015-8317 Fail parsing early on if encoding conversion failed\n- CVE-2015-7942 Another variation of overflow in Conditional sections\n- CVE-2015-7942 Fix an error in previous Conditional section patch\n- Fix parsing short unclosed comment uninitialized access\n- CVE-2015-7498 Avoid processing entities after encoding conversion failures\n- CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey\n- CVE-2015-5312 Another entity expansion issue\n- CVE-2015-7499 Add xmlHaltParser() to stop the parser\n- CVE-2015-7499 Detect incoherency on GROW\n- CVE-2015-7500 Fix memory access error due to incorrect entities boundaries\n- CVE-2015-8242 Buffer overead with HTML parser in push mode\n- CVE-2015-1819 Enforce the reader to run in constant memory\n[2.9.1-6]\n- Fix missing entities after CVE-2014-3660 fix\n- CVE-2014-0191 Do not fetch external parameter entities (rhbz#1195650)\n- Fix regressions introduced by CVE-2014-0191 patch\n[2.9.1-5.1]\n- CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1149087)", "edition": 4, "modified": "2015-12-07T00:00:00", "published": "2015-12-07T00:00:00", "id": "ELSA-2015-2550", "href": "http://linux.oracle.com/errata/ELSA-2015-2550.html", "title": "libxml2 security update", "type": "oraclelinux", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:26:13", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-7499", "CVE-2015-7942"], "description": "**CentOS Errata and Security Advisory** CESA-2015:2549\n\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards.\n\nSeveral denial of service flaws were found in libxml2, a library providing\nsupport for reading, modifying, and writing XML and HTML files. A remote\nattacker could provide a specially crafted XML or HTML file that, when\nprocessed by an application using libxml2, would cause that application to\nuse an excessive amount of CPU, leak potentially sensitive information, or\nin certain cases crash the application. (CVE-2015-5312, CVE-2015-7497,\nCVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941, CVE-2015-7942,\nCVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957, BZ#1281955)\n\nRed Hat would like to thank the GNOME project for reporting CVE-2015-7497,\nCVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242,\nand CVE-2015-8317. Upstream acknowledges Kostya Serebryany of Google as the\noriginal reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and\nCVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and\nCVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317.\n\nAll libxml2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct these issues. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-December/033554.html\n\n**Affected packages:**\nlibxml2\nlibxml2-devel\nlibxml2-python\nlibxml2-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2549.html", "edition": 3, "modified": "2015-12-07T13:26:33", "published": "2015-12-07T13:26:33", "href": "http://lists.centos.org/pipermail/centos-announce/2015-December/033554.html", "id": "CESA-2015:2549", "title": "libxml2 security update", "type": "centos", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-20T18:25:08", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-1819", "CVE-2015-7499", "CVE-2015-8710", "CVE-2015-7942"], "description": "**CentOS Errata and Security Advisory** CESA-2015:2550\n\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards.\n\nSeveral denial of service flaws were found in libxml2, a library providing\nsupport for reading, modifying, and writing XML and HTML files. A remote\nattacker could provide a specially crafted XML or HTML file that, when\nprocessed by an application using libxml2, would cause that application to\nuse an excessive amount of CPU, leak potentially sensitive information, or\nin certain cases crash the application. (CVE-2015-1819, CVE-2015-5312,\nCVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941,\nCVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957,\nBZ#1281955)\n\nRed Hat would like to thank the GNOME project for reporting CVE-2015-7497,\nCVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242,\nand CVE-2015-8317. Upstream acknowledges Kostya Serebryany of Google as the\noriginal reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and\nCVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and\nCVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317.\nThe CVE-2015-1819 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll libxml2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct these issues. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-December/008930.html\n\n**Affected packages:**\nlibxml2\nlibxml2-devel\nlibxml2-python\nlibxml2-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2550.html", "edition": 5, "modified": "2015-12-07T20:38:05", "published": "2015-12-07T20:38:05", "id": "CESA-2015:2550", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-December/008930.html", "title": "libxml2 security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:42", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5312", "CVE-2015-7497", "CVE-2015-7498", "CVE-2015-7499", "CVE-2015-7500", "CVE-2015-7941", "CVE-2015-7942", "CVE-2015-8241", "CVE-2015-8242", "CVE-2015-8317"], "description": "The libxml2 library is a development toolbox providing the implementation\nof various XML standards.\n\nSeveral denial of service flaws were found in libxml2, a library providing\nsupport for reading, modifying, and writing XML and HTML files. A remote\nattacker could provide a specially crafted XML or HTML file that, when\nprocessed by an application using libxml2, would cause that application to\nuse an excessive amount of CPU, leak potentially sensitive information, or\nin certain cases crash the application. (CVE-2015-5312, CVE-2015-7497,\nCVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941, CVE-2015-7942,\nCVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957, BZ#1281955)\n\nRed Hat would like to thank the GNOME project for reporting CVE-2015-7497,\nCVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242,\nand CVE-2015-8317. Upstream acknowledges Kostya Serebryany of Google as the\noriginal reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and\nCVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and\nCVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317.\n\nAll libxml2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct these issues. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\n", "modified": "2018-06-06T20:24:06", "published": "2015-12-07T05:00:00", "id": "RHSA-2015:2549", "href": "https://access.redhat.com/errata/RHSA-2015:2549", "type": "redhat", "title": "(RHSA-2015:2549) Moderate: libxml2 security update", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-11T13:33:17", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1819", "CVE-2015-5312", "CVE-2015-7497", "CVE-2015-7498", "CVE-2015-7499", "CVE-2015-7500", "CVE-2015-7941", "CVE-2015-7942", "CVE-2015-8241", "CVE-2015-8242", "CVE-2015-8317", "CVE-2015-8710"], "description": "The libxml2 library is a development toolbox providing the implementation\nof various XML standards.\n\nSeveral denial of service flaws were found in libxml2, a library providing\nsupport for reading, modifying, and writing XML and HTML files. A remote\nattacker could provide a specially crafted XML or HTML file that, when\nprocessed by an application using libxml2, would cause that application to\nuse an excessive amount of CPU, leak potentially sensitive information, or\nin certain cases crash the application. (CVE-2015-1819, CVE-2015-5312,\nCVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941,\nCVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957,\nBZ#1281955)\n\nRed Hat would like to thank the GNOME project for reporting CVE-2015-7497,\nCVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242,\nand CVE-2015-8317. Upstream acknowledges Kostya Serebryany of Google as the\noriginal reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and\nCVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and\nCVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317.\nThe CVE-2015-1819 issue was discovered by Florian Weimer of Red Hat\nProduct Security.\n\nAll libxml2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct these issues. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.", "modified": "2018-04-12T03:33:03", "published": "2015-12-07T15:04:33", "id": "RHSA-2015:2550", "href": "https://access.redhat.com/errata/RHSA-2015:2550", "type": "redhat", "title": "(RHSA-2015:2550) Moderate: libxml2 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:58", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-7499", "CVE-2015-7942", "CVE-2015-8035"], "description": "\nreports:\n\nCVE-2015-5312 Another entity expansion issue (David Drysdale).\nCVE-2015-7497 Avoid an heap buffer overflow in\n\t xmlDictComputeFastQKey (David Drysdale).\nCVE-2015-7498 Avoid processing entities after encoding\n\t conversion failures (Daniel Veillard).\nCVE-2015-7499 (1) Add xmlHaltParser() to stop the parser\n\t (Daniel Veillard).\nCVE-2015-7499 (2) Detect incoherency on GROW (Daniel\n\t Veillard).\nCVE-2015-7500 Fix memory access error due to incorrect\n\t entities boundaries (Daniel Veillard).\nCVE-2015-7941 (1) Stop parsing on entities boundaries\n\t errors (Daniel Veillard).\nCVE-2015-7941 (2) Cleanup conditional section error\n\t handling (Daniel Veillard).\nCVE-2015-7942 Another variation of overflow in\n\t Conditional sections (Daniel Veillard).\nCVE-2015-7942 (2) Fix an error in previous Conditional\n\t section patch (Daniel Veillard).\nCVE-2015-8035 Fix XZ compression support loop\n\t (Daniel Veillard).\nCVE-2015-8242 Buffer overead with HTML parser in push\n\t mode (Hugh Davenport)\n\n", "edition": 5, "modified": "2015-11-20T00:00:00", "published": "2015-11-20T00:00:00", "id": "E5423CAF-8FB8-11E5-918C-BCAEC565249C", "href": "https://vuxml.freebsd.org/freebsd/e5423caf-8fb8-11e5-918c-bcaec565249c.html", "title": "libxml2 -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-1819", "CVE-2015-7499", "CVE-2015-7942"], "description": "**Issue Overview:**\n\nA denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory.\n\nThe xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than [CVE-2015-7941 __](<https://access.redhat.com/security/cve/CVE-2015-7941>).\n\nlibxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.\n\nA heap-based buffer overflow vulnerability was found in xmlDictComputeFastQKey in dict.c.\n\nA heap-based buffer overflow read in xmlParseMisc was found.\n\nA heap-based buffer overflow was found in xmlGROW allowing the attacker to read the memory out of bounds.\n\nA buffer overread in xmlNextChar was found, causing segmentation fault when compiled with ASAN.\n\nHeap-based buffer overflow was found in xmlParseXmlDecl. When conversion failure happens, parser continues to extract more errors which may lead to unexpected behaviour.\n\nStack-based buffer overread vulnerability with HTML parser in push mode in xmlSAX2TextNode causing segmentation fault when compiled with ASAN.\n\nA vulnerability in libxml2 was found causing DoS by exhausting CPU when parsing specially crafted XML document.\n\nAn out-of-bounds heap read in xmlParseXMLDecl happens when a file containing unfinished xml declaration.\n\n \n**Affected Packages:** \n\n\nlibxml2\n\n \n**Issue Correction:** \nRun _yum update libxml2_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n libxml2-2.9.1-6.2.50.amzn1.i686 \n libxml2-debuginfo-2.9.1-6.2.50.amzn1.i686 \n libxml2-python26-2.9.1-6.2.50.amzn1.i686 \n libxml2-python27-2.9.1-6.2.50.amzn1.i686 \n libxml2-devel-2.9.1-6.2.50.amzn1.i686 \n libxml2-static-2.9.1-6.2.50.amzn1.i686 \n \n src: \n libxml2-2.9.1-6.2.50.amzn1.src \n \n x86_64: \n libxml2-static-2.9.1-6.2.50.amzn1.x86_64 \n libxml2-python27-2.9.1-6.2.50.amzn1.x86_64 \n libxml2-debuginfo-2.9.1-6.2.50.amzn1.x86_64 \n libxml2-2.9.1-6.2.50.amzn1.x86_64 \n libxml2-python26-2.9.1-6.2.50.amzn1.x86_64 \n libxml2-devel-2.9.1-6.2.50.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2015-12-14T10:00:00", "published": "2015-12-14T10:00:00", "id": "ALAS-2015-628", "href": "https://alas.aws.amazon.com/ALAS-2015-628.html", "title": "Medium: libxml2", "type": "amazon", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-11-10T12:36:02", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-1819", "CVE-2015-7499", "CVE-2015-8710", "CVE-2015-7942"], "description": "**Issue Overview:**\n\nA denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.([CVE-2015-8242 __](<https://access.redhat.com/security/cve/CVE-2015-8242>))\n\nA denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.([CVE-2015-7500 __](<https://access.redhat.com/security/cve/CVE-2015-7500>))\n\nA denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.([CVE-2015-8317 __](<https://access.redhat.com/security/cve/CVE-2015-8317>))\n\nA denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.([CVE-2015-7497 __](<https://access.redhat.com/security/cve/CVE-2015-7497>))\n\nA denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.([CVE-2015-7498 __](<https://access.redhat.com/security/cve/CVE-2015-7498>))\n\nA denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory.([CVE-2015-1819 __](<https://access.redhat.com/security/cve/CVE-2015-1819>))\n\nA denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.([CVE-2015-7941 __](<https://access.redhat.com/security/cve/CVE-2015-7941>))\n\nA denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.([CVE-2015-7499 __](<https://access.redhat.com/security/cve/CVE-2015-7499>))\n\nA denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.([CVE-2015-8241 __](<https://access.redhat.com/security/cve/CVE-2015-8241>))\n\nA denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU.([CVE-2015-5312 __](<https://access.redhat.com/security/cve/CVE-2015-5312>))\n\nA heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash causing a denial of service.([CVE-2015-7942 __](<https://access.redhat.com/security/cve/CVE-2015-7942>))\n\nIt was discovered that libxml2 could access out-of-bounds memory when parsing unclosed HTML comments. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to disclose heap memory contents.([CVE-2015-8710 __](<https://access.redhat.com/security/cve/CVE-2015-8710>))\n\n \n**Affected Packages:** \n\n\nlibxml2\n\n \n**Issue Correction:** \nRun _yum update libxml2_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n libxml2-2.9.1-6.amzn2.3.2.aarch64 \n libxml2-devel-2.9.1-6.amzn2.3.2.aarch64 \n libxml2-static-2.9.1-6.amzn2.3.2.aarch64 \n libxml2-python-2.9.1-6.amzn2.3.2.aarch64 \n libxml2-debuginfo-2.9.1-6.amzn2.3.2.aarch64 \n \n i686: \n libxml2-2.9.1-6.amzn2.3.2.i686 \n libxml2-devel-2.9.1-6.amzn2.3.2.i686 \n libxml2-static-2.9.1-6.amzn2.3.2.i686 \n libxml2-python-2.9.1-6.amzn2.3.2.i686 \n libxml2-debuginfo-2.9.1-6.amzn2.3.2.i686 \n \n src: \n libxml2-2.9.1-6.amzn2.3.2.src \n \n x86_64: \n libxml2-2.9.1-6.amzn2.3.2.x86_64 \n libxml2-devel-2.9.1-6.amzn2.3.2.x86_64 \n libxml2-static-2.9.1-6.amzn2.3.2.x86_64 \n libxml2-python-2.9.1-6.amzn2.3.2.x86_64 \n libxml2-debuginfo-2.9.1-6.amzn2.3.2.x86_64 \n \n \n", "edition": 1, "modified": "2019-05-29T19:14:00", "published": "2019-05-29T19:14:00", "id": "ALAS2-2019-1220", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1220.html", "title": "Medium: libxml2", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:43", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2015-7498", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-1819", "CVE-2015-7499", "CVE-2015-7942", "CVE-2015-8035"], "description": "- CVE-2015-1819 (denial of service)\n\nA denial of service flaw was found in the way the libxml2 library parsed\ncertain XML files. An attacker could provide a specially crafted XML\nfile that, when parsed by an application using libxml2, could cause that\napplication to use an excessive amount of memory.\n\n- CVE-2015-5312 (denial of service)\n\nA denial of service flaw was found that is leading to CPU exhaustion\nwhen processing specially crafted XML input. The issue was within\ndetecting entities expansions in certain situations.\n\n- CVE-2015-7941 (denial of service)\n\nIt has been discovered that libxml2 does not properly stop parsing\ninvalid input, which allows context-dependent attackers to cause a\ndenial of service (out-of-bounds read and libxml2 crash) via crafted XML\ndata to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections\nfunction in parser.c, as demonstrated by non-terminated entities.\n\n- CVE-2015-7942 (denial of service)\n\nThe xmlParseConditionalSections function in parser.c in libxml2 does not\nproperly skip intermediary entities when it stops parsing invalid input,\nwhich allows context-dependent attackers to cause a denial of service\n(out-of-bounds read and crash) via crafted XML data.\n\n- CVE-2015-7497 (buffer overflow)\n\nA heap-based buffer overflow has been discovered in\nxmlDictComputeFastQKey. It was possible to hit a negative offset in the\nname indexing used to randomize the dictionary key generation.\n\n- CVE-2015-7498 (buffer overflow)\n\nA Heap-based buffer overflow was found in xmlParseXmlDecl. When\nconversion failure happens, parser continues to extract more errors\nwhich may lead to unexpected behavior.\n\n- CVE-2015-7499 (buffer overflow)\n\nA heap-based buffer overflow was found in xmlGROW allowing the attacker\nto read the memory out of bounds.\n\n- CVE-2015-7500 (buffer overflow)\n\nA Heap-based buffer overflow has been discovered in xmlParseMisc when\nnot properly handling the case where the parser popped out of the\ncurrent entity while processing a start tag.\n\n- CVE-2015-8035 (denial of service)\n\nA denial of service vulnerability has been discovered when parsing\nspecially crafted XML document while XZ support is enabled. The\nxz_decomp function in xzlib.c did not properly detect compression\nerrors, which allows context-dependent attackers to cause a denial of\nservice (process hang) via crafted XML data.\n\n- CVE-2015-8242 (buffer overflow)\n\nA stack buffer overflow has been discovered in push mode in\nxmlSAX2TextNode. It is possible to have an input cause out of bounds\nmemory to be returned to userspace through the use of libxml2, which\ncould be used to cause denial of service attacks, or gain sensitive\ninformation.", "modified": "2015-12-09T00:00:00", "published": "2015-12-09T00:00:00", "id": "ASA-201512-6", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html", "type": "archlinux", "title": "libxml2: multiple issues", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:57", "bulletinFamily": "software", "cvelist": ["CVE-2015-7497", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-7499"], "description": "USN-2834-1 libxml2 vulnerability\n\n# \n\nMedium\n\n# Vendor\n\nlibxml2\n\n# Versions Affected\n\n * Ubuntu 14.04 \n\n# Description\n\nKostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499,CVE-2015-7500)\n\nHugh Davenport discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-8241, CVE-2015-8242)\n\nHanno Boeck discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-8317)\n\nThe Cloud Foundry project released a BOSH stemcell version 3146.1 and 3155 that has the patched version of the Linux kernel. A new Cloud Foundry rootfs was also released, cflinuxfs2 v.1.22.0, that has the patches.\n\n# Affected Products and Versions\n\n_Severity is medium unless otherwise noted. \n_\n\n * All versions of Cloud Foundry BOSH stemcells prior to 3155 are vulnerable, besides patched versions of 3146.x. \n * All versions of Cloud Foundry cflinuxfs2 prior to v.1.22.0. \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with BOSH stemcells 3155 or later versions, or patched 3146.x versions, and cflinuxfs2 v.1.22.0 or later versions. \n\n# Credit\n\nKostya Serebryany, Hugh Davenport, Hanno Boeck\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-2834-1>\n * <https://bosh.io/stemcells>\n * <https://github.com/cloudfoundry/cf-release>\n", "edition": 5, "modified": "2016-01-07T00:00:00", "published": "2016-01-07T00:00:00", "id": "CFOUNDRY:1EC71DA3FB8309BFA0C5B2A494033370", "href": "https://www.cloudfoundry.org/blog/usn-2834-1/", "title": "USN-2834-1 libxml2 vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:47:49", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2015-8776", "CVE-2015-3197", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2016-0705", "CVE-2015-5312", "CVE-2015-3195", "CVE-2016-0798", "CVE-2016-0799", "CVE-2015-3194", "CVE-2016-0797", "CVE-2016-0702", "CVE-2015-8777", "CVE-2015-3196", "CVE-2015-8779", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-1819", "CVE-2015-7499", "CVE-2015-0293", "CVE-2015-8778", "CVE-2015-8710", "CVE-2016-0800", "CVE-2016-0704", "CVE-2014-9761", "CVE-2016-0703", "CVE-2015-7942", "CVE-2015-7547", "CVE-2015-8035"], "description": "This update for sles12-docker-image fixes issues with binaries and\n libraries included in the image where security updates have been made\n available in the last weeks.\n\n glibc security issues fixed:\n - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed\n remote attackers to cause a crash or execute arbitrary code via crafted\n and timed DNS responses (bsc#961721)\n - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment\n variable allowed local attackers to bypass the pointer guarding\n protection of the dynamic loader on set-user-ID and set-group-ID\n programs (bsc#950944)\n - CVE-2015-8776: Out-of-range time values passed to the strftime function\n may cause it to crash, leading to a denial of service, or potentially\n disclosure information (bsc#962736)\n - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have\n caused an out-of-bound memory access. leading to application crashes or,\n potentially, arbitrary code execution (bsc#962737)\n - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused\n applications which process long strings with the nan function to crash\n or, potentially, execute arbitrary code. (bsc#962738)\n - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen\n function could have caused applications which pass long strings to the\n catopen function to crash or, potentially execute arbitrary code.\n (bsc#962739)\n\n glibc bugs fixed:\n - bsc#955647: Resource leak in resolver\n - bsc#956716: Don't do lock elision on an error checking mutex\n - bsc#958315: Reinitialize dl_load_write_lock on fork\n\n openssl security bugs fixed: Security issues fixed:\n - CVE-2016-0800 aka the "DROWN" attack (bsc#968046): OpenSSL was\n vulnerable to a cross-protocol attack that could lead to decryption of\n TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites\n as a Bleichenbacher RSA padding oracle.\n\n This update changes the openssl library to:\n\n * Disable SSLv2 protocol support by default.\n\n This can be overridden by setting the environment variable\n "OPENSSL_ALLOW_SSL2" or by using SSL_CTX_clear_options using the\n SSL_OP_NO_SSLv2 flag.\n\n Note that various services and clients had already disabled SSL\n protocol 2 by default previously.\n\n * Disable all weak EXPORT ciphers by default. These can be reenabled if\n required by old legacy software using the environment variable\n "OPENSSL_ALLOW_EXPORT".\n\n - CVE-2016-0702 aka the "CacheBleed" attack. (bsc#968050) Various changes\n in the modular exponentation code were added that make sure that it is\n not possible to recover RSA secret keys by analyzing cache-bank\n conflicts on the Intel Sandy-Bridge microarchitecture.\n\n Note that this was only exploitable if the malicious code was running\n on the same hyper threaded Intel Sandy Bridge processor as the victim\n thread performing decryptions.\n\n - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser\n code was fixed that could be abused to facilitate a denial-of-service\n attack.\n\n - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions\n had a bug that could result in an attempt to de-reference a NULL pointer\n leading to crashes. This could have security consequences if these\n functions were ever called by user applications with large untrusted\n hex/decimal data. Also, internal usage of these functions in OpenSSL\n uses data from config files\n or application command line arguments. If user developed applications\n generated config file data based on untrusted data, then this could\n have had security consequences as well.\n\n - CVE-2016-0798 (bnc#968265) The SRP user database lookup method\n SRP_VBASE_get_by_user() had a memory leak that attackers could abuse to\n facility DoS attacks. To mitigate the issue, the seed handling in\n SRP_VBASE_get_by_user() was disabled even if the user has configured a\n seed. Applications are advised to migrate to SRP_VBASE_get1_by_user().\n\n - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr()\n and doapr_outch() functions could miscalculate the length of a string\n and attempt to access out-of-bounds memory locations. These problems\n could have enabled attacks where large amounts of untrusted data is\n passed to the BIO_*printf functions. If applications use these functions\n in this way then they could have been vulnerable. OpenSSL itself uses\n these functions when printing out human-readable dumps of ASN.1 data.\n Therefore applications that print this data could have been vulnerable\n if the data is from untrusted sources. OpenSSL command line applications\n could also have been vulnerable when they print out ASN.1 data, or if\n untrusted data is passed as command line arguments. Libssl is not\n considered directly vulnerable.\n\n - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled\n ciphers.\n\n Note that the March 1st 2016 release also references following CVEs that\n were fixed by us with CVE-2015-0293 in 2015:\n\n - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL\n prior to March 19th 2015 at which time the code was refactored to\n address vulnerability CVE-2015-0293. It would have made the above\n "DROWN" attack much easier.\n - CVE-2016-0704 (bsc#968053): "Bleichenbacher oracle in SSLv2" This issue\n only affected versions of OpenSSL prior to March 19th 2015 at which time\n the code was refactored to address vulnerability CVE-2015-0293. It would\n have made the above "DROWN" attack much easier.\n\n - CVE-2015-3194: The signature verification routines will crash with a\n NULL pointer dereference if presented with an ASN.1 signature using the\n RSA PSS algorithm and absent mask generation function parameter. Since\n these routines are used to verify certificate signature algorithms this\n can be used to crash any certificate verification operation and\n exploited in a DoS attack. Any application which performs certificate\n verification is vulnerable including OpenSSL clients and servers which\n enable client authentication. (bsc#957815)\n - CVE-2015-3195: When presented with a malformed X509_ATTRIBUTE structure\n OpenSSL would leak memory. This structure is used by the PKCS#7 and CMS\n routines so any application which reads PKCS#7 or CMS data from\n untrusted sources is affected. SSL/TLS is not affected. (bsc#957812)\n - CVE-2015-3196: If PSK identity hints are received by a multi-threaded\n client then the values were wrongly updated in the parent SSL_CTX\n structure. This could result in a race condition potentially leading to\n a double free of the identify hint data. (bsc#957813)\n\n openssl bugs fixed:\n - Avoid running OPENSSL_config twice. This avoids breaking engine loading.\n (bsc#952871)\n - Ensure that OpenSSL doesn't fall back to the default digest algorithm\n (SHA1) in case a non-FIPS algorithm was negotiated while running in FIPS\n mode. Instead, OpenSSL will refuse the digest. (bnc#958501)\n - Clear the error after setting non-fips mode (bsc#947104)\n - Improve S/390 performance on IBM z196 and z13 (bsc#954256)\n - Add support for "ciphers" providing no encryption (bsc#937085)\n\n libxml2 security issues fixed:\n - CVE-2015-8710: Parsing short unclosed HTML comment could cause\n uninitialized memory access, which allowed remote attackers to read\n contents from previous HTTP requests depending on the application\n [bsc#960674]\n - CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193]\n - CVE-2015-7941 Fix out of bound read with crafted xml input by stopping\n parsing on entities boundaries errors [bnc#951734]\n - CVE-2015-7942 Fix another variation of overflow in Conditional sections\n [bnc#951735]\n - CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018]\n - CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021]\n - CVE-2015-8317 Return if the encoding declaration is broken or encoding\n conversion failed [bnc#956260]\n - CVE-2015-5312 Fix another entity expansion issue [bnc#957105]\n - CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey\n [bnc#957106]\n - CVE-2015-7498 Processes entities after encoding conversion failures\n [bnc#957107]\n - CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect\n incoherency on GROW [bnc#957109]\n - CVE-2015-8317 Multiple out-of-bound read could lead to denial of service\n [bnc#956260]\n - CVE-2015-8035 DoS when parsing specially crafted XML document if XZ\n support is enabled [bnc#954429]\n - CVE-2015-7500 Fix memory access error due to incorrect entities\n boundaries [bnc#957110]\n\n And other security and non-security updates found in the SUSE Linux\n Enterprise 12 GA line.\n\n", "edition": 1, "modified": "2016-03-16T15:28:52", "published": "2016-03-16T15:28:52", "id": "SUSE-SU-2016:0786-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00055.html", "type": "suse", "title": "Security update for sles12-docker-image (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2017-01-16T22:59:29", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2016-3705", "CVE-2016-1840", "CVE-2016-1836", "CVE-2015-7498", "CVE-2015-5312", "CVE-2016-3627", "CVE-2016-4483", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-1819", "CVE-2015-7499", "CVE-2016-1838", "CVE-2016-5131", "CVE-2016-1839", "CVE-2015-8806", "CVE-2016-2073", "CVE-2016-4658", "CVE-2015-7942", "CVE-2015-8035"], "edition": 1, "description": "### Background\n\nlibxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user or automated system to process a specially crafted XML document, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libxml2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/libxml2-2.9.4-r1\"", "modified": "2017-01-16T00:00:00", "published": "2017-01-16T00:00:00", "href": "https://security.gentoo.org/glsa/201701-37", "id": "GLSA-201701-37", "title": "libxml2: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "apple": [{"lastseen": "2020-12-24T20:43:34", "bulletinFamily": "software", "cvelist": ["CVE-2015-8659", "CVE-2016-1783", "CVE-2015-5312", "CVE-2016-1762", "CVE-2016-1752", "CVE-2016-1740", "CVE-2016-1775", "CVE-2015-7500", "CVE-2016-0802", "CVE-2015-8242", "CVE-2015-1819", "CVE-2015-7499", "CVE-2016-1754", "CVE-2016-1950", "CVE-2016-1750", "CVE-2016-1748", "CVE-2016-0801", "CVE-2016-1755", "CVE-2016-1751", "CVE-2016-1784", "CVE-2016-1753", "CVE-2015-7942", "CVE-2015-8035"], "description": "For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the [Apple Product Security](<https://www.apple.com/support/security/>) website.\n\nFor information about the Apple Product Security PGP Key, see [How to use the Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nWhere possible, [CVE IDs](<http://cve.mitre.org/about/>) are used to reference the vulnerabilities for further information.\n\nTo learn about other security updates, see [Apple security updates](<https://support.apple.com/kb/HT201222>).\n\n## tvOS 9.2\n\n * **FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **HTTPProtocol**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0.\n\nCVE-ID\n\nCVE-2015-8659\n\n * **IOHIDFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to determine kernel memory layout\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1748 : Brandon Azad\n\n * **Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-ID\n\nCVE-2016-1750 : CESG\n\n * **Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple integer overflows were addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to bypass code signing\n\nDescription: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed through improved permission validation.\n\nCVE-ID\n\nCVE-2016-1751 : Eric Monti of Square Mobile Security\n\n * **Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\n\nCVE-2016-1755 : Ian Beer of Google Project Zero\n\n * **Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1752 : CESG\n\n * **libxml2**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2015-1819\n\nCVE-2015-5312 : David Drysdale of Google\n\nCVE-2015-7499\n\nCVE-2015-7500 : Kostya Serebryany of Google\n\nCVE-2015-7942 : Kostya Serebryany of Google\n\nCVE-2015-8035 : gustavo.grieco\n\nCVE-2015-8242 : Hugh Davenport\n\nCVE-2016-1762\n\n * **Security**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\n * **TrueTypeScaler**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1783 : Mihai Parparita of Google\n\n * **WebKit History**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and \u674e\u666e\u541b of \u65e0\u58f0\u4fe1\u606f\u6280\u672fPKAV Team (PKAV.net)\n\n * **Wi-Fi**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker with a privileged network position may be able to execute arbitrary code\n\nDescription: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling.\n\nCVE-ID\n\nCVE-2016-0801 : an anonymous researcher\n\nCVE-2016-0802 : an anonymous researcher\n", "edition": 2, "modified": "2017-01-23T03:54:34", "published": "2017-01-23T03:54:34", "id": "APPLE:HT206169", "href": "https://support.apple.com/kb/HT206169", "title": "About the security content of tvOS 9.2 - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:05", "bulletinFamily": "software", "cvelist": ["CVE-2016-1725", "CVE-2015-8659", "CVE-2015-5312", "CVE-2016-1761", "CVE-2016-1762", "CVE-2016-1722", "CVE-2016-1752", "CVE-2016-1720", "CVE-2016-1727", "CVE-2016-1740", "CVE-2016-1775", "CVE-2016-1723", "CVE-2016-1726", "CVE-2015-7500", "CVE-2016-0802", "CVE-2015-8242", "CVE-2016-1721", "CVE-2015-1819", "CVE-2015-7499", "CVE-2016-1724", "CVE-2016-1754", "CVE-2016-1950", "CVE-2016-1750", "CVE-2016-1748", "CVE-2016-1717", "CVE-2016-0801", "CVE-2016-1755", "CVE-2016-1751", "CVE-2016-1719", "CVE-2016-1753", "CVE-2015-7995", "CVE-2016-1788", "CVE-2015-7942", "CVE-2015-8035"], "description": "For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the [Apple Product Security](<https://www.apple.com/support/security/>) website.\n\nFor information about the Apple Product Security PGP Key, see [How to use the Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nWhere possible, [CVE IDs](<http://cve.mitre.org/about/>) are used to reference the vulnerabilities for further information.\n\nTo learn about other security updates, see [Apple security updates](<https://support.apple.com/kb/HT201222>).\n\n## watchOS 2.2\n\n * **Disk Images**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team\n\n * **FontParser**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **HTTPProtocol**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0.\n\nCVE-ID\n\nCVE-2015-8659\n\n * **IOHIDFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1719 : Ian Beer of Google Project Zero\n\n * **IOHIDFamily**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to determine kernel memory layout\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1748 : Brandon Azad\n\n * **Kernel**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1720 : Ian Beer of Google Project Zero\n\nCVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend Micro\n\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\n\nCVE-2016-1755 : Ian Beer of Google Project Zero\n\n * **Kernel**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-ID\n\nCVE-2016-1750 : CESG\n\n * **Kernel**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple integer overflows were addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **Kernel**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to bypass code signing\n\nDescription: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed through improved permission validation.\n\nCVE-ID\n\nCVE-2016-1751 : Eric Monti of Square Mobile Security\n\n * **Kernel**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1752 : CESG\n\n * **libxml2**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2015-1819\n\nCVE-2015-5312 : David Drysdale of Google\n\nCVE-2015-7499\n\nCVE-2015-7500 : Kostya Serebryany of Google\n\nCVE-2015-7942 : Kostya Serebryany of Google\n\nCVE-2015-8035 : gustavo.grieco\n\nCVE-2015-8242 : Hugh Davenport\n\nCVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI)\n\nCVE-2016-1762\n\n * **libxslt**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2015-7995 : puzzor \n\n * **Messages**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments\n\nDescription: A cryptographic issue was addressed by rejecting duplicate messages on the client.\n\nCVE-ID\n\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University\n\n * **Security**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Processing a maliciously crafted certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\n * **syslog**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs\n\n * **TrueTypeScaler**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **WebKit**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1723 : Apple\n\nCVE-2016-1724 : Apple\n\nCVE-2016-1725 : Apple\n\nCVE-2016-1726 : Apple\n\nCVE-2016-1727 : Apple\n\n * **Wi-Fi**\n\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes\n\nImpact: An attacker with a privileged network position may be able to execute arbitrary code\n\nDescription: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling.\n\nCVE-ID\n\nCVE-2016-0801 : an anonymous researcher\n\nCVE-2016-0802 : an anonymous researcher\n", "edition": 2, "modified": "2017-01-23T03:54:34", "published": "2017-01-23T03:54:34", "id": "APPLE:HT206168", "href": "https://support.apple.com/kb/HT206168", "title": "About the security content of watchOS 2.2 - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:47", "bulletinFamily": "software", "cvelist": ["CVE-2016-1734", "CVE-2015-8659", "CVE-2016-1760", "CVE-2016-1766", "CVE-2016-1783", "CVE-2016-1758", "CVE-2015-5312", "CVE-2016-1864", "CVE-2016-1782", "CVE-2016-1761", "CVE-2016-1762", "CVE-2016-1781", "CVE-2016-1756", "CVE-2016-1785", "CVE-2016-1752", "CVE-2016-1740", "CVE-2016-1775", "CVE-2016-1763", "CVE-2015-7500", "CVE-2016-0802", "CVE-2016-1779", "CVE-2015-8242", "CVE-2016-1757", "CVE-2015-1819", "CVE-2015-7499", "CVE-2016-1780", "CVE-2016-1754", "CVE-2016-1950", "CVE-2016-1750", "CVE-2016-1748", "CVE-2016-0801", "CVE-2016-1755", "CVE-2016-1778", "CVE-2016-1751", "CVE-2016-1784", "CVE-2016-1753", "CVE-2016-1788", "CVE-2015-7942", "CVE-2015-8035", "CVE-2016-1786"], "description": "For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the [Apple Product Security](<https://www.apple.com/support/security/>) website.\n\nFor information about the Apple Product Security PGP Key, see [How to use the Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nWhere possible, [CVE IDs](<http://cve.mitre.org/about/>) are used to reference the vulnerabilities for further information.\n\nTo learn about other security updates, see [Apple security updates](<https://support.apple.com/kb/HT201222>).\n\n## iOS 9.3\n\n * **AppleUSBNetworking**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A USB device may be able to cause a denial of service\n\nDescription: An error handling issue existed in packet validation. This issue was addressed through improved error handling.\n\nCVE-ID\n\nCVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path\n\n * **FontParser**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **HTTPProtocol**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0.\n\nCVE-ID\n\nCVE-2015-8659\n\n * **IOHIDFamily**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to determine kernel memory layout\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1748 : Brandon Azad\n\n * **Kernel**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1752 : CESG\n\n * **Kernel**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-ID\n\nCVE-2016-1750 : CESG\n\n * **Kernel**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple integer overflows were addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **Kernel**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to bypass code signing\n\nDescription: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed through improved permission validation.\n\nCVE-ID\n\nCVE-2016-1751 : Eric Monti of Square Mobile Security\n\n * **Kernel**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition existed during the creation of new processes. This was addressed through improved state handling.\n\nCVE-ID\n\nCVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vila\u00e7a\n\n * **Kernel**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team\n\n * **Kernel**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\n\nCVE-2016-1755 : Ian Beer of Google Project Zero\n\n * **Kernel**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1758 : Brandon Azad\n\n * **LaunchServices**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An application may be able to modify events from other applications\n\nDescription: An event handler validation issue existed in the XPC Services API. This issue was addressed through improved message validation.\n\nCVE-ID\n\nCVE-2016-1760 : Proteas of Qihoo 360 Nirvan Team\n\n * **libxml2**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2015-1819\n\nCVE-2015-5312 : David Drysdale of Google\n\nCVE-2015-7499\n\nCVE-2015-7500 : Kostya Serebryany of Google\n\nCVE-2015-7942 : Kostya Serebryany of Google\n\nCVE-2015-8035 : gustavo.grieco\n\nCVE-2015-8242 : Hugh Davenport\n\nCVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI)\n\nCVE-2016-1762\n\n * **Messages**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may auto-fill text into other Message threads\n\nDescription: An issue existed in the parsing of SMS URLs. This issue was addressed through improved URL validation.\n\nCVE-ID\n\nCVE-2016-1763 : CityTog\n\n * **Messages**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments\n\nDescription: A cryptographic issue was addressed by rejecting duplicate messages on the client.\n\nCVE-ID\n\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University\n\n * **Profiles**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An untrusted MDM profile may be incorrectly displayed as verified\n\nDescription: A certificate validation issue existed in MDM profiles. This was addressed through additional checks.\n\nCVE-ID\n\nCVE-2016-1766 : Taylor Boyko working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **Security**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Processing a maliciously crafted certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\n * **TrueTypeScaler**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI) and Yang Zhao of CM Security\n\nCVE-2016-1783 : Mihai Parparita of Google\n\n * **WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A website may be able to track sensitive user information\n\nDescription: An issue existed in the handling of attachment URLs. This issue was addressed through improved URL handling.\n\nCVE-ID\n\nCVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.\n\n * **WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A website may be able to track sensitive user information\n\nDescription: A hidden web page may be able to access device-orientation and device-motion data. This issue was addressed by suspending the availability of this data when the web view is hidden.\n\nCVE-ID\n\nCVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, and Feng Hao of the School of Computing Science, Newcastle University, UK\n\n * **WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a maliciously crafted website may reveal a user's current location\n\nDescription: An issue existed in the parsing of geolocation requests. This was addressed through improved validation of the security origin for geolocation requests.\n\nCVE-ID\n\nCVE-2016-1779 : xisigr of Tencent's Xuanwu Lab (http://www.tencent.com)\n\n * **WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A malicious website may be able to access restricted ports on arbitrary servers\n\nDescription: A port redirection issue was addressed through additional port validation.\n\nCVE-ID\n\nCVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd.\n\n * **WebKit**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Opening a maliciously crafted URL may lead to the disclosure of sensitive user information\n\nDescription: An issue existed in URL redirection when XSS auditor was used in block mode. This issue was addressed through improved URL navigation.\n\nCVE-ID\n\nCVE-2016-1864 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc.\n\n * **WebKit History**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Processing maliciously crafted web content may lead to an unexpected Safari crash\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and \u674e\u666e\u541b of \u65e0\u58f0\u4fe1\u606f\u6280\u672fPKAV Team (PKAV.net)\n\n * **WebKit Page Loading**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: Visiting a malicious website may lead to user interface spoofing\n\nDescription: Redirect responses may have allowed a malicious website to display an arbitrary URL and read cached contents of the destination origin. This issue was addressed through improved URL display logic.\n\nCVE-ID\n\nCVE-2016-1786 : ma.la of LINE Corporation\n\n * **WebKit Page Loading**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A caching issue existed with character encoding. This was addressed through additional request checking.\n\nCVE-ID\n\nCVE-2016-1785 : an anonymous researcher\n\n * **Wi-Fi**\n\nAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later\n\nImpact: An attacker with a privileged network position may be able to execute arbitrary code\n\nDescription: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling.\n\nCVE-ID\n\nCVE-2016-0801 : an anonymous researcher\n\nCVE-2016-0802 : an anonymous researcher\n", "edition": 2, "modified": "2017-01-23T03:54:34", "published": "2017-01-23T03:54:34", "id": "APPLE:HT206166", "href": "https://support.apple.com/kb/HT206166", "title": "About the security content of iOS 9.3 - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:08", "bulletinFamily": "software", "cvelist": ["CVE-2016-1746", "CVE-2016-1734", "CVE-2015-8659", "CVE-2016-1773", "CVE-2015-8126", "CVE-2016-1768", "CVE-2016-1758", "CVE-2015-5312", "CVE-2016-1761", "CVE-2015-3195", "CVE-2016-1744", "CVE-2016-1762", "CVE-2016-1737", "CVE-2015-7551", "CVE-2016-1738", "CVE-2016-1756", "CVE-2015-5334", "CVE-2016-1747", "CVE-2016-1752", "CVE-2016-1736", "CVE-2016-1740", "CVE-2016-1743", "CVE-2016-1775", "CVE-2016-1749", "CVE-2015-7500", "CVE-2016-0802", "CVE-2015-8242", "CVE-2016-1770", "CVE-2016-1757", "CVE-2015-1819", "CVE-2015-7499", "CVE-2016-1741", "CVE-2016-1759", "CVE-2016-1745", "CVE-2016-1732", "CVE-2016-1769", "CVE-2016-1754", "CVE-2015-0973", "CVE-2016-1950", "CVE-2016-1750", "CVE-2016-1748", "CVE-2014-9495", "CVE-2016-0801", "CVE-2015-8472", "CVE-2016-1764", "CVE-2016-0778", "CVE-2016-1755", "CVE-2016-1767", "CVE-2015-5333", "CVE-2016-1753", "CVE-2016-1733", "CVE-2016-1788", "CVE-2016-1735", "CVE-2015-7942", "CVE-2015-8035", "CVE-2016-0777"], "description": "For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the [Apple Product Security](<https://www.apple.com/support/security/>) website.\n\nFor information about the Apple Product Security PGP Key, see [How to use the Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nWhere possible, [CVE IDs](<http://cve.mitre.org/about/>) are used to reference the vulnerabilities for further information.\n\nTo learn about other security updates, see [Apple security updates](<https://support.apple.com/kb/HT201222>).\n\n## OS X El Capitan 10.11.4 and Security Update 2016-002\n\n * **apache_mod_php**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3\n\nImpact: Processing a maliciously crafted .png file may lead to arbitrary code execution\n\nDescription: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20.\n\nCVE-ID\n\nCVE-2015-8126 : Adam Mari\u0161\n\nCVE-2015-8472 : Adam Mari\u0161\n\n * **AppleRAID**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team\n\n * **AppleRAID**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team\n\n * **AppleUSBNetworking**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: A USB device may be able to cause a denial of service\n\nDescription: An error handling issue existed in packet validation. This issue was addressed through improved error handling.\n\nCVE-ID\n\nCVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path\n\n * **Bluetooth**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1735 : Jeonghoon Shin@A.D.D\n\nCVE-2016-1736 : beist and ABH of BoB\n\n * **Carbon**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.\n\nCVE-ID\n\nCVE-2016-1737 : HappilyCoded (ant4g0nist &r3dsm0k3)\n\n * **dyld**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context\n\nDescription: A code signing verification issue existed in dyld. This issue was addressed with improved validation.\n\nCVE-ID\n\nCVE-2016-1738 : beist and ABH of BoB\n\n * **FontParser**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **HTTPProtocol**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0.\n\nCVE-ID\n\nCVE-2015-8659\n\n * **Intel Graphics Driver**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1743 : Piotr Bania of Cisco Talos\n\nCVE-2016-1744 : Ian Beer of Google Project Zero\n\n * **IOFireWireFamily**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: A local user may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1745 : sweetchip of Grayhash\n\n * **IOGraphics**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)\n\nCVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **IOHIDFamily**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to determine kernel memory layout\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1748 : Brandon Azad\n\n * **IOUSBFamily**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **Kernel**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-ID\n\nCVE-2016-1750 : CESG\n\n * **Kernel**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition existed during the creation of new processes. This was addressed through improved state handling.\n\nCVE-ID\n\nCVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vila\u00e7a\n\n * **Kernel**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team\n\n * **Kernel**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\n\nCVE-2016-1755 : Ian Beer of Google Project Zero\n\nCVE-2016-1759 : lokihardt\n\n * **Kernel**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1758 : Brandon Azad\n\n * **Kernel**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple integer overflows were addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **Kernel**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1752 : CESG\n\n * **libxml2**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3\n\nImpact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2015-1819\n\nCVE-2015-5312 : David Drysdale of Google\n\nCVE-2015-7499\n\nCVE-2015-7500 : Kostya Serebryany of Google\n\nCVE-2015-7942 : Kostya Serebryany of Google\n\nCVE-2015-8035 : gustavo.grieco\n\nCVE-2015-8242 : Hugh Davenport\n\nCVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI)\n\nCVE-2016-1762\n\n * **Messages**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: Clicking a JavaScript link can reveal sensitive user information\n\nDescription: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks.\n\nCVE-ID\n\nCVE-2016-1764 : Matthew Bryant of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox\n\n * **Messages**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments\n\nDescription: A cryptographic issue was addressed by rejecting duplicate messages on the client.\n\nCVE-ID\n\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University\n\n * **NVIDIA Graphics Drivers**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1741 : Ian Beer of Google Project Zero\n\n * **OpenSSH**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3\n\nImpact: Connecting to a server may leak sensitive user information, such as a client's private keys\n\nDescription: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client.\n\nCVE-ID\n\nCVE-2016-0777 : Qualys\n\nCVE-2016-0778 : Qualys\n\n * **OpenSSH**\n\nAvailable for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\n\nImpact: Multiple vulnerabilities in LibreSSL\n\nDescription: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8.\n\nCVE-ID\n\nCVE-2015-5333 : Qualys\n\nCVE-2015-5334 : Qualys\n\n * **OpenSSL**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh.\n\nCVE-ID\n\nCVE-2015-3195\n\n * **Python**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3\n\nImpact: Processing a maliciously crafted .png file may lead to arbitrary code execution\n\nDescription: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20.\n\nCVE-ID\n\nCVE-2014-9495\n\nCVE-2015-0973\n\nCVE-2015-8126 : Adam Mari\u0161\n\nCVE-2015-8472 : Adam Mari\u0161\n\n * **QuickTime**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1767 : Francis Provencher from COSIG\n\nCVE-2016-1768 : Francis Provencher from COSIG\n\n * **QuickTime**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1769 : Francis Provencher from COSIG\n\n * **Reminders**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: Clicking a tel link can make a call without prompting the user\n\nDescription: A user was not prompted before invoking a call. This was addressed through improved entitlement checks.\n\nCVE-ID\n\nCVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca\n\n * **Ruby**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: A local attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648.\n\nCVE-ID\n\nCVE-2015-7551\n\n * **Security**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: A local user may be able to check for the existence of arbitrary files\n\nDescription: A permissions issue existed in code signing tools. This was addressed though additional ownership checks.\n\nCVE-ID\n\nCVE-2016-1773 : Mark Mentovai of Google Inc.\n\n * **Security**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: Processing a maliciously crafted certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\n * **Tcl**\n\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3\n\nImpact: Processing a maliciously crafted .png file may lead to arbitrary code execution\n\nDescription: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by removing libpng.\n\nCVE-ID\n\nCVE-2015-8126\n\n * **TrueTypeScaler**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **Wi-Fi**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An attacker with a privileged network position may be able to execute arbitrary code\n\nDescription: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling.\n\nCVE-ID\n\nCVE-2016-0801 : an anonymous researcher\n\nCVE-2016-0802 : an anonymous researcher\n\nOS X El Capitan 10.11.4 includes the security content of [Safari 9.1](<https://support.apple.com/kb/HT206171>).\n", "edition": 2, "modified": "2017-01-23T03:54:34", "published": "2017-01-23T03:54:34", "id": "APPLE:HT206167", "href": "https://support.apple.com/kb/HT206167", "title": "About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}