Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 Tenable Network Security, Inc.OPENSUSE-2016-662.NASL
HistoryJun 01, 2016 - 12:00 a.m.

openSUSE Security Update : libxml2 (openSUSE-2016-662)

2016-06-0100:00:00
This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.
www.tenable.com
11
JSON

libxml2 was updated to fix security issues and a regression from the last version update.

Security issues fixed :

  • CVE-2016-3627: Fixed stack exhaustion while parsing certain XML files in recovery mode (bnc#972335).

  • CVE-2016-3705: Improved protection against the Billion Laughs Attack (bnc#975947).

Regression fixed :

  • Fixed XML push parser that fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer [bnc#962796]
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-662.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(91409);
  script_version("2.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2016-3627", "CVE-2016-3705");

  script_name(english:"openSUSE Security Update : libxml2 (openSUSE-2016-662)");
  script_summary(english:"Check for the openSUSE-2016-662 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"libxml2 was updated to fix security issues and a regression from the
last version update.

Security issues fixed :

  - CVE-2016-3627: Fixed stack exhaustion while parsing
    certain XML files in recovery mode (bnc#972335).

  - CVE-2016-3705: Improved protection against the Billion
    Laughs Attack (bnc#975947).

Regression fixed :

  - Fixed XML push parser that fails with bogus UTF-8
    encoding error when multi-byte character in large CDATA
    section is split across buffer [bnc#962796]"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=962796"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=972335"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=975947"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libxml2 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libxml2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libxml2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libxml2-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/05/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.2", reference:"libxml2-2-2.9.3-7.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libxml2-2-debuginfo-2.9.3-7.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libxml2-debugsource-2.9.3-7.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libxml2-devel-2.9.3-7.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libxml2-tools-2.9.3-7.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libxml2-tools-debuginfo-2.9.3-7.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"python-libxml2-2.9.3-7.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"python-libxml2-debuginfo-2.9.3-7.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"python-libxml2-debugsource-2.9.3-7.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libxml2-2-32bit-2.9.3-7.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libxml2-2-debuginfo-32bit-2.9.3-7.11.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libxml2-devel-32bit-2.9.3-7.11.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2-2 / libxml2-2-32bit / libxml2-2-debuginfo / etc");
}
VendorProductVersionCPE
novellopensuselibxml2-2p-cpe:/a:novell:opensuse:libxml2-2
novellopensuselibxml2-2-32bitp-cpe:/a:novell:opensuse:libxml2-2-32bit
novellopensuselibxml2-2-debuginfop-cpe:/a:novell:opensuse:libxml2-2-debuginfo
novellopensuselibxml2-2-debuginfo-32bitp-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit
novellopensuselibxml2-debugsourcep-cpe:/a:novell:opensuse:libxml2-debugsource
novellopensuselibxml2-develp-cpe:/a:novell:opensuse:libxml2-devel
novellopensuselibxml2-devel-32bitp-cpe:/a:novell:opensuse:libxml2-devel-32bit
novellopensuselibxml2-toolsp-cpe:/a:novell:opensuse:libxml2-tools
novellopensuselibxml2-tools-debuginfop-cpe:/a:novell:opensuse:libxml2-tools-debuginfo
novellopensusepython-libxml2p-cpe:/a:novell:opensuse:python-libxml2
Rows per page:
1-10 of 131

Related

mageia 1
f5 2
ibm 27
nessus 27
openvas 25
redhatcve 3
veracode 4
prion 5
cve 5
ubuntucve 5
debiancve 5
packetstorm 1
archlinux 1
suse 6
freebsd 1
oraclelinux 1
debian 3
altlinux 3
centos 1
redhat 2
amazon 1
ubuntu 1
symantec 1
cloudfoundry 1
gentoo 1
osv 35
tenable 1
mageia
mageia
Updated libxml2 packages fix security vulnerability
2016-05-20 14:38:30
f5
f5
SOL54225343 - libxml2 vulnerabilities CVE-2016-3627 and CVE-2016-3705
2016-07-18 00:00:00
K54225343 : libxml2 vulnerabilities CVE-2016-3627 and CVE-2016-3705
2016-07-18 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in libxml2 affect IBM Virtual Fabric 10Gb Switch Module (CVE-2016-3627 CVE-2016-3705)
2019-01-31 02:25:02
Security Bulletin: Vulnerabilities in XML processing affect IBM DataPower Gateways
2018-06-15 07:06:13
Security Bulletin: Vulnerability in libxml2 affects IBM Streams (CVE-2016-3705)
2018-06-16 13:43:11
nessus
nessus
F5 Networks BIG-IP : libxml2 vulnerabilities (K54225343)
2016-12-21 00:00:00
openSUSE Security Update : libxml2 (openSUSE-2016-583)
2016-05-16 00:00:00
SUSE SLES11 Security Update : libxml2 (SUSE-SU-2016:1205-1)
2016-05-04 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2016-0187)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1205-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1204-1)
2021-04-19 00:00:00
redhatcve
redhatcve
CVE-2016-3705
2016-05-04 07:49:11
CVE-2016-9597
2016-12-22 20:47:32
CVE-2016-4483
2016-05-04 07:49:18
veracode
veracode
Denial Of Service (DoS)
2018-05-23 08:03:32
Denial Of Service (DoS)
2019-05-02 05:34:53
Denial Of Service (DoS) Through Embedded C Library
2017-05-18 06:54:39
prion
prion
Design/Logic Flaw
2016-05-17 14:08:00
Code injection
2016-05-17 14:08:00
Stack overflow
2018-07-30 14:29:00
cve
cve
CVE-2016-3705
2016-05-17 14:08:00
CVE-2016-3627
2016-05-17 14:08:00
CVE-2016-9597
2018-07-30 14:29:00
ubuntucve
ubuntucve
CVE-2016-3705
2016-05-17 00:00:00
CVE-2016-3627
2016-05-17 00:00:00
CVE-2016-9597
2018-07-30 00:00:00
debiancve
debiancve
CVE-2016-3705
2016-05-17 14:08:00
CVE-2016-3627
2016-05-17 14:08:00
CVE-2016-9597
2018-07-30 14:29:00
packetstorm
packetstorm
libxml 2.9.2 Stack Overflow
2016-05-03 00:00:00
archlinux
archlinux
libxml2: multiple issues
2016-05-26 00:00:00
suse
suse
Security update for libxml2 (important)
2016-06-16 13:08:21
Security update for libxml2 (important)
2016-06-16 13:10:48
Security update for libxml2 (important)
2016-06-17 15:08:25
freebsd
freebsd
libxml2 -- multiple vulnerabilities
2016-05-23 00:00:00
oraclelinux
oraclelinux
libxml2 security update
2016-06-23 00:00:00
debian
debian
[SECURITY] [DLA 503-1] libxml2 security update
2016-06-03 19:22:01
[SECURITY] [DSA 3593-1] libxml2 security update
2016-06-02 20:28:31
[SECURITY] [DSA 3593-1] libxml2 security update
2016-06-02 20:28:31
altlinux
altlinux
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.4.0.12.e905-alt1
2017-03-03 00:00:00
Security fix for the ALT Linux 8 package libxml2 version 1:2.9.4.0.12.e905-alt1
2017-03-07 00:00:00
Security fix for the ALT Linux 9 package libxml2 version 1:2.9.4.0.12.e905-alt1
2017-03-03 00:00:00
centos
centos
libxml2 security update
2016-06-23 15:28:21
redhat
redhat
(RHSA-2016:1292) Important: libxml2 security update
2016-06-23 08:21:08
(RHSA-2016:2957) Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release
2016-12-15 22:02:12
amazon
amazon
Important: libxml2
2016-07-14 16:30:00
ubuntu
ubuntu
libxml2 vulnerabilities
2016-06-06 00:00:00
symantec
symantec
SA129 : Multiple libxml2 Vulnerabilities
2016-09-01 08:00:00
cloudfoundry
cloudfoundry
USN-2994-1 libxml2 vulnerabilities | Cloud Foundry
2016-06-13 00:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2017-01-16 00:00:00
osv
osv
CVE-2016-3709
2022-07-28 17:15:07
CVE-2016-4483
2017-04-11 16:59:00
CVE-2018-14404
2018-07-19 13:29:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
JSON
Related for OPENSUSE-2016-662.NASL
mageia1f52ibm27nessus27openvas25redhatcve3veracode4prion5cve5ubuntucve5debiancve5packetstorm1archlinux1suse6freebsd1oraclelinux1debian3altlinux3centos1redhat2amazon1ubuntu1symantec1cloudfoundry1gentoo1osv35tenable1