Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2017-BE8574D593.NASL
HistoryApr 20, 2017 - 12:00 a.m.

Fedora 24 : libxml2 (2017-be8574d593)

2017-04-2000:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
JSON

Update to latest upstream release, includes several security related fixes.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2017-be8574d593.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(99492);
  script_version("3.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4658", "CVE-2016-5131", "CVE-2016-9318", "CVE-2017-5969");
  script_xref(name:"FEDORA", value:"2017-be8574d593");

  script_name(english:"Fedora 24 : libxml2 (2017-be8574d593)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Update to latest upstream release, includes several security related
fixes.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-be8574d593"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libxml2 package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libxml2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/20");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC24", reference:"libxml2-2.9.4-2.fc24")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2");
}
VendorProductVersionCPE
fedoraprojectfedoralibxml2p-cpe:/a:fedoraproject:fedora:libxml2
fedoraprojectfedora24cpe:/o:fedoraproject:fedora:24

References

Related

fedora 2
openvas 21
nessus 47
redhat 3
amazon 1
ibm 30
oraclelinux 2
mageia 1
centos 1
altlinux 3
suse 4
freebsd 1
symantec 1
archlinux 2
cloudfoundry 2
debian 7
ubuntu 2
slackware 1
osv 37
veracode 7
f5 2
hackerone 2
rubygems 1
prion 3
debiancve 3
redhatcve 3
cve 2
ubuntucve 2
alpinelinux 2
cloudlinux 1
github 1
gentoo 1
zdt 1
fedora
fedora
[SECURITY] Fedora 25 Update: libxml2-2.9.4-2.fc25
2017-04-19 09:32:17
[SECURITY] Fedora 24 Update: libxml2-2.9.4-2.fc24
2017-04-19 07:53:28
openvas
openvas
Fedora Update for libxml2 FEDORA-2017-be8574d593
2017-04-20 00:00:00
Fedora Update for libxml2 FEDORA-2017-a3a47973eb
2017-04-20 00:00:00
RedHat Update for libxml2 RHSA-2016:1292-01
2016-06-24 00:00:00
nessus
nessus
Fedora 25 : libxml2 (2017-a3a47973eb)
2017-04-20 00:00:00
CentOS 6 / 7 : libxml2 (CESA-2016:1292)
2016-06-24 00:00:00
Oracle Linux 6 / 7 : libxml2 (ELSA-2016-1292)
2016-06-24 00:00:00
redhat
redhat
(RHSA-2016:1292) Important: libxml2 security update
2016-06-23 08:21:08
(RHSA-2021:3810) Moderate: libxml2 security update
2021-10-12 13:23:35
(RHSA-2016:2957) Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release
2016-12-15 22:02:12
amazon
amazon
Important: libxml2
2016-07-14 16:30:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Security Network Protection
2018-06-16 21:44:27
Security Bulletin: Libxml2 vulnerabilities affect IBM SmartCloud Entry
2020-07-19 00:49:12
Security Bulletin: Multiple vulnerabilities in libxml2 affect PowerKVM
2018-06-18 01:33:00
oraclelinux
oraclelinux
libxml2 security update
2016-06-23 00:00:00
libxml2 security update
2021-10-13 00:00:00
mageia
mageia
Updated libxml2 packages fix security vulnerability
2016-07-27 00:59:16
centos
centos
libxml2 security update
2016-06-23 15:28:21
altlinux
altlinux
Security fix for the ALT Linux 8 package libxml2 version 1:2.9.4.0.12.e905-alt1
2017-03-07 00:00:00
Security fix for the ALT Linux 9 package libxml2 version 1:2.9.4.0.12.e905-alt1
2017-03-03 00:00:00
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.4.0.12.e905-alt1
2017-03-03 00:00:00
suse
suse
Security update for libxml2 (important)
2016-06-09 18:07:56
Security update for libxml2 (important)
2016-06-16 13:10:48
Security update for libxml2 (important)
2016-06-17 15:08:25
freebsd
freebsd
libxml2 -- multiple vulnerabilities
2016-05-23 00:00:00
symantec
symantec
SA129 : Multiple libxml2 Vulnerabilities
2016-09-01 08:00:00
archlinux
archlinux
libxml2: multiple issues
2016-05-26 00:00:00
[ASA-201611-2] libxml2: arbitrary code execution
2016-11-01 00:00:00
cloudfoundry
cloudfoundry
USN-2994-1 libxml2 vulnerabilities | Cloud Foundry
2016-06-13 00:00:00
USN-3235-1: libxml2 vulnerabilities | Cloud Foundry
2017-03-31 00:00:00
debian
debian
[SECURITY] [DSA 3593-1] libxml2 security update
2016-06-02 20:28:31
[SECURITY] [DSA 3593-1] libxml2 security update
2016-06-02 20:28:31
[SECURITY] [DLA 503-1] libxml2 security update
2016-06-03 19:22:01
ubuntu
ubuntu
libxml2 vulnerabilities
2016-06-06 00:00:00
libxml2 vulnerabilities
2017-03-16 00:00:00
slackware
slackware
[slackware-security] libxml2
2016-05-27 23:33:14
osv
osv
libxml2 - security update
2016-10-31 00:00:00
CVE-2016-3709
2022-07-28 17:15:07
CVE-2016-4483
2017-04-11 16:59:00
veracode
veracode
Copy-Paste Vulnerability (CPV) Through Libxml2
2017-03-23 01:10:27
XML External Entity (XXE)
2018-11-27 06:08:51
XML External Entity (XXE) Via Libxml2
2017-02-23 06:14:12
f5
f5
K24322529 : libxml2 vulnerabilities CVE-2016-4447 and CVE-2016-4449
2016-12-07 00:00:00
K49419538 : libxml2 vulnerability CVE 2016-4658
2022-04-05 00:00:00
hackerone
hackerone
Internet Bug Bounty: Multiple issues in Libxml2 (2.9.2 - 2.9.5)
2017-11-27 06:37:31
Internet Bug Bounty: CVE-2017-5969: libxml2 when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference)
2017-08-23 18:59:34
rubygems
rubygems
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
2017-03-10 21:00:00
prion
prion
Xxe
2016-11-16 00:59:00
Memory corruption
2016-09-25 10:59:00
Null pointer dereference
2017-04-11 16:59:00
debiancve
debiancve
CVE-2016-9318
2016-11-16 00:59:00
CVE-2017-5969
2017-04-11 16:59:00
CVE-2016-4658
2016-09-25 10:59:00
redhatcve
redhatcve
CVE-2016-9318
2016-11-16 10:17:17
CVE-2016-4658
2016-10-13 09:47:26
CVE-2017-5969
2017-02-14 10:18:56
cve
cve
CVE-2016-9318
2016-11-16 00:59:00
CVE-2016-4658
2016-09-25 10:59:00
ubuntucve
ubuntucve
CVE-2016-9318
2016-11-15 00:00:00
CVE-2017-5969
2017-04-11 00:00:00
alpinelinux
alpinelinux
CVE-2016-9318
2016-11-16 00:59:00
CVE-2017-5969
2017-04-11 16:59:00
cloudlinux
cloudlinux
libxml2: Fix of CVE-2016-4658
2023-11-07 18:21:51
github
github
Nokogiri does not forbid namespace nodes in XPointer ranges
2018-08-21 19:03:26
gentoo
gentoo
libxml2: Multiple vulnerabilities
2017-01-16 00:00:00
zdt
zdt
libxml2 - xmlDictAddString Heap Based Buffer Overread
2016-02-24 00:00:00
JSON
Related for FEDORA_2017-BE8574D593.NASL
fedora2openvas21nessus47redhat3amazon1ibm30oraclelinux2mageia1centos1altlinux3suse4freebsd1symantec1archlinux2cloudfoundry2debian7ubuntu2slackware1osv37veracode7f52hackerone2rubygems1prion3debiancve3redhatcve3cve2ubuntucve2alpinelinux2cloudlinux1github1gentoo1zdt1