Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3739-1.NASL
HistoryOct 20, 2023 - 12:00 a.m.

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : libxml2 vulnerabilities (USN-3739-1)

2023-10-2000:00:00
Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
JSON

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3739-1 advisory.

  • libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
    (CVE-2016-9318)

  • parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
    (CVE-2017-16932)

  • The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. (CVE-2017-18258)

  • A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.
    Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. (CVE-2018-14404)

  • libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. (CVE-2018-14567)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3739-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(183608);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id(
    "CVE-2016-9318",
    "CVE-2017-16932",
    "CVE-2017-18258",
    "CVE-2018-14404",
    "CVE-2018-14567"
  );
  script_xref(name:"USN", value:"3739-1");

  script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : libxml2 vulnerabilities (USN-3739-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple
vulnerabilities as referenced in the USN-3739-1 advisory.

  - libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag
    directly indicating that the current document may be read but other files may not be opened, which makes
    it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
    (CVE-2016-9318)

  - parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
    (CVE-2017-16932)

  - The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of
    service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict
    memory usage to what is required for a legitimate file. (CVE-2017-18258)

  - A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2
    through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.
    Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable
    to a denial of service attack due to a crash of the application. (CVE-2018-14404)

  - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite
    loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different
    vulnerability than CVE-2015-8035 and CVE-2018-9251. (CVE-2018-14567)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3739-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-9318");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxml2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxml2-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxml2-udeb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxml2-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-libxml2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3-libxml2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release || '16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '14.04', 'pkgname': 'libxml2', 'pkgver': '2.9.1+dfsg1-3ubuntu4.13'},
    {'osver': '14.04', 'pkgname': 'libxml2-dev', 'pkgver': '2.9.1+dfsg1-3ubuntu4.13'},
    {'osver': '14.04', 'pkgname': 'libxml2-udeb', 'pkgver': '2.9.1+dfsg1-3ubuntu4.13'},
    {'osver': '14.04', 'pkgname': 'libxml2-utils', 'pkgver': '2.9.1+dfsg1-3ubuntu4.13'},
    {'osver': '14.04', 'pkgname': 'python-libxml2', 'pkgver': '2.9.1+dfsg1-3ubuntu4.13'},
    {'osver': '16.04', 'pkgname': 'libxml2', 'pkgver': '2.9.3+dfsg1-1ubuntu0.6'},
    {'osver': '16.04', 'pkgname': 'libxml2-dev', 'pkgver': '2.9.3+dfsg1-1ubuntu0.6'},
    {'osver': '16.04', 'pkgname': 'libxml2-udeb', 'pkgver': '2.9.3+dfsg1-1ubuntu0.6'},
    {'osver': '16.04', 'pkgname': 'libxml2-utils', 'pkgver': '2.9.3+dfsg1-1ubuntu0.6'},
    {'osver': '16.04', 'pkgname': 'python-libxml2', 'pkgver': '2.9.3+dfsg1-1ubuntu0.6'},
    {'osver': '18.04', 'pkgname': 'libxml2', 'pkgver': '2.9.4+dfsg1-6.1ubuntu1.2'},
    {'osver': '18.04', 'pkgname': 'libxml2-dev', 'pkgver': '2.9.4+dfsg1-6.1ubuntu1.2'},
    {'osver': '18.04', 'pkgname': 'libxml2-udeb', 'pkgver': '2.9.4+dfsg1-6.1ubuntu1.2'},
    {'osver': '18.04', 'pkgname': 'libxml2-utils', 'pkgver': '2.9.4+dfsg1-6.1ubuntu1.2'},
    {'osver': '18.04', 'pkgname': 'python-libxml2', 'pkgver': '2.9.4+dfsg1-6.1ubuntu1.2'},
    {'osver': '18.04', 'pkgname': 'python3-libxml2', 'pkgver': '2.9.4+dfsg1-6.1ubuntu1.2'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2 / libxml2-dev / libxml2-udeb / libxml2-utils / etc');
}
VendorProductVersionCPE
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04:-:lts
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linuxlibxml2p-cpe:/a:canonical:ubuntu_linux:libxml2
canonicalubuntu_linuxlibxml2-devp-cpe:/a:canonical:ubuntu_linux:libxml2-dev
canonicalubuntu_linuxlibxml2-udebp-cpe:/a:canonical:ubuntu_linux:libxml2-udeb
canonicalubuntu_linuxlibxml2-utilsp-cpe:/a:canonical:ubuntu_linux:libxml2-utils
canonicalubuntu_linuxpython-libxml2p-cpe:/a:canonical:ubuntu_linux:python-libxml2
canonicalubuntu_linuxpython3-libxml2p-cpe:/a:canonical:ubuntu_linux:python3-libxml2

Related

cloudfoundry 2
veracode 10
ubuntu 4
openvas 35
nessus 50
debian 4
suse 2
ibm 20
amazon 3
f5 1
osv 7
mageia 2
prion 7
cve 7
debiancve 7
alpinelinux 5
ubuntucve 8
redhatcve 6
centos 1
redhat 2
oraclelinux 2
fedora 3
rubygems 2
altlinux 2
github 3
broadcom 1
archlinux 2
photon 1
cloudfoundry
cloudfoundry
USN-3739-1: libxml2 vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
USN-3504-1: libxml2 vulnerability | Cloud Foundry
2017-12-14 00:00:00
veracode
veracode
Copy-Paste Vulnerability (CPV) Through Libxml2
2018-10-16 03:04:15
Copy-Paste Vulnerability Through LibXML2
2018-04-24 02:43:19
XML External Entity (XXE)
2018-11-27 06:08:51
ubuntu
ubuntu
libxml2 vulnerabilities
2018-08-14 00:00:00
libxml2 vulnerabilities
2018-08-14 00:00:00
libxml2 vulnerability
2017-12-05 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3739-1)
2018-10-26 00:00:00
openSUSE: Security Advisory for libxml2 (openSUSE-SU-2018:3107-1)
2018-10-13 00:00:00
Debian: Security Advisory (DLA-1524-1)
2018-09-27 00:00:00
nessus
nessus
Debian DLA-1524-1 : libxml2 security update
2018-09-28 00:00:00
SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2018:3081-1)
2018-10-10 00:00:00
openSUSE Security Update : libxml2 (openSUSE-2018-1149)
2018-10-15 00:00:00
debian
debian
[SECURITY] [DLA 1524-1] libxml2 security update
2018-09-27 20:04:03
[SECURITY] [DLA 2369-1] libxml2 security update
2020-09-09 22:41:50
[SECURITY] [DLA 2972-1] libxml2 security update
2022-04-08 21:17:02
suse
suse
Security update for libxml2 (moderate)
2018-10-12 12:10:07
Security update for libxml2 (moderate)
2018-10-12 12:12:16
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in libxml2 affects IBM Watson Studio Local
2019-12-18 18:01:21
Security Bulletin: IBM MQ Appliance is affected by multiple libxml2 vulnerabilities
2020-07-27 09:24:37
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in libxml2 (CVE-2018-14404 CVE-2016-9318)
2020-01-09 19:18:07
amazon
amazon
Important: libxml2
2020-08-10 22:59:00
Important: libxml2
2020-07-21 16:34:00
Medium: libxml2
2018-09-05 19:31:00
f5
f5
K76678525 : libxml2 vulnerabilities CVE-2015-8035 CVE-2016-5131 CVE-2017-15412 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567
2022-02-15 00:00:00
osv
osv
libxml2 - security update
2018-09-27 00:00:00
libxml2 - security update
2020-09-09 00:00:00
libxml2 - security update
2022-04-08 00:00:00
mageia
mageia
Updated libxml2 packages fix security vulnerabilities
2019-01-23 18:50:09
Updated libxml2 packages fix security vulnerability
2015-11-06 01:46:03
prion
prion
Design/Logic Flaw
2018-08-16 20:29:00
Design/Logic Flaw
2018-04-04 02:29:00
Xxe
2016-11-16 00:59:00
cve
cve
CVE-2018-14567
2018-08-16 20:29:00
CVE-2018-9251
2018-04-04 02:29:00
CVE-2017-18258
2018-04-08 17:29:00
debiancve
debiancve
CVE-2018-14567
2018-08-16 20:29:00
CVE-2018-9251
2018-04-04 02:29:00
CVE-2017-18258
2018-04-08 17:29:00
alpinelinux
alpinelinux
CVE-2018-14567
2018-08-16 20:29:00
CVE-2018-9251
2018-04-04 02:29:00
CVE-2016-9318
2016-11-16 00:59:00
ubuntucve
ubuntucve
CVE-2018-14567
2018-07-31 00:00:00
CVE-2017-18258
2018-04-08 00:00:00
CVE-2018-9251
2018-04-04 00:00:00
redhatcve
redhatcve
CVE-2018-14567
2018-08-22 02:19:05
CVE-2018-9251
2018-04-09 20:20:56
CVE-2017-18258
2018-04-12 23:19:08
centos
centos
libxml2 security update
2020-04-08 18:42:56
redhat
redhat
(RHSA-2020:1190) Moderate: libxml2 security update
2020-03-31 09:30:25
(RHSA-2020:1827) Moderate: libxml2 security update
2020-04-28 09:20:58
oraclelinux
oraclelinux
libxml2 security update
2020-04-06 00:00:00
libxml2 security update
2020-05-05 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: libxml2-2.9.8-4.fc27
2018-08-09 16:53:03
[SECURITY] Fedora 28 Update: libxml2-2.9.8-4.fc28
2018-08-07 01:20:06
[SECURITY] Fedora 22 Update: mingw-libxml2-2.9.3-1.fc22
2016-02-17 04:26:04
rubygems
rubygems
Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
2018-10-03 21:00:00
Moderate severity vulnerability that affects nokogiri
2018-04-12 21:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.9.0.52.f824-alt1
2019-05-22 00:00:00
Security fix for the ALT Linux 9 package libxml2 version 1:2.9.9.0.52.f824-alt1
2019-05-22 00:00:00
github
github
Uncontrolled resource consumption in nokogiri
2018-04-13 16:17:46
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
2022-05-13 01:02:39
Nokogiri NULL Pointer Dereference
2019-01-17 14:05:03
broadcom
broadcom
NULL pointer dereference in libxml2 through 2.9.8
2023-08-01 00:00:00
archlinux
archlinux
[ASA-201810-3] libxml2: denial of service
2018-10-01 00:00:00
[ASA-201810-4] lib32-libxml2: denial of service
2018-10-01 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0193
2018-11-06 00:00:00
JSON
Related for UBUNTU_USN-3739-1.NASL
cloudfoundry2veracode10ubuntu4openvas35nessus50debian4suse2ibm20amazon3f51osv7mageia2prion7cve7debiancve7alpinelinux5ubuntucve8redhatcve6centos1redhat2oraclelinux2fedora3rubygems2altlinux2github3broadcom1archlinux2photon1