Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2020-1190.NASLHistoryApr 01, 2020 - 12:00 a.m.
RHEL 7 : libxml2 (RHSA-2020:1190)
2020-04-0100:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.106
Percentile
95.0%
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1190 advisory.
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2020:1190. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(135071);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/04");
script_cve_id(
"CVE-2015-8035",
"CVE-2016-5131",
"CVE-2017-15412",
"CVE-2017-18258",
"CVE-2018-14404",
"CVE-2018-14567"
);
script_bugtraq_id(
77390,
92053,
102098,
105198
);
script_xref(name:"RHSA", value:"2020:1190");
script_xref(name:"IAVB", value:"2016-B-0083-S");
script_xref(name:"IAVB", value:"2016-B-0113-S");
script_xref(name:"IAVB", value:"2017-B-0169-S");
script_name(english:"RHEL 7 : libxml2 (RHSA-2020:1190)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for libxml2.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2020:1190 advisory.
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and
other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes
linked from the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_1190.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4f885423");
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?afba0e17");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1190");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1277146");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1358641");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1523128");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1566749");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1595985");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1619875");
script_set_attribute(attribute:"solution", value:
"Update the RHEL libxml2 package based on the guidance in RHSA-2020:1190.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-15412");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(252, 400, 476);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/02");
script_set_attribute(attribute:"patch_publication_date", value:"2020/03/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2-python");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2-static");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',
'content/dist/rhel/client/7/7.9/x86_64/debug',
'content/dist/rhel/client/7/7.9/x86_64/optional/debug',
'content/dist/rhel/client/7/7.9/x86_64/optional/os',
'content/dist/rhel/client/7/7.9/x86_64/optional/source/SRPMS',
'content/dist/rhel/client/7/7.9/x86_64/os',
'content/dist/rhel/client/7/7.9/x86_64/source/SRPMS',
'content/dist/rhel/client/7/7Client/x86_64/debug',
'content/dist/rhel/client/7/7Client/x86_64/optional/debug',
'content/dist/rhel/client/7/7Client/x86_64/optional/os',
'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',
'content/dist/rhel/client/7/7Client/x86_64/os',
'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',
'content/dist/rhel/computenode/7/7.9/x86_64/optional/debug',
'content/dist/rhel/computenode/7/7.9/x86_64/optional/os',
'content/dist/rhel/computenode/7/7.9/x86_64/optional/source/SRPMS',
'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',
'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',
'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',
'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',
'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',
'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',
'content/dist/rhel/power-le/7/7.9/ppc64le/debug',
'content/dist/rhel/power-le/7/7.9/ppc64le/highavailability/debug',
'content/dist/rhel/power-le/7/7.9/ppc64le/highavailability/os',
'content/dist/rhel/power-le/7/7.9/ppc64le/highavailability/source/SRPMS',
'content/dist/rhel/power-le/7/7.9/ppc64le/optional/debug',
'content/dist/rhel/power-le/7/7.9/ppc64le/optional/os',
'content/dist/rhel/power-le/7/7.9/ppc64le/optional/source/SRPMS',
'content/dist/rhel/power-le/7/7.9/ppc64le/os',
'content/dist/rhel/power-le/7/7.9/ppc64le/resilientstorage/debug',
'content/dist/rhel/power-le/7/7.9/ppc64le/resilientstorage/os',
'content/dist/rhel/power-le/7/7.9/ppc64le/resilientstorage/source/SRPMS',
'content/dist/rhel/power-le/7/7.9/ppc64le/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',
'content/dist/rhel/power/7/7.9/ppc64/debug',
'content/dist/rhel/power/7/7.9/ppc64/optional/debug',
'content/dist/rhel/power/7/7.9/ppc64/optional/os',
'content/dist/rhel/power/7/7.9/ppc64/optional/source/SRPMS',
'content/dist/rhel/power/7/7.9/ppc64/os',
'content/dist/rhel/power/7/7.9/ppc64/source/SRPMS',
'content/dist/rhel/power/7/7Server/ppc64/debug',
'content/dist/rhel/power/7/7Server/ppc64/optional/debug',
'content/dist/rhel/power/7/7Server/ppc64/optional/os',
'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',
'content/dist/rhel/power/7/7Server/ppc64/os',
'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',
'content/dist/rhel/server/7/7.9/x86_64/debug',
'content/dist/rhel/server/7/7.9/x86_64/highavailability/debug',
'content/dist/rhel/server/7/7.9/x86_64/highavailability/os',
'content/dist/rhel/server/7/7.9/x86_64/highavailability/source/SRPMS',
'content/dist/rhel/server/7/7.9/x86_64/optional/debug',
'content/dist/rhel/server/7/7.9/x86_64/optional/os',
'content/dist/rhel/server/7/7.9/x86_64/optional/source/SRPMS',
'content/dist/rhel/server/7/7.9/x86_64/os',
'content/dist/rhel/server/7/7.9/x86_64/resilientstorage/debug',
'content/dist/rhel/server/7/7.9/x86_64/resilientstorage/os',
'content/dist/rhel/server/7/7.9/x86_64/resilientstorage/source/SRPMS',
'content/dist/rhel/server/7/7.9/x86_64/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/debug',
'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',
'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',
'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/optional/debug',
'content/dist/rhel/server/7/7Server/x86_64/optional/os',
'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/os',
'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',
'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',
'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',
'content/dist/rhel/system-z/7/7.9/s390x/debug',
'content/dist/rhel/system-z/7/7.9/s390x/highavailability/debug',
'content/dist/rhel/system-z/7/7.9/s390x/highavailability/os',
'content/dist/rhel/system-z/7/7.9/s390x/highavailability/source/SRPMS',
'content/dist/rhel/system-z/7/7.9/s390x/optional/debug',
'content/dist/rhel/system-z/7/7.9/s390x/optional/os',
'content/dist/rhel/system-z/7/7.9/s390x/optional/source/SRPMS',
'content/dist/rhel/system-z/7/7.9/s390x/os',
'content/dist/rhel/system-z/7/7.9/s390x/resilientstorage/debug',
'content/dist/rhel/system-z/7/7.9/s390x/resilientstorage/os',
'content/dist/rhel/system-z/7/7.9/s390x/resilientstorage/source/SRPMS',
'content/dist/rhel/system-z/7/7.9/s390x/source/SRPMS',
'content/dist/rhel/system-z/7/7Server/s390x/debug',
'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',
'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',
'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',
'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',
'content/dist/rhel/system-z/7/7Server/s390x/optional/os',
'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',
'content/dist/rhel/system-z/7/7Server/s390x/os',
'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',
'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',
'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',
'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',
'content/dist/rhel/workstation/7/7.9/x86_64/debug',
'content/dist/rhel/workstation/7/7.9/x86_64/optional/debug',
'content/dist/rhel/workstation/7/7.9/x86_64/optional/os',
'content/dist/rhel/workstation/7/7.9/x86_64/optional/source/SRPMS',
'content/dist/rhel/workstation/7/7.9/x86_64/os',
'content/dist/rhel/workstation/7/7.9/x86_64/source/SRPMS',
'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',
'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',
'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',
'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',
'content/dist/rhel/workstation/7/7Workstation/x86_64/os',
'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',
'content/fastrack/rhel/client/7/x86_64/debug',
'content/fastrack/rhel/client/7/x86_64/optional/debug',
'content/fastrack/rhel/client/7/x86_64/optional/os',
'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',
'content/fastrack/rhel/client/7/x86_64/os',
'content/fastrack/rhel/client/7/x86_64/source/SRPMS',
'content/fastrack/rhel/computenode/7/x86_64/debug',
'content/fastrack/rhel/computenode/7/x86_64/optional/debug',
'content/fastrack/rhel/computenode/7/x86_64/optional/os',
'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',
'content/fastrack/rhel/computenode/7/x86_64/os',
'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',
'content/fastrack/rhel/power/7/ppc64/debug',
'content/fastrack/rhel/power/7/ppc64/optional/debug',
'content/fastrack/rhel/power/7/ppc64/optional/os',
'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',
'content/fastrack/rhel/power/7/ppc64/os',
'content/fastrack/rhel/power/7/ppc64/source/SRPMS',
'content/fastrack/rhel/server/7/x86_64/debug',
'content/fastrack/rhel/server/7/x86_64/highavailability/debug',
'content/fastrack/rhel/server/7/x86_64/highavailability/os',
'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',
'content/fastrack/rhel/server/7/x86_64/optional/debug',
'content/fastrack/rhel/server/7/x86_64/optional/os',
'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',
'content/fastrack/rhel/server/7/x86_64/os',
'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',
'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',
'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',
'content/fastrack/rhel/server/7/x86_64/source/SRPMS',
'content/fastrack/rhel/system-z/7/s390x/debug',
'content/fastrack/rhel/system-z/7/s390x/optional/debug',
'content/fastrack/rhel/system-z/7/s390x/optional/os',
'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',
'content/fastrack/rhel/system-z/7/s390x/os',
'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',
'content/fastrack/rhel/workstation/7/x86_64/debug',
'content/fastrack/rhel/workstation/7/x86_64/optional/debug',
'content/fastrack/rhel/workstation/7/x86_64/optional/os',
'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',
'content/fastrack/rhel/workstation/7/x86_64/os',
'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'
],
'pkgs': [
{'reference':'libxml2-2.9.1-6.el7.4', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-2.9.1-6.el7.4', 'cpu':'ppc', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-2.9.1-6.el7.4', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-2.9.1-6.el7.4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-2.9.1-6.el7.4', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-2.9.1-6.el7.4', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-2.9.1-6.el7.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-devel-2.9.1-6.el7.4', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-devel-2.9.1-6.el7.4', 'cpu':'ppc', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-devel-2.9.1-6.el7.4', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-devel-2.9.1-6.el7.4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-devel-2.9.1-6.el7.4', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-devel-2.9.1-6.el7.4', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-devel-2.9.1-6.el7.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-python-2.9.1-6.el7.4', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-python-2.9.1-6.el7.4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-python-2.9.1-6.el7.4', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-python-2.9.1-6.el7.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-static-2.9.1-6.el7.4', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-static-2.9.1-6.el7.4', 'cpu':'ppc', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-static-2.9.1-6.el7.4', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-static-2.9.1-6.el7.4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-static-2.9.1-6.el7.4', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-static-2.9.1-6.el7.4', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libxml2-static-2.9.1-6.el7.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2 / libxml2-devel / libxml2-python / libxml2-static');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | libxml2-static | p-cpe:/a:redhat:enterprise_linux:libxml2-static |
| redhat | enterprise_linux | 7 | cpe:/o:redhat:enterprise_linux:7 |
| redhat | enterprise_linux | libxml2-devel | p-cpe:/a:redhat:enterprise_linux:libxml2-devel |
| redhat | enterprise_linux | libxml2 | p-cpe:/a:redhat:enterprise_linux:libxml2 |
| redhat | enterprise_linux | libxml2-python | p-cpe:/a:redhat:enterprise_linux:libxml2-python |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567
www.nessus.org/u?4f885423
www.nessus.org/u?afba0e17
access.redhat.com/errata/RHSA-2020:1190
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1277146
bugzilla.redhat.com/show_bug.cgi?id=1358641
bugzilla.redhat.com/show_bug.cgi?id=1523128
bugzilla.redhat.com/show_bug.cgi?id=1566749
bugzilla.redhat.com/show_bug.cgi?id=1595985
bugzilla.redhat.com/show_bug.cgi?id=1619875
Related
nessus
nessus
Scientific Linux Security Update : libxml2 on SL7.x x86_64 (20200407)
2020-04-21 00:00:00
CentOS 7 : libxml2 (CESA-2020:1190)
2020-04-10 00:00:00
centos
centos
libxml2 security update
2020-04-08 18:42:56
redhat
redhat
(RHSA-2020:1190) Moderate: libxml2 security update
2020-03-31 09:30:25
(RHSA-2018:0287) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update
2018-02-08 12:38:27
(RHSA-2020:1827) Moderate: libxml2 security update
2020-04-28 09:20:58
amazon
amazon
Important: libxml2
2020-08-10 22:59:00
Important: libxml2
2020-07-21 16:34:00
Medium: libxml2
2018-09-05 19:31:00
oraclelinux
oraclelinux
libxml2 security update
2020-04-06 00:00:00
libxml2 security update
2020-05-05 00:00:00
f5
f5
ibm
ibm
openvas
openvas
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1316)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1559)
2020-01-23 00:00:00
openSUSE: Security Advisory for libxml2 (openSUSE-SU-2018:3107-1)
2018-10-13 00:00:00
osv
osv
libxml2 - security update
2018-09-27 00:00:00
libxml2 - security update
2020-09-09 00:00:00
Uncontrolled resource consumption in nokogiri
2018-04-13 16:17:46
debian
debian
[SECURITY] [DLA 1524-1] libxml2 security update
2018-09-27 20:04:03
[SECURITY] [DLA 2369-1] libxml2 security update
2020-09-09 22:41:50
[SECURITY] [DSA 4086-1] libxml2 security update
2018-01-13 16:46:50
suse
suse
Security update for libxml2 (moderate)
2018-10-12 12:10:07
Security update for libxml2 (moderate)
2018-10-12 12:12:16
cloudfoundry
cloudfoundry
USN-3739-1: libxml2 vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
USN-3513-1: libxml2 vulnerability | Cloud Foundry
2018-01-24 00:00:00
ubuntu
ubuntu
libxml2 vulnerabilities
2018-08-14 00:00:00
libxml2 vulnerability
2017-12-13 00:00:00
libxml2 vulnerability
2017-12-13 00:00:00
veracode
veracode
Copy-Paste Vulnerability (CPV) Through Libxml2
2018-10-16 03:04:15
Copy-Paste Vulnerability Through LibXML2
2018-04-24 02:43:19
Denial Of Service (DoS)
2018-08-29 06:34:49
rubygems
rubygems
Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
2018-10-03 21:00:00
Moderate severity vulnerability that affects nokogiri
2018-04-12 21:00:00
mageia
mageia
Updated libxml2 packages fix security vulnerabilities
2019-01-23 18:50:09
Updated libxml2 packages fix security vulnerability
2015-11-06 01:46:03
nvd
nvd
prion
prion
Design/Logic Flaw
2018-08-16 20:29:00
Design/Logic Flaw
2018-04-08 17:29:00
Design/Logic Flaw
2015-11-18 16:59:00
cve
cve
debiancve
debiancve
alpinelinux
alpinelinux
redhatcve
redhatcve
ubuntucve
ubuntucve
cvelist
cvelist
github
github
Uncontrolled resource consumption in nokogiri
2018-04-13 16:17:46
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
2022-05-14 02:19:17
Nokogiri NULL Pointer Dereference
2019-01-17 14:05:03
broadcom
broadcom
NULL pointer dereference in libxml2 through 2.9.8
2023-08-01 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: libxml2-2.9.8-4.fc27
2018-08-09 16:53:03
[SECURITY] Fedora 28 Update: libxml2-2.9.8-4.fc28
2018-08-07 01:20:06
photon
photon
archlinux
archlinux
[ASA-201611-2] libxml2: arbitrary code execution
2016-11-01 00:00:00
altlinux
altlinux
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.106
Percentile
95.0%
Related for REDHAT-RHSA-2020-1190.NASL