Search...

Gentoo Security Advisory GLSA 201009-07 (libxml2)

2011-03-09T00:00:00

ID OPENVAS:136141256231069031
Type openvas
Reporter Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com
Modified 2019-03-14T00:00:00

Description

The remote host is missing updates announced in advisory GLSA 201009-07.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: glsa_201009_07.nasl 14171 2019-03-14 10:22:03Z cfischer $
#
# Auto generated from Gentoo's XML based advisory
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.69031");
  script_version("$Revision: 14171 $");
  script_tag(name:"last_modification", value:"$Date: 2019-03-14 11:22:03 +0100 (Thu, 14 Mar 2019) $");
  script_tag(name:"creation_date", value:"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_cve_id("CVE-2009-2414", "CVE-2009-2416");
  script_name("Gentoo Security Advisory GLSA 201009-07 (libxml2)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com");
  script_family("Gentoo Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
  script_tag(name:"insight", value:"Multiple Denial of Services vulnerabilities were found in libxml2.");
  script_tag(name:"solution", value:"All libxml2 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose '&gt;=dev-libs/libxml2-2.7.3-r2'

NOTE: This is a legacy GLSA. Updates for all affected architectures are
    available since August 30, 2009. It is likely that your system is
    already no longer affected by this issue.");

  script_xref(name:"URL", value:"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201009-07");
  script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=280617");
  script_tag(name:"summary", value:"The remote host is missing updates announced in
advisory GLSA 201009-07.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("pkg-lib-gentoo.inc");
include("revisions-lib.inc");

res = "";
report = "";
report = "";
if ((res = ispkgvuln(pkg:"dev-libs/libxml2", unaffected: make_list("ge 2.7.3-r2"), vulnerable: make_list("lt 2.7.3-r2"))) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:136141256231069031", "type": "openvas", "bulletinFamily": "scanner", "title": "Gentoo Security Advisory GLSA 201009-07 (libxml2)", "description": "The remote host is missing updates announced in\nadvisory GLSA 201009-07.", "published": "2011-03-09T00:00:00", "modified": "2019-03-14T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069031", "reporter": "Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com", "references": ["http://bugs.gentoo.org/show_bug.cgi?id=280617", "http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201009-07"], "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "lastseen": "2019-05-29T18:39:59", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["SOL15864"]}, {"type": "cve", "idList": ["CVE-2009-2416", "CVE-2009-2414"]}, {"type": "seebug", "idList": ["SSV:12038"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10136", "SECURITYVULNS:DOC:22293"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1861-1:E92AF", "DEBIAN:DSA-1859-1:A7A8F"]}, {"type": "fedora", "idList": ["FEDORA:12C9F10F85B", "FEDORA:042C510F8C4", "FEDORA:9E4C010F868", "FEDORA:1D4E010F8E7", "FEDORA:4664810F876"]}, {"type": "nessus", "idList": ["SUSE_LIBXML-6477.NASL", "ORACLELINUX_ELSA-2009-1206.NASL", "DEBIAN_DSA-1859.NASL", "SUSE_11_0_LIBXML-090908.NASL", "SL_20090810_LIBXML_AND_LIBXML2_ON_SL3_X.NASL", "SUSE_11_1_LIBXML-090908.NASL", "DEBIAN_DSA-1861.NASL", "SUSE_11_1_LIBXML2-090807.NASL", "GENTOO_GLSA-201009-07.NASL", "SUSE_11_0_LIBXML2-090807.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231064608", "OPENVAS:136141256231064596", "OPENVAS:1361412562310880794", "OPENVAS:64640", "OPENVAS:880794", "OPENVAS:64662", "OPENVAS:880755", "OPENVAS:64638", "OPENVAS:64700", "OPENVAS:136141256231064640"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1206"]}, {"type": "centos", "idList": ["CESA-2009:1206"]}, {"type": "gentoo", "idList": ["GLSA-201009-07"]}, {"type": "redhat", "idList": ["RHSA-2009:1206"]}, {"type": "ubuntu", "idList": ["USN-815-1"]}, {"type": "freebsd", "idList": ["5A7D4110-0B7A-11E1-846B-00235409FD3E", "CE4B3AF8-0B7C-11E1-846B-00235409FD3E"]}], "modified": "2019-05-29T18:39:59", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2019-05-29T18:39:59", "rev": 2}, "vulnersScore": 7.1}, "pluginID": "136141256231069031", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201009_07.nasl 14171 2019-03-14 10:22:03Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69031\");\n script_version(\"$Revision: 14171 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 11:22:03 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n script_name(\"Gentoo Security Advisory GLSA 201009-07 (libxml2)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple Denial of Services vulnerabilities were found in libxml2.\");\n script_tag(name:\"solution\", value:\"All libxml2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/libxml2-2.7.3-r2'\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since August 30, 2009. It is likely that your system is\n already no longer affected by this issue.\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201009-07\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=280617\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201009-07.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-libs/libxml2\", unaffected: make_list(\"ge 2.7.3-r2\"), vulnerable: make_list(\"lt 2.7.3-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "naslFamily": "Gentoo Local Security Checks"}

{"f5": [{"lastseen": "2016-09-02T18:44:09", "bulletinFamily": "software", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "edition": 1, "description": "Recommended action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2015-09-14T00:00:00", "published": "2014-11-25T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/800/sol15864.html", "id": "SOL15864", "title": "SOL15864 - libxml vulnerabilities CVE-2009-2414 and CVE-2009-2416", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cve": [{"lastseen": "2020-10-03T11:54:15", "description": "Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.", "edition": 3, "cvss3": {}, "published": "2009-08-11T18:30:00", "title": "CVE-2009-2416", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2416"], "modified": "2018-10-10T19:40:00", "cpe": ["cpe:/a:xmlsoft:libxml2:2.6.27", "cpe:/a:xmlsoft:libxml2:2.5.10", "cpe:/a:xmlsoft:libxml2:2.6.32", "cpe:/a:xmlsoft:libxml2:2.6.26", "cpe:/a:xmlsoft:libxml:1.8.17", "cpe:/a:xmlsoft:libxml2:2.6.16"], "id": "CVE-2009-2416", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2416", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:xmlsoft:libxml:1.8.17:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:54:15", "description": "Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.", "edition": 3, "cvss3": {}, "published": "2009-08-11T18:30:00", "title": "CVE-2009-2414", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2414"], "modified": "2018-10-10T19:40:00", "cpe": ["cpe:/a:xmlsoft:libxml2:2.6.27", "cpe:/a:xmlsoft:libxml2:2.5.10", "cpe:/a:xmlsoft:libxml2:2.6.32", "cpe:/a:xmlsoft:libxml2:2.6.26", "cpe:/a:xmlsoft:libxml:1.8.17", "cpe:/a:xmlsoft:libxml2:2.6.16"], "id": "CVE-2009-2414", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2414", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:xmlsoft:libxml:1.8.17:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*"]}], "seebug": [{"lastseen": "2017-11-19T18:40:27", "description": "BUGTRAQ ID: 36010\r\nCVE(CAN) ID: CVE-2009-2414,CVE-2009-2416\r\n\r\nlibxml2\u8f6f\u4ef6\u5305\u63d0\u4f9b\u5141\u8bb8\u7528\u6237\u64cd\u63a7XML\u6587\u4ef6\u7684\u51fd\u6570\u5e93\uff0c\u5305\u542b\u6709\u8bfb\u3001\u4fee\u6539\u548c\u5199XML\u548cHTML\u6587\u4ef6\u652f\u6301\u3002\r\n\r\nlibxml\u5e93\u5904\u7406DTD\u4e2d\u6839XML\u6587\u6863\u5143\u7d20\u5b9a\u4e49\u7684\u65b9\u5f0f\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u89e3\u6790Notation\u548cEnumeration\u5c5e\u6027\u7c7b\u578b\u7684\u65b9\u5f0f\u5b58\u5728\u591a\u4e2a\u91ca\u653e\u540e\u4f7f\u7528\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u63d0\u4f9b\u7279\u5236\u7684XML\u6587\u4ef6\uff0c\u5982\u679c\u672c\u5730\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u8be5\u6587\u4ef6\uff0c\u5c31\u4f1a\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\uff08\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff09\u3002\n\nXMLSoft Libxml2 <= 2.6.26\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2009:1206-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2009:1206-01\uff1aModerate: libxml and libxml2 security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2009-1206.html", "published": "2009-08-12T00:00:00", "title": "libxml2\u6808\u6ea2\u51fa\u548c\u91ca\u653e\u540e\u4f7f\u7528\u62d2\u7edd\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "modified": "2009-08-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12038", "id": "SSV:12038", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}], "securityvulns": [{"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1859-1 security@debian.org\r\nhttp://www.debian.org/security/ Nico Golde\r\nAugust 10th, 2009 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : libxml2\r\nVulnerability : several\r\nProblem type : local (remote)\r\nDebian-specific: no\r\nCVE IDs : CVE-2009-2416 CVE-2009-2414\r\n\r\nRauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several\r\nvulnerabilities in libxml2, a library for parsing and handling XML data\r\nfiles, which can lead to denial of service conditions or possibly arbitrary\r\ncode execution in the application using the library. The Common\r\nVulnerabilities and Exposures project identifies the following problems:\r\n\r\nAn XML document with specially-crafted Notation or Enumeration attribute\r\ntypes in a DTD definition leads to the use of a pointers to memory areas\r\nwhich have already been freed (CVE-2009-2416).\r\n\r\nMissing checks for the depth of ELEMENT DTD definitions when parsing\r\nchild content can lead to extensive stack-growth due to a function\r\nrecursion which can be triggered via a crafted XML document (CVE-2009-2414).\r\n\r\n\r\nFor the oldstable distribution (etch), this problem has been fixed in\r\nversion 2.6.27.dfsg-6+etch1.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 2.6.32.dfsg-5+lenny1.\r\n\r\nFor the testing (squeeze) and unstable (sid) distribution, this problem\r\nwill be fixed soon.\r\n\r\n\r\nWe recommend that you upgrade your libxml2 packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nDebian (oldstable)\r\n- ------------------\r\n\r\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390\r\nand sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz\r\n Size/MD5 checksum: 3416175 5ff71b22f6253a6dd9afc1c34778dec3\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1.dsc\r\n Size/MD5 checksum: 913 09efeb00dc3ad837c65ed86a2270261b\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1.diff.gz\r\n Size/MD5 checksum: 147012 e5df821d4cc929b2ef8c7100059715d5\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-6+etch1_all.deb\r\n Size/MD5 checksum: 1322916 726ca29b7ee850c407ac321f2ea112c7\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_alpha.deb\r\n Size/MD5 checksum: 917136 f4cfcb4f316490b18974cecd8868aced\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_alpha.deb\r\n Size/MD5 checksum: 184768 e475a83dc482cf3763af2f06cd00e7e1\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_alpha.deb\r\n Size/MD5 checksum: 882132 5573e7841564516216b7ac6bb2d8cf63\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_alpha.deb\r\n Size/MD5 checksum: 37990 5ab687646663b3719626727176029ba8\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_alpha.deb\r\n Size/MD5 checksum: 821362 fd53ce835d76a42bd2adcffad97fe4a6\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_amd64.deb\r\n Size/MD5 checksum: 36920 dceee52173b5c868003e83884eed8b7e\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_amd64.deb\r\n Size/MD5 checksum: 891488 9871349948186c2c2abb61a74628877e\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_amd64.deb\r\n Size/MD5 checksum: 797442 07005f45dcc655a7aac198b8ef177565\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_amd64.deb\r\n Size/MD5 checksum: 746350 5af6719d16da6860f581346997577139\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_amd64.deb\r\n Size/MD5 checksum: 184048 77365844e9195b07ac51b98d9ffde0b8\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_arm.deb\r\n Size/MD5 checksum: 34680 86beed99d8058d792400e5d5bed13574\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_arm.deb\r\n Size/MD5 checksum: 817634 41a02c48c5e88107975a39b0f02e053d\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_arm.deb\r\n Size/MD5 checksum: 673336 95d92fe53aa97cf9f335c791977f57f7\r\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_arm.deb\r\n Size/MD5 checksum: 165294 d3ca946df34d74b52398f13984f3ddfb\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_arm.deb\r\n Size/MD5 checksum: 742362 fa86898a7ef0fb0cbd6d82fcafc3d886\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_hppa.deb\r\n Size/MD5 checksum: 37436 735cfc6512d435e2b08adf4b3699a0be\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_hppa.deb\r\n Size/MD5 checksum: 864542 cf7d6d7b8851af4bb42731d36421d0dd\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_hppa.deb\r\n Size/MD5 checksum: 850264 1b911c0030934b91a71774e1fa998739\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_hppa.deb\r\n Size/MD5 checksum: 858456 a0779deeb7af435d275cc64f830b3b3e\r\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_hppa.deb\r\n Size/MD5 checksum: 192316 99987ff2ff350f931b5ab681bd3baf0c\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_i386.deb\r\n Size/MD5 checksum: 756686 72c9b7142946ee133dc11e68589d6030\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_i386.deb\r\n Size/MD5 checksum: 34738 f444021901f01813c9cfbc34b2b251bf\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_i386.deb\r\n Size/MD5 checksum: 682498 5e2b370fb8043b2ea70c3baad068454d\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_i386.deb\r\n Size/MD5 checksum: 857416 756808f106e97fe4a2572164f0af6fff\r\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_i386.deb\r\n Size/MD5 checksum: 169728 2e5e83f725d10c94e3d971f75d657416\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_ia64.deb\r\n Size/MD5 checksum: 196538 a0e332f9af106987ba5d9188faaa6043\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_ia64.deb\r\n Size/MD5 checksum: 1106826 5b9c4fcc856734ae53a5e5bc23df87d6\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_ia64.deb\r\n Size/MD5 checksum: 874266 5ac25182055c936cb0c41727470503b7\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_ia64.deb\r\n Size/MD5 checksum: 48502 548ec8a13d753639ed35c18a2bfb1351\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_ia64.deb\r\n Size/MD5 checksum: 1080804 20f8d6955ca957b04274e54a8eceb247\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_mips.deb\r\n Size/MD5 checksum: 841350 2859f5df144f2f00a01471db5c8a565d\r\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_mips.deb\r\n Size/MD5 checksum: 171640 195e04a6148265482fe114684c3fb288\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_mips.deb\r\n Size/MD5 checksum: 34428 226b53d817ff2c40e229a07e3a4e64a0\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_mips.deb\r\n Size/MD5 checksum: 771046 4deccca8499335b45239d11e4a96e4de\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_mips.deb\r\n Size/MD5 checksum: 926988 4f35522366c2f765f7c513ee4d912d63\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_mipsel.deb\r\n Size/MD5 checksum: 34404 5ef9faea763c8f56a9ea0c413ca3ec28\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_mipsel.deb\r\n Size/MD5 checksum: 168694 90fb2deb233b8bfea3fc8a220ec1a092\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_mipsel.deb\r\n Size/MD5 checksum: 833350 0f010d569fc5ea79522faf440c428838\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_mipsel.deb\r\n Size/MD5 checksum: 898632 dad49d9f3170bd9cd3cf7711ae03fd99\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_mipsel.deb\r\n Size/MD5 checksum: 769482 b79657714956fa0c913e21ab4da964f7\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_powerpc.deb\r\n Size/MD5 checksum: 780328 ea5cee0b67522d2356f6c6754dd16982\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_powerpc.deb\r\n Size/MD5 checksum: 172738 e3a4bafab2ce8c709611c1d8c4ade6b1\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_powerpc.deb\r\n Size/MD5 checksum: 771204 214bccabba3319d13bc0e0326ee20d5d\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_powerpc.deb\r\n Size/MD5 checksum: 898180 d71ee456739a07f4c2a165cf5c23c39d\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_powerpc.deb\r\n Size/MD5 checksum: 37672 796e04e32fde7bbe155842d2c10c2b8d\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_s390.deb\r\n Size/MD5 checksum: 750344 aabb8eb831d7eef11b52b1e54f6740a0\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_s390.deb\r\n Size/MD5 checksum: 885566 c20f903a49fb4a879ba17248145012ee\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_s390.deb\r\n Size/MD5 checksum: 36374 7814b80c96c04a9c9df1d47f853874eb\r\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_s390.deb\r\n Size/MD5 checksum: 185726 8360cbc7380594a8b92c45ef65656071\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_s390.deb\r\n Size/MD5 checksum: 806552 cccadb108b979c08780e436a164f76cd\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_sparc.deb\r\n Size/MD5 checksum: 761918 554b6c93e5277f5bd985c8d55f4599ff\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_sparc.deb\r\n Size/MD5 checksum: 712642 ff0e3fa668d7e77d28fd9a3a02155993\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_sparc.deb\r\n Size/MD5 checksum: 781992 14c09d25e1df5a79c7b068daf3c4281d\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_sparc.deb\r\n Size/MD5 checksum: 34668 e678b72f4a60616259bf51e3e5292969\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_sparc.deb\r\n Size/MD5 checksum: 176694 01affac870551a1bb69646cf2e706d7b\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc,\r\ns390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1.diff.gz\r\n Size/MD5 checksum: 84662 a769c08774d7fe51e12c01f46db03e1f\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg.orig.tar.gz\r\n Size/MD5 checksum: 3425843 bb11c95674e775b791dab2d15e630fa4\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1.dsc\r\n Size/MD5 checksum: 1352 ede126e827fe756a6d2dc2612b5c066b\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.32.dfsg-5+lenny1_all.deb\r\n Size/MD5 checksum: 1335218 bc7c1d7159d8f38dcec80b33f10b018b\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_alpha.deb\r\n Size/MD5 checksum: 920578 032c89af4f6f01016914355212e13f55\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_alpha.deb\r\n Size/MD5 checksum: 920528 43c8e3456db24d3b829ce37dd08559cc\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_alpha.deb\r\n Size/MD5 checksum: 856598 19d34579024997bfdf51660560320f23\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_alpha.deb\r\n Size/MD5 checksum: 38034 2a58c66e3812236863accc85de3a6bdc\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_alpha.deb\r\n Size/MD5 checksum: 292786 0eb8422bc6fb6b252c114e40edac7242\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_amd64.deb\r\n Size/MD5 checksum: 987308 937c2041b3a01b730c3b4e20a3b88fa6\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_amd64.deb\r\n Size/MD5 checksum: 860528 882be5e34ecaf4bbf6ba6697485b2f9f\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_amd64.deb\r\n Size/MD5 checksum: 775280 a573ee15451c4063323ea09c46538fb0\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_amd64.deb\r\n Size/MD5 checksum: 37644 d780afdf19c341c6c3cc7095745b816a\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_amd64.deb\r\n Size/MD5 checksum: 295274 44514b7d080c3ebf42136e6e9cb08f79\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_arm.deb\r\n Size/MD5 checksum: 35172 afafb8a17cacd2eebe0c1f34ce4a19ed\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_arm.deb\r\n Size/MD5 checksum: 685494 27eb0011b60841a0e3e28e3988cec39b\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_arm.deb\r\n Size/MD5 checksum: 782486 21b876c4cd6b08fa57bc6841636c52a7\r\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_arm.deb\r\n Size/MD5 checksum: 246212 01e21f08d1ad33a21881f5a9d39f2cf1\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_arm.deb\r\n Size/MD5 checksum: 898974 71676ee73bee1530a4db8f5ce500312f\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_armel.deb\r\n Size/MD5 checksum: 907962 26de957cc9b4f46c620dae22ef41dd5d\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_armel.deb\r\n Size/MD5 checksum: 791576 23d808d4133ece9adc9635154a120099\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_armel.deb\r\n Size/MD5 checksum: 246716 87699a3f216f521f4f4f43846c0666d6\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_armel.deb\r\n Size/MD5 checksum: 692700 53ad0e171b17de90a5449841ef137c35\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_armel.deb\r\n Size/MD5 checksum: 34508 141c99e1b2257894fba7a4d9a5d1d1b1\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_hppa.deb\r\n Size/MD5 checksum: 37620 9efff6376c156805b4d62cd7fb3e332a\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_hppa.deb\r\n Size/MD5 checksum: 867368 23a3da9637ad6098b72f6db9ce75df29\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_hppa.deb\r\n Size/MD5 checksum: 888948 7a19da4f1a82df3d8b73e4cb91b03418\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_hppa.deb\r\n Size/MD5 checksum: 299222 51ff0803a6d43a2b74c93f094bac49e5\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_hppa.deb\r\n Size/MD5 checksum: 931184 1fdc38b3b7964164b3570e9624e55ab4\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_i386.deb\r\n Size/MD5 checksum: 698650 5ad8f30a41069977e7ccca7fefadb570\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_i386.deb\r\n Size/MD5 checksum: 265350 60afc77cb49462de733571e482f382e5\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_i386.deb\r\n Size/MD5 checksum: 814686 fd8b952b2874720e7100389a31304c59\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_i386.deb\r\n Size/MD5 checksum: 944018 d1ba99a57b122c10a6034bc83a1d67b2\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_i386.deb\r\n Size/MD5 checksum: 33792 b8d60b1ddb516e18e3ac61ddc193eb76\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_ia64.deb\r\n Size/MD5 checksum: 1144372 8583ec92c578ac683aad8ff72152b94b\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_ia64.deb\r\n Size/MD5 checksum: 320072 8b43a5d5822218a7f9ca3b511b2716db\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_ia64.deb\r\n Size/MD5 checksum: 926002 6a66ba9defdcb34f4fc342876e733de2\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_ia64.deb\r\n Size/MD5 checksum: 48094 4d41b116318ea3aae2da591f23d22c52\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_ia64.deb\r\n Size/MD5 checksum: 1150510 52a05539fce0e748057d24b3c997e2b4\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_mips.deb\r\n Size/MD5 checksum: 34202 49252fce1bf324705bc740ae1b820fa3\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_mips.deb\r\n Size/MD5 checksum: 998980 3d509c62961a29d451a6648fcec33532\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_mips.deb\r\n Size/MD5 checksum: 811724 ed7e05077455ad2c90e9a900823da0f1\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_mips.deb\r\n Size/MD5 checksum: 831574 02fab2fc9b79ffbf799c802f2f6dc49e\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_mips.deb\r\n Size/MD5 checksum: 258152 639973a57b46a4419f5d5f0717ccb5ee\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_mipsel.deb\r\n Size/MD5 checksum: 34176 068fbd9ceb4b6d0232707e3f471f3c0c\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_mipsel.deb\r\n Size/MD5 checksum: 252608 c788547b91387dc325097d96d288abee\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_mipsel.deb\r\n Size/MD5 checksum: 975516 c11e341b7c028654eb4b81b393458ff1\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_mipsel.deb\r\n Size/MD5 checksum: 821792 8c027b694a20a55ca78431e4fc856e91\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_mipsel.deb\r\n Size/MD5 checksum: 809286 a35af5958b2aede1077c1a3ce0bcb204\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_powerpc.deb\r\n Size/MD5 checksum: 285720 7015c9c368c1d752d54e15df9d075a43\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_powerpc.deb\r\n Size/MD5 checksum: 950416 e64bf35e8dcf5605274787e54e93b5e8\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_powerpc.deb\r\n Size/MD5 checksum: 834658 f5b6339e52c5e2bd4effcbbd1a711150\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_powerpc.deb\r\n Size/MD5 checksum: 789910 b02c1d8f170007a4a9d0b2e27ebbb5f8\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_powerpc.deb\r\n Size/MD5 checksum: 42048 63e5e8b5d101aedbc7f4607254919d30\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_s390.deb\r\n Size/MD5 checksum: 38086 ae40946c4e649cee47bd9fc49dcbfc43\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_s390.deb\r\n Size/MD5 checksum: 762626 8a2f284489110517888404537b5953de\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_s390.deb\r\n Size/MD5 checksum: 854026 4af78786f69d6c1cc940af0a987e032b\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_s390.deb\r\n Size/MD5 checksum: 967838 e7694d2ac7bb121513c025a3061dab5d\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_s390.deb\r\n Size/MD5 checksum: 297650 d9ff3087bdd5044e1abab79452415405\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_sparc.deb\r\n Size/MD5 checksum: 803746 c1881041958779fa17ec25db7fdd8ef5\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_sparc.deb\r\n Size/MD5 checksum: 727250 e04f246ad1c7cf824500dd061196d396\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_sparc.deb\r\n Size/MD5 checksum: 278918 42ccaad60937c813e9a4ee4d9c0b7b44\r\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_sparc.deb\r\n Size/MD5 checksum: 845174 8dce349048ecc7b8c629c4dcc105cf41\r\n \r\nhttp://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_sparc.deb\r\n Size/MD5 checksum: 36424 65928e2b85e17b98e969ef11be6003fd\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkqAbQ8ACgkQHYflSXNkfP9UKQCfeIoaHmzeByVm0aMNOkJDCRrj\r\npCMAn04vZ2z1S9bqabWAvG0hwXyb2iTE\r\n=oA8y\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-08-11T00:00:00", "published": "2009-08-11T00:00:00", "id": "SECURITYVULNS:DOC:22293", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22293", "title": "[SECURITY] [DSA 1859-1] New libxml2 packages fix several issues", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "Memory use-after-free, stack overflow (exhaustion).", "edition": 1, "modified": "2009-08-11T00:00:00", "published": "2009-08-11T00:00:00", "id": "SECURITYVULNS:VULN:10136", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10136", "title": "libxml multiple security vulnerability", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:28:03", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1861-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nAugust 13th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : libxml\nVulnerability : several\nProblem type : local (remote)\nDebian-specific: no\nCVE IDs : CVE-2009-2416 CVE-2009-2414\n\nRauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several\nvulnerabilities in libxml, a library for parsing and handling XML data\nfiles, which can lead to denial of service conditions or possibly arbitrary\ncode execution in the application using the library. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nAn XML document with specially-crafted Notation or Enumeration attribute\ntypes in a DTD definition leads to the use of a pointers to memory areas\nwhich have already been freed (CVE-2009-2416).\n\nMissing checks for the depth of ELEMENT DTD definitions when parsing\nchild content can lead to extensive stack-growth due to a function\nrecursion which can be triggered via a crafted XML document (CVE-2009-2414).\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.8.17-14+etch1.\n\nThe stable (lenny), testing (squeeze) and unstable (sid) distribution\ndo not contain libxml anymore but libxml2 for which DSA-1859-1 has been\nreleased.\n\n\nWe recommend that you upgrade your libxml packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-14+etch1.diff.gz\n Size/MD5 checksum: 366268 512cbc5adce12b54741cadd80e62eb7d\n http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17.orig.tar.gz\n Size/MD5 checksum: 1016403 b8f01e43e1e03dec37dfd6b4507a9568\n http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-14+etch1.dsc\n Size/MD5 checksum: 716 26bf8a9d037f583d4a9dc1dab5aa4792\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_alpha.deb\n Size/MD5 checksum: 429312 749dda70c33689b70d13469f6c3357ac\n http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_alpha.deb\n Size/MD5 checksum: 233288 02b88e80b91681e956cb4ab19acfeca6\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_amd64.deb\n Size/MD5 checksum: 223558 ceb0d44c5a6a50373af43359e83667e7\n http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_amd64.deb\n Size/MD5 checksum: 383872 fc52303783696d53c20999a82e962bd7\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_arm.deb\n Size/MD5 checksum: 356830 43860080fa42274a3d7ad649a6dea3fd\n http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_arm.deb\n Size/MD5 checksum: 197970 63134af5530d4ab6f1a41046136ea62d\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_hppa.deb\n Size/MD5 checksum: 429646 938ea12262d6fe02426a8d59f5242794\n http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_hppa.deb\n Size/MD5 checksum: 240036 52f8f7e7c277f0b37fdba7e4b1609f19\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_i386.deb\n Size/MD5 checksum: 212762 b25bde43ee075fa743b1f037a43919b8\n http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_i386.deb\n Size/MD5 checksum: 364460 0d3f3229b87c1b2d2ff614679d805600\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_ia64.deb\n Size/MD5 checksum: 498736 7fa5b542dcd264d899ea0b49cdf4ffdc\n http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_ia64.deb\n Size/MD5 checksum: 315918 7e2351fbb88e55dcabcd4bbca3bb26c0\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_mips.deb\n Size/MD5 checksum: 411816 f32a3c2d678a256691a7a6b300467eeb\n http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_mips.deb\n Size/MD5 checksum: 209842 603a443d76deb3bafea7e288f102d2bb\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_mipsel.deb\n Size/MD5 checksum: 408602 36e9600b0be7e846b4788cd475413858\n http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_mipsel.deb\n Size/MD5 checksum: 210312 e78866fce8cdc8fd0854203a73f50a6e\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_powerpc.deb\n Size/MD5 checksum: 213862 5a6fde00e79c0ab8a873f0f0d2bfc028\n http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_powerpc.deb\n Size/MD5 checksum: 388622 c93294decb6b25bb4c3fe43dc0fa25e2\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_s390.deb\n Size/MD5 checksum: 387402 43844dfcb0401e9fd1ac3d4c80281f83\n http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_s390.deb\n Size/MD5 checksum: 226562 c9da4865e04f157ceacde8f59b040f28\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 13, "modified": "2009-08-13T20:44:39", "published": "2009-08-13T20:44:39", "id": "DEBIAN:DSA-1861-1:E92AF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00178.html", "title": "[SECURITY] [DSA 1861-1] New libxml packages fix several issues", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-11T13:19:06", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1859-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nAugust 10th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : libxml2\nVulnerability : several\nProblem type : local (remote)\nDebian-specific: no\nCVE IDs : CVE-2009-2416 CVE-2009-2414\n\nRauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several\nvulnerabilities in libxml2, a library for parsing and handling XML data\nfiles, which can lead to denial of service conditions or possibly arbitrary\ncode execution in the application using the library. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nAn XML document with specially-crafted Notation or Enumeration attribute\ntypes in a DTD definition leads to the use of a pointers to memory areas\nwhich have already been freed (CVE-2009-2416).\n\nMissing checks for the depth of ELEMENT DTD definitions when parsing\nchild content can lead to extensive stack-growth due to a function\nrecursion which can be triggered via a crafted XML document (CVE-2009-2414).\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.27.dfsg-6+etch1.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.6.32.dfsg-5+lenny1.\n\nFor the testing (squeeze) and unstable (sid) distribution, this problem\nwill be fixed soon.\n\n\nWe recommend that you upgrade your libxml2 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz\n Size/MD5 checksum: 3416175 5ff71b22f6253a6dd9afc1c34778dec3\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1.dsc\n Size/MD5 checksum: 913 09efeb00dc3ad837c65ed86a2270261b\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1.diff.gz\n Size/MD5 checksum: 147012 e5df821d4cc929b2ef8c7100059715d5\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-6+etch1_all.deb\n Size/MD5 checksum: 1322916 726ca29b7ee850c407ac321f2ea112c7\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_alpha.deb\n Size/MD5 checksum: 917136 f4cfcb4f316490b18974cecd8868aced\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_alpha.deb\n Size/MD5 checksum: 184768 e475a83dc482cf3763af2f06cd00e7e1\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_alpha.deb\n Size/MD5 checksum: 882132 5573e7841564516216b7ac6bb2d8cf63\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_alpha.deb\n Size/MD5 checksum: 37990 5ab687646663b3719626727176029ba8\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_alpha.deb\n Size/MD5 checksum: 821362 fd53ce835d76a42bd2adcffad97fe4a6\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_amd64.deb\n Size/MD5 checksum: 36920 dceee52173b5c868003e83884eed8b7e\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_amd64.deb\n Size/MD5 checksum: 891488 9871349948186c2c2abb61a74628877e\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_amd64.deb\n Size/MD5 checksum: 797442 07005f45dcc655a7aac198b8ef177565\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_amd64.deb\n Size/MD5 checksum: 746350 5af6719d16da6860f581346997577139\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_amd64.deb\n Size/MD5 checksum: 184048 77365844e9195b07ac51b98d9ffde0b8\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_arm.deb\n Size/MD5 checksum: 34680 86beed99d8058d792400e5d5bed13574\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_arm.deb\n Size/MD5 checksum: 817634 41a02c48c5e88107975a39b0f02e053d\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_arm.deb\n Size/MD5 checksum: 673336 95d92fe53aa97cf9f335c791977f57f7\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_arm.deb\n Size/MD5 checksum: 165294 d3ca946df34d74b52398f13984f3ddfb\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_arm.deb\n Size/MD5 checksum: 742362 fa86898a7ef0fb0cbd6d82fcafc3d886\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_hppa.deb\n Size/MD5 checksum: 37436 735cfc6512d435e2b08adf4b3699a0be\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_hppa.deb\n Size/MD5 checksum: 864542 cf7d6d7b8851af4bb42731d36421d0dd\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_hppa.deb\n Size/MD5 checksum: 850264 1b911c0030934b91a71774e1fa998739\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_hppa.deb\n Size/MD5 checksum: 858456 a0779deeb7af435d275cc64f830b3b3e\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_hppa.deb\n Size/MD5 checksum: 192316 99987ff2ff350f931b5ab681bd3baf0c\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_i386.deb\n Size/MD5 checksum: 756686 72c9b7142946ee133dc11e68589d6030\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_i386.deb\n Size/MD5 checksum: 34738 f444021901f01813c9cfbc34b2b251bf\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_i386.deb\n Size/MD5 checksum: 682498 5e2b370fb8043b2ea70c3baad068454d\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_i386.deb\n Size/MD5 checksum: 857416 756808f106e97fe4a2572164f0af6fff\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_i386.deb\n Size/MD5 checksum: 169728 2e5e83f725d10c94e3d971f75d657416\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_ia64.deb\n Size/MD5 checksum: 196538 a0e332f9af106987ba5d9188faaa6043\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_ia64.deb\n Size/MD5 checksum: 1106826 5b9c4fcc856734ae53a5e5bc23df87d6\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_ia64.deb\n Size/MD5 checksum: 874266 5ac25182055c936cb0c41727470503b7\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_ia64.deb\n Size/MD5 checksum: 48502 548ec8a13d753639ed35c18a2bfb1351\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_ia64.deb\n Size/MD5 checksum: 1080804 20f8d6955ca957b04274e54a8eceb247\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_mips.deb\n Size/MD5 checksum: 841350 2859f5df144f2f00a01471db5c8a565d\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_mips.deb\n Size/MD5 checksum: 171640 195e04a6148265482fe114684c3fb288\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_mips.deb\n Size/MD5 checksum: 34428 226b53d817ff2c40e229a07e3a4e64a0\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_mips.deb\n Size/MD5 checksum: 771046 4deccca8499335b45239d11e4a96e4de\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_mips.deb\n Size/MD5 checksum: 926988 4f35522366c2f765f7c513ee4d912d63\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_mipsel.deb\n Size/MD5 checksum: 34404 5ef9faea763c8f56a9ea0c413ca3ec28\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_mipsel.deb\n Size/MD5 checksum: 168694 90fb2deb233b8bfea3fc8a220ec1a092\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_mipsel.deb\n Size/MD5 checksum: 833350 0f010d569fc5ea79522faf440c428838\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_mipsel.deb\n Size/MD5 checksum: 898632 dad49d9f3170bd9cd3cf7711ae03fd99\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_mipsel.deb\n Size/MD5 checksum: 769482 b79657714956fa0c913e21ab4da964f7\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_powerpc.deb\n Size/MD5 checksum: 780328 ea5cee0b67522d2356f6c6754dd16982\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_powerpc.deb\n Size/MD5 checksum: 172738 e3a4bafab2ce8c709611c1d8c4ade6b1\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_powerpc.deb\n Size/MD5 checksum: 771204 214bccabba3319d13bc0e0326ee20d5d\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_powerpc.deb\n Size/MD5 checksum: 898180 d71ee456739a07f4c2a165cf5c23c39d\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_powerpc.deb\n Size/MD5 checksum: 37672 796e04e32fde7bbe155842d2c10c2b8d\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_s390.deb\n Size/MD5 checksum: 750344 aabb8eb831d7eef11b52b1e54f6740a0\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_s390.deb\n Size/MD5 checksum: 885566 c20f903a49fb4a879ba17248145012ee\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_s390.deb\n Size/MD5 checksum: 36374 7814b80c96c04a9c9df1d47f853874eb\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_s390.deb\n Size/MD5 checksum: 185726 8360cbc7380594a8b92c45ef65656071\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_s390.deb\n Size/MD5 checksum: 806552 cccadb108b979c08780e436a164f76cd\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_sparc.deb\n Size/MD5 checksum: 761918 554b6c93e5277f5bd985c8d55f4599ff\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_sparc.deb\n Size/MD5 checksum: 712642 ff0e3fa668d7e77d28fd9a3a02155993\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_sparc.deb\n Size/MD5 checksum: 781992 14c09d25e1df5a79c7b068daf3c4281d\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_sparc.deb\n Size/MD5 checksum: 34668 e678b72f4a60616259bf51e3e5292969\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_sparc.deb\n Size/MD5 checksum: 176694 01affac870551a1bb69646cf2e706d7b\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1.diff.gz\n Size/MD5 checksum: 84662 a769c08774d7fe51e12c01f46db03e1f\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg.orig.tar.gz\n Size/MD5 checksum: 3425843 bb11c95674e775b791dab2d15e630fa4\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1.dsc\n Size/MD5 checksum: 1352 ede126e827fe756a6d2dc2612b5c066b\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.32.dfsg-5+lenny1_all.deb\n Size/MD5 checksum: 1335218 bc7c1d7159d8f38dcec80b33f10b018b\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_alpha.deb\n Size/MD5 checksum: 920578 032c89af4f6f01016914355212e13f55\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_alpha.deb\n Size/MD5 checksum: 920528 43c8e3456db24d3b829ce37dd08559cc\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_alpha.deb\n Size/MD5 checksum: 856598 19d34579024997bfdf51660560320f23\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_alpha.deb\n Size/MD5 checksum: 38034 2a58c66e3812236863accc85de3a6bdc\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_alpha.deb\n Size/MD5 checksum: 292786 0eb8422bc6fb6b252c114e40edac7242\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_amd64.deb\n Size/MD5 checksum: 987308 937c2041b3a01b730c3b4e20a3b88fa6\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_amd64.deb\n Size/MD5 checksum: 860528 882be5e34ecaf4bbf6ba6697485b2f9f\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_amd64.deb\n Size/MD5 checksum: 775280 a573ee15451c4063323ea09c46538fb0\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_amd64.deb\n Size/MD5 checksum: 37644 d780afdf19c341c6c3cc7095745b816a\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_amd64.deb\n Size/MD5 checksum: 295274 44514b7d080c3ebf42136e6e9cb08f79\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_arm.deb\n Size/MD5 checksum: 35172 afafb8a17cacd2eebe0c1f34ce4a19ed\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_arm.deb\n Size/MD5 checksum: 685494 27eb0011b60841a0e3e28e3988cec39b\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_arm.deb\n Size/MD5 checksum: 782486 21b876c4cd6b08fa57bc6841636c52a7\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_arm.deb\n Size/MD5 checksum: 246212 01e21f08d1ad33a21881f5a9d39f2cf1\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_arm.deb\n Size/MD5 checksum: 898974 71676ee73bee1530a4db8f5ce500312f\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_armel.deb\n Size/MD5 checksum: 907962 26de957cc9b4f46c620dae22ef41dd5d\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_armel.deb\n Size/MD5 checksum: 791576 23d808d4133ece9adc9635154a120099\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_armel.deb\n Size/MD5 checksum: 246716 87699a3f216f521f4f4f43846c0666d6\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_armel.deb\n Size/MD5 checksum: 692700 53ad0e171b17de90a5449841ef137c35\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_armel.deb\n Size/MD5 checksum: 34508 141c99e1b2257894fba7a4d9a5d1d1b1\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_hppa.deb\n Size/MD5 checksum: 37620 9efff6376c156805b4d62cd7fb3e332a\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_hppa.deb\n Size/MD5 checksum: 867368 23a3da9637ad6098b72f6db9ce75df29\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_hppa.deb\n Size/MD5 checksum: 888948 7a19da4f1a82df3d8b73e4cb91b03418\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_hppa.deb\n Size/MD5 checksum: 299222 51ff0803a6d43a2b74c93f094bac49e5\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_hppa.deb\n Size/MD5 checksum: 931184 1fdc38b3b7964164b3570e9624e55ab4\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_i386.deb\n Size/MD5 checksum: 698650 5ad8f30a41069977e7ccca7fefadb570\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_i386.deb\n Size/MD5 checksum: 265350 60afc77cb49462de733571e482f382e5\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_i386.deb\n Size/MD5 checksum: 814686 fd8b952b2874720e7100389a31304c59\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_i386.deb\n Size/MD5 checksum: 944018 d1ba99a57b122c10a6034bc83a1d67b2\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_i386.deb\n Size/MD5 checksum: 33792 b8d60b1ddb516e18e3ac61ddc193eb76\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_ia64.deb\n Size/MD5 checksum: 1144372 8583ec92c578ac683aad8ff72152b94b\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_ia64.deb\n Size/MD5 checksum: 320072 8b43a5d5822218a7f9ca3b511b2716db\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_ia64.deb\n Size/MD5 checksum: 926002 6a66ba9defdcb34f4fc342876e733de2\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_ia64.deb\n Size/MD5 checksum: 48094 4d41b116318ea3aae2da591f23d22c52\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_ia64.deb\n Size/MD5 checksum: 1150510 52a05539fce0e748057d24b3c997e2b4\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_mips.deb\n Size/MD5 checksum: 34202 49252fce1bf324705bc740ae1b820fa3\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_mips.deb\n Size/MD5 checksum: 998980 3d509c62961a29d451a6648fcec33532\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_mips.deb\n Size/MD5 checksum: 811724 ed7e05077455ad2c90e9a900823da0f1\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_mips.deb\n Size/MD5 checksum: 831574 02fab2fc9b79ffbf799c802f2f6dc49e\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_mips.deb\n Size/MD5 checksum: 258152 639973a57b46a4419f5d5f0717ccb5ee\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_mipsel.deb\n Size/MD5 checksum: 34176 068fbd9ceb4b6d0232707e3f471f3c0c\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_mipsel.deb\n Size/MD5 checksum: 252608 c788547b91387dc325097d96d288abee\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_mipsel.deb\n Size/MD5 checksum: 975516 c11e341b7c028654eb4b81b393458ff1\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_mipsel.deb\n Size/MD5 checksum: 821792 8c027b694a20a55ca78431e4fc856e91\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_mipsel.deb\n Size/MD5 checksum: 809286 a35af5958b2aede1077c1a3ce0bcb204\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_powerpc.deb\n Size/MD5 checksum: 285720 7015c9c368c1d752d54e15df9d075a43\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_powerpc.deb\n Size/MD5 checksum: 950416 e64bf35e8dcf5605274787e54e93b5e8\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_powerpc.deb\n Size/MD5 checksum: 834658 f5b6339e52c5e2bd4effcbbd1a711150\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_powerpc.deb\n Size/MD5 checksum: 789910 b02c1d8f170007a4a9d0b2e27ebbb5f8\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_powerpc.deb\n Size/MD5 checksum: 42048 63e5e8b5d101aedbc7f4607254919d30\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_s390.deb\n Size/MD5 checksum: 38086 ae40946c4e649cee47bd9fc49dcbfc43\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_s390.deb\n Size/MD5 checksum: 762626 8a2f284489110517888404537b5953de\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_s390.deb\n Size/MD5 checksum: 854026 4af78786f69d6c1cc940af0a987e032b\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_s390.deb\n Size/MD5 checksum: 967838 e7694d2ac7bb121513c025a3061dab5d\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_s390.deb\n Size/MD5 checksum: 297650 d9ff3087bdd5044e1abab79452415405\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_sparc.deb\n Size/MD5 checksum: 803746 c1881041958779fa17ec25db7fdd8ef5\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_sparc.deb\n Size/MD5 checksum: 727250 e04f246ad1c7cf824500dd061196d396\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_sparc.deb\n Size/MD5 checksum: 278918 42ccaad60937c813e9a4ee4d9c0b7b44\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_sparc.deb\n Size/MD5 checksum: 845174 8dce349048ecc7b8c629c4dcc105cf41\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_sparc.deb\n Size/MD5 checksum: 36424 65928e2b85e17b98e969ef11be6003fd\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2009-08-10T18:59:12", "published": "2009-08-10T18:59:12", "id": "DEBIAN:DSA-1859-1:A7A8F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00176.html", "title": "[SECURITY] [DSA 1859-1] New libxml2 packages fix several issues", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-17T13:07:00", "description": "Updated libxml and libxml2 packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nlibxml is a library for parsing and manipulating XML files. A Document\nType Definition (DTD) defines the legal syntax (and also which\nelements can be used) for certain types of files, such as XML files.\n\nA stack overflow flaw was found in the way libxml processes the root\nXML document element definition in a DTD. A remote attacker could\nprovide a specially crafted XML file, which once opened by a local,\nunsuspecting user, would lead to denial of service (application\ncrash). (CVE-2009-2414)\n\nMultiple use-after-free flaws were found in the way libxml parses the\nNotation and Enumeration attribute types. A remote attacker could\nprovide a specially crafted XML file, which once opened by a local,\nunsuspecting user, would lead to denial of service (application\ncrash). (CVE-2009-2416)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For Red Hat Enterprise\nLinux 3, they contain backported patches for the libxml and libxml2\npackages. For Red Hat Enterprise Linux 4 and 5, they contain\nbackported patches for the libxml2 packages. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.", "edition": 27, "published": "2009-08-11T00:00:00", "title": "RHEL 3 / 4 / 5 : libxml and libxml2 (RHSA-2009:1206)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "modified": "2009-08-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3", "p-cpe:/a:redhat:enterprise_linux:libxml", "p-cpe:/a:redhat:enterprise_linux:libxml2-devel", "p-cpe:/a:redhat:enterprise_linux:libxml-devel", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:libxml2-python", "p-cpe:/a:redhat:enterprise_linux:libxml2"], "id": "REDHAT-RHSA-2009-1206.NASL", "href": "https://www.tenable.com/plugins/nessus/40544", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1206. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40544);\n script_version(\"1.38\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n script_xref(name:\"RHSA\", value:\"2009:1206\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : libxml and libxml2 (RHSA-2009:1206)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libxml and libxml2 packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nlibxml is a library for parsing and manipulating XML files. A Document\nType Definition (DTD) defines the legal syntax (and also which\nelements can be used) for certain types of files, such as XML files.\n\nA stack overflow flaw was found in the way libxml processes the root\nXML document element definition in a DTD. A remote attacker could\nprovide a specially crafted XML file, which once opened by a local,\nunsuspecting user, would lead to denial of service (application\ncrash). (CVE-2009-2414)\n\nMultiple use-after-free flaws were found in the way libxml parses the\nNotation and Enumeration attribute types. A remote attacker could\nprovide a specially crafted XML file, which once opened by a local,\nunsuspecting user, would lead to denial of service (application\ncrash). (CVE-2009-2416)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For Red Hat Enterprise\nLinux 3, they contain backported patches for the libxml and libxml2\npackages. For Red Hat Enterprise Linux 4 and 5, they contain\nbackported patches for the libxml2 packages. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1206\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1206\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"libxml-1.8.17-9.3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"libxml-devel-1.8.17-9.3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"libxml2-2.5.10-15\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"libxml2-devel-2.5.10-15\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"libxml2-python-2.5.10-15\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"libxml2-2.6.16-12.7\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"libxml2-devel-2.6.16-12.7\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"libxml2-python-2.6.16-12.7\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"libxml2-2.6.26-2.1.2.8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"libxml2-devel-2.6.26-2.1.2.8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libxml2-python-2.6.26-2.1.2.8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"libxml2-python-2.6.26-2.1.2.8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libxml2-python-2.6.26-2.1.2.8\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml / libxml-devel / libxml2 / libxml2-devel / libxml2-python\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:52:15", "description": "Multiple vulnerabilities has been found and corrected in libxml :\n\nStack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26,\n2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent\nattackers to cause a denial of service (application crash) via a large\ndepth of element declarations in a DTD, related to a function\nrecursion, as demonstrated by the Codenomicon XML fuzzing framework\n(CVE-2009-2414).\n\nMultiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16,\n2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent\nattackers to cause a denial of service (application crash) via crafted\n(1) Notation or (2) Enumeration attribute types in an XML file, as\ndemonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416).\n\nThis update provides a solution to these vulnerabilities.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers", "edition": 25, "published": "2009-08-13T00:00:00", "title": "Mandriva Linux Security Advisory : libxml (MDVSA-2009:200-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "modified": "2009-08-13T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libxml2-utils", "p-cpe:/a:mandriva:linux:lib64xml2-devel", "p-cpe:/a:mandriva:linux:lib64xml1", "p-cpe:/a:mandriva:linux:lib64xml2_2", "p-cpe:/a:mandriva:linux:libxml1", "p-cpe:/a:mandriva:linux:libxml2_2", "p-cpe:/a:mandriva:linux:libxml1-devel", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:libxml2-devel", "p-cpe:/a:mandriva:linux:libxml2-python", "p-cpe:/a:mandriva:linux:lib64xml1-devel"], "id": "MANDRIVA_MDVSA-2009-200.NASL", "href": "https://www.tenable.com/plugins/nessus/40584", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:200. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40584);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n script_bugtraq_id(36010);\n script_xref(name:\"MDVSA\", value:\"2009:200-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libxml (MDVSA-2009:200-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in libxml :\n\nStack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26,\n2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent\nattackers to cause a denial of service (application crash) via a large\ndepth of element declarations in a DTD, related to a function\nrecursion, as demonstrated by the Codenomicon XML fuzzing framework\n(CVE-2009-2414).\n\nMultiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16,\n2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent\nattackers to cause a denial of service (application crash) via crafted\n(1) Notation or (2) Enumeration attribute types in an XML file, as\ndemonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416).\n\nThis update provides a solution to these vulnerabilities.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xml1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xml1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xml2_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2_2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xml1-1.8.17-11.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xml1-devel-1.8.17-11.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xml2-devel-2.6.30-1.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xml2_2-2.6.30-1.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxml1-1.8.17-11.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxml1-devel-1.8.17-11.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxml2-devel-2.6.30-1.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libxml2-python-2.6.30-1.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libxml2-utils-2.6.30-1.6mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxml2_2-2.6.30-1.6mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:46:32", "description": "This update of libxml does not use pointers after they were freed\nanymore. (CVE-2009-2416) Additionally a stack-based buffer overflow\nwas fixed while parsing the root XML document. (CVE-2009-2414)", "edition": 24, "published": "2009-10-06T00:00:00", "title": "openSUSE 10 Security Update : libxml (libxml-6477)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "modified": "2009-10-06T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:libxml-devel", "p-cpe:/a:novell:opensuse:libxml", "p-cpe:/a:novell:opensuse:libxml-32bit"], "id": "SUSE_LIBXML-6477.NASL", "href": "https://www.tenable.com/plugins/nessus/42020", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libxml-6477.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42020);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n\n script_name(english:\"openSUSE 10 Security Update : libxml (libxml-6477)\");\n script_summary(english:\"Check for the libxml-6477 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libxml does not use pointers after they were freed\nanymore. (CVE-2009-2416) Additionally a stack-based buffer overflow\nwas fixed while parsing the root XML document. (CVE-2009-2414)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libxml-1.8.17-450.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"libxml-devel-1.8.17-450.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"libxml-32bit-1.8.17-450.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:44:28", "description": "CVE-2009-2414 libxml, libxml2, mingw32-libxml2: Stack overflow by\nparsing root XML element DTD definition\n\nCVE-2009-2416 libxml, libxml2, mingw32-libxml2: Pointer use-after-free\nflaws by parsing Notation and Enumeration attribute types\n\nA stack overflow flaw was found in the way libxml processes the root\nXML document element definition in a DTD. A remote attacker could\nprovide a specially crafted XML file, which once opened by a local,\nunsuspecting user, would lead to denial of service (application\ncrash). (CVE-2009-2414)\n\nMultiple use-after-free flaws were found in the way libxml parses the\nNotation and Enumeration attribute types. A remote attacker could\nprovid a specially crafted XML file, which once opened by a local,\nunsuspecting user, would lead to denial of service (application\ncrash). (CVE-2009-2416)\n\nThe desktop must be restarted (log out, then log back in) for this\nupdate to take effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : libxml and libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090810_LIBXML_AND_LIBXML2_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60637", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60637);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n\n script_name(english:\"Scientific Linux Security Update : libxml and libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-2414 libxml, libxml2, mingw32-libxml2: Stack overflow by\nparsing root XML element DTD definition\n\nCVE-2009-2416 libxml, libxml2, mingw32-libxml2: Pointer use-after-free\nflaws by parsing Notation and Enumeration attribute types\n\nA stack overflow flaw was found in the way libxml processes the root\nXML document element definition in a DTD. A remote attacker could\nprovide a specially crafted XML file, which once opened by a local,\nunsuspecting user, would lead to denial of service (application\ncrash). (CVE-2009-2414)\n\nMultiple use-after-free flaws were found in the way libxml parses the\nNotation and Enumeration attribute types. A remote attacker could\nprovid a specially crafted XML file, which once opened by a local,\nunsuspecting user, would lead to denial of service (application\ncrash). (CVE-2009-2416)\n\nThe desktop must be restarted (log out, then log back in) for this\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0908&L=scientific-linux-errata&T=0&P=314\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28ca566b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"libxml-1.8.17-9.3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"libxml-devel-1.8.17-9.3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"libxml2-2.5.10-15\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"libxml2-devel-2.5.10-15\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"libxml2-python-2.5.10-15\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"libxml2-2.6.16-12.7\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libxml2-devel-2.6.16-12.7\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libxml2-python-2.6.16-12.7\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"libxml2-2.6.26-2.1.2.8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libxml2-devel-2.6.26-2.1.2.8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libxml2-python-2.6.26-2.1.2.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T12:44:40", "description": "From Red Hat Security Advisory 2009:1206 :\n\nUpdated libxml and libxml2 packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nlibxml is a library for parsing and manipulating XML files. A Document\nType Definition (DTD) defines the legal syntax (and also which\nelements can be used) for certain types of files, such as XML files.\n\nA stack overflow flaw was found in the way libxml processes the root\nXML document element definition in a DTD. A remote attacker could\nprovide a specially crafted XML file, which once opened by a local,\nunsuspecting user, would lead to denial of service (application\ncrash). (CVE-2009-2414)\n\nMultiple use-after-free flaws were found in the way libxml parses the\nNotation and Enumeration attribute types. A remote attacker could\nprovide a specially crafted XML file, which once opened by a local,\nunsuspecting user, would lead to denial of service (application\ncrash). (CVE-2009-2416)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For Red Hat Enterprise\nLinux 3, they contain backported patches for the libxml and libxml2\npackages. For Red Hat Enterprise Linux 4 and 5, they contain\nbackported patches for the libxml2 packages. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 / 5 : libxml / libxml2 (ELSA-2009-1206)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libxml2-python", "p-cpe:/a:oracle:linux:libxml2-devel", "p-cpe:/a:oracle:linux:libxml", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:libxml-devel", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:libxml2"], "id": "ORACLELINUX_ELSA-2009-1206.NASL", "href": "https://www.tenable.com/plugins/nessus/67909", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1206 and \n# Oracle Linux Security Advisory ELSA-2009-1206 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67909);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n script_xref(name:\"RHSA\", value:\"2009:1206\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : libxml / libxml2 (ELSA-2009-1206)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1206 :\n\nUpdated libxml and libxml2 packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nlibxml is a library for parsing and manipulating XML files. A Document\nType Definition (DTD) defines the legal syntax (and also which\nelements can be used) for certain types of files, such as XML files.\n\nA stack overflow flaw was found in the way libxml processes the root\nXML document element definition in a DTD. A remote attacker could\nprovide a specially crafted XML file, which once opened by a local,\nunsuspecting user, would lead to denial of service (application\ncrash). (CVE-2009-2414)\n\nMultiple use-after-free flaws were found in the way libxml parses the\nNotation and Enumeration attribute types. A remote attacker could\nprovide a specially crafted XML file, which once opened by a local,\nunsuspecting user, would lead to denial of service (application\ncrash). (CVE-2009-2416)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For Red Hat Enterprise\nLinux 3, they contain backported patches for the libxml and libxml2\npackages. For Red Hat Enterprise Linux 4 and 5, they contain\nbackported patches for the libxml2 packages. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-August/001106.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-August/001109.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-August/001112.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml and / or libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libxml-1.8.17-9.3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libxml-1.8.17-9.3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libxml-devel-1.8.17-9.3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libxml-devel-1.8.17-9.3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libxml2-2.5.10-15.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libxml2-2.5.10-15.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libxml2-devel-2.5.10-15.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libxml2-devel-2.5.10-15.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libxml2-python-2.5.10-15.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libxml2-python-2.5.10-15.0.1\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"libxml2-2.6.16-12.7.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libxml2-devel-2.6.16-12.7.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libxml2-python-2.6.16-12.7.0.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"libxml2-2.6.26-2.1.2.8.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libxml2-devel-2.6.26-2.1.2.8.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libxml2-python-2.6.26-2.1.2.8.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml / libxml-devel / libxml2 / libxml2-devel / libxml2-python\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:45:36", "description": "Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several\nvulnerabilities in libxml, a library for parsing and handling XML data\nfiles, which can lead to denial of service conditions or possibly\narbitrary code execution in the application using the library. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2009-2416\n An XML document with specially crafted Notation or\n Enumeration attribute types in a DTD definition leads to\n the use of a pointers to memory areas which have already\n been freed.\n\n - CVE-2009-2414\n Missing checks for the depth of ELEMENT DTD definitions\n when parsing child content can lead to extensive\n stack-growth due to a function recursion which can be\n triggered via a crafted XML document.", "edition": 27, "published": "2010-02-24T00:00:00", "title": "Debian DSA-1861-1 : libxml - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "modified": "2010-02-24T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:libxml"], "id": "DEBIAN_DSA-1861.NASL", "href": "https://www.tenable.com/plugins/nessus/44726", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1861. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44726);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n script_bugtraq_id(36010);\n script_xref(name:\"DSA\", value:\"1861\");\n\n script_name(english:\"Debian DSA-1861-1 : libxml - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several\nvulnerabilities in libxml, a library for parsing and handling XML data\nfiles, which can lead to denial of service conditions or possibly\narbitrary code execution in the application using the library. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2009-2416\n An XML document with specially crafted Notation or\n Enumeration attribute types in a DTD definition leads to\n the use of a pointers to memory areas which have already\n been freed.\n\n - CVE-2009-2414\n Missing checks for the depth of ELEMENT DTD definitions\n when parsing child content can lead to extensive\n stack-growth due to a function recursion which can be\n triggered via a crafted XML document.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-2416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-2414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1861\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libxml packages.\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 1.8.17-14+etch1.\n\nThe stable (lenny), testing (squeeze) and unstable (sid) distribution\ndo not contain libxml anymore but libxml2 for which DSA-1859-1 has\nbeen released.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libxml-dev\", reference:\"1.8.17-14+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxml1\", reference:\"1.8.17-14+etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:02:25", "description": "This update of libxml does not use pointers after they were freed\nanymore. (CVE-2009-2416) Additionally a stack-based buffer overflow\nwas fixed while parsing the root XML document. (CVE-2009-2414)", "edition": 24, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : libxml.rpm (YOU Patch Number 12504)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12504.NASL", "href": "https://www.tenable.com/plugins/nessus/41325", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41325);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n\n script_name(english:\"SuSE9 Security Update : libxml.rpm (YOU Patch Number 12504)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libxml does not use pointers after they were freed\nanymore. (CVE-2009-2416) Additionally a stack-based buffer overflow\nwas fixed while parsing the root XML document. (CVE-2009-2414)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2414.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2416.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12504.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"libxml-1.8.17-366.8\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"libxml-devel-1.8.17-366.8\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"libxml-32bit-9-200909081614\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:25:51", "description": "Updated libxml and libxml2 packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nlibxml is a library for parsing and manipulating XML files. A Document\nType Definition (DTD) defines the legal syntax (and also which\nelements can be used) for certain types of files, such as XML files.\n\nA stack overflow flaw was found in the way libxml processes the root\nXML document element definition in a DTD. A remote attacker could\nprovide a specially crafted XML file, which once opened by a local,\nunsuspecting user, would lead to denial of service (application\ncrash). (CVE-2009-2414)\n\nMultiple use-after-free flaws were found in the way libxml parses the\nNotation and Enumeration attribute types. A remote attacker could\nprovide a specially crafted XML file, which once opened by a local,\nunsuspecting user, would lead to denial of service (application\ncrash). (CVE-2009-2416)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For Red Hat Enterprise\nLinux 3, they contain backported patches for the libxml and libxml2\npackages. For Red Hat Enterprise Linux 4 and 5, they contain\nbackported patches for the libxml2 packages. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.", "edition": 27, "published": "2009-08-11T00:00:00", "title": "CentOS 3 / 5 : libxml / libxml2 (CESA-2009:1206)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "modified": "2009-08-11T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libxml2", "p-cpe:/a:centos:centos:libxml", "p-cpe:/a:centos:centos:libxml2-python", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:libxml-devel", "cpe:/o:centos:centos:3", "p-cpe:/a:centos:centos:libxml2-devel"], "id": "CENTOS_RHSA-2009-1206.NASL", "href": "https://www.tenable.com/plugins/nessus/40533", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1206 and \n# CentOS Errata and Security Advisory 2009:1206 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40533);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n script_xref(name:\"RHSA\", value:\"2009:1206\");\n\n script_name(english:\"CentOS 3 / 5 : libxml / libxml2 (CESA-2009:1206)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libxml and libxml2 packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nlibxml is a library for parsing and manipulating XML files. A Document\nType Definition (DTD) defines the legal syntax (and also which\nelements can be used) for certain types of files, such as XML files.\n\nA stack overflow flaw was found in the way libxml processes the root\nXML document element definition in a DTD. A remote attacker could\nprovide a specially crafted XML file, which once opened by a local,\nunsuspecting user, would lead to denial of service (application\ncrash). (CVE-2009-2414)\n\nMultiple use-after-free flaws were found in the way libxml parses the\nNotation and Enumeration attribute types. A remote attacker could\nprovide a specially crafted XML file, which once opened by a local,\nunsuspecting user, would lead to denial of service (application\ncrash). (CVE-2009-2416)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For Red Hat Enterprise\nLinux 3, they contain backported patches for the libxml and libxml2\npackages. For Red Hat Enterprise Linux 4 and 5, they contain\nbackported patches for the libxml2 packages. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-August/016068.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0912e0a2\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-August/016069.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?949956dd\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-August/016074.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d815001e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-August/016075.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b3add37\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml and / or libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"libxml-1.8.17-9.3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"libxml-1.8.17-9.3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"libxml-devel-1.8.17-9.3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"libxml-devel-1.8.17-9.3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"libxml2-2.5.10-15\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"libxml2-2.5.10-15\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"libxml2-devel-2.5.10-15\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"libxml2-devel-2.5.10-15\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"libxml2-python-2.5.10-15\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"libxml2-python-2.5.10-15\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"libxml2-2.6.26-2.1.2.8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libxml2-devel-2.6.26-2.1.2.8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libxml2-python-2.6.26-2.1.2.8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml / libxml-devel / libxml2 / libxml2-devel / libxml2-python\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:46:32", "description": "This update of libxml does not use pointers after they were freed\nanymore. (CVE-2009-2416) Additionally a stack-based buffer overflow\nwas fixed while parsing the root XML document. (CVE-2009-2414)", "edition": 24, "published": "2011-01-27T00:00:00", "title": "SuSE 10 Security Update : libxml (ZYPP Patch Number 6482)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "modified": "2011-01-27T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_LIBXML-6482.NASL", "href": "https://www.tenable.com/plugins/nessus/51756", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51756);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n\n script_name(english:\"SuSE 10 Security Update : libxml (ZYPP Patch Number 6482)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libxml does not use pointers after they were freed\nanymore. (CVE-2009-2416) Additionally a stack-based buffer overflow\nwas fixed while parsing the root XML document. (CVE-2009-2414)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2414.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2416.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6482.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"libxml-1.8.17-387.7\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"libxml-32bit-1.8.17-387.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:04:51", "description": "This update of libxml2 does not use pointers after they were freed\nanymore. (CVE-2009-2416) Additionally a stack-based buffer overflow\nwas fixed while parsing the root XML document. (CVE-2009-2414)", "edition": 24, "published": "2009-08-12T00:00:00", "title": "openSUSE Security Update : libxml2 (libxml2-1175)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "modified": "2009-08-12T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:libxml2-devel-32bit", "p-cpe:/a:novell:opensuse:libxml2-devel", "p-cpe:/a:novell:opensuse:libxml2-32bit", "p-cpe:/a:novell:opensuse:libxml2"], "id": "SUSE_11_1_LIBXML2-090807.NASL", "href": "https://www.tenable.com/plugins/nessus/40575", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libxml2-1175.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40575);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n\n script_name(english:\"openSUSE Security Update : libxml2 (libxml2-1175)\");\n script_summary(english:\"Check for the libxml2-1175 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libxml2 does not use pointers after they were freed\nanymore. (CVE-2009-2416) Additionally a stack-based buffer overflow\nwas fixed while parsing the root XML document. (CVE-2009-2414)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=528007\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libxml2-2.7.1-9.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libxml2-devel-2.7.1-9.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libxml2-32bit-2.7.1-9.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.7.1-9.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2017-07-27T10:56:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1206.\n\nlibxml is a library for parsing and manipulating XML files. A Document Type\nDefinition (DTD) defines the legal syntax (and also which elements can be\nused) for certain types of files, such as XML files.\n\nA stack overflow flaw was found in the way libxml processes the root XML\ndocument element definition in a DTD. A remote attacker could provide a\nspecially-crafted XML file, which once opened by a local, unsuspecting\nuser, would lead to denial of service (application crash). (CVE-2009-2414)\n\nMultiple use-after-free flaws were found in the way libxml parses the\nNotation and Enumeration attribute types. A remote attacker could provide\na specially-crafted XML file, which once opened by a local, unsuspecting\nuser, would lead to denial of service (application crash). (CVE-2009-2416)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to resolve these issues. For Red Hat Enterprise Linux 3, they\ncontain backported patches for the libxml and libxml2 packages. For Red Hat\nEnterprise Linux 4 and 5, they contain backported patches for the libxml2\npackages. The desktop must be restarted (log out, then log back in) for\nthis update to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-08-17T00:00:00", "id": "OPENVAS:64596", "href": "http://plugins.openvas.org/nasl.php?oid=64596", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1206", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1206.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1206 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1206.\n\nlibxml is a library for parsing and manipulating XML files. A Document Type\nDefinition (DTD) defines the legal syntax (and also which elements can be\nused) for certain types of files, such as XML files.\n\nA stack overflow flaw was found in the way libxml processes the root XML\ndocument element definition in a DTD. A remote attacker could provide a\nspecially-crafted XML file, which once opened by a local, unsuspecting\nuser, would lead to denial of service (application crash). (CVE-2009-2414)\n\nMultiple use-after-free flaws were found in the way libxml parses the\nNotation and Enumeration attribute types. A remote attacker could provide\na specially-crafted XML file, which once opened by a local, unsuspecting\nuser, would lead to denial of service (application crash). (CVE-2009-2416)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to resolve these issues. For Red Hat Enterprise Linux 3, they\ncontain backported patches for the libxml and libxml2 packages. For Red Hat\nEnterprise Linux 4 and 5, they contain backported patches for the libxml2\npackages. The desktop must be restarted (log out, then log back in) for\nthis update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64596);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1206\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1206.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libxml\", rpm:\"libxml~1.8.17~9.3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml-debuginfo\", rpm:\"libxml-debuginfo~1.8.17~9.3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml-devel\", rpm:\"libxml-devel~1.8.17~9.3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.5.10~15\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.5.10~15\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.5.10~15\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.5.10~15\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.16~12.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.6.16~12.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.16~12.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.16~12.7\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.26~2.1.2.8\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.6.26~2.1.2.8\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.26~2.1.2.8\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.26~2.1.2.8\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "Check for the Version of libxml2", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880794", "href": "http://plugins.openvas.org/nasl.php?oid=880794", "type": "openvas", "title": "CentOS Update for libxml2 CESA-2009:1206 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2009:1206 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"libxml is a library for parsing and manipulating XML files. A Document Type\n Definition (DTD) defines the legal syntax (and also which elements can be\n used) for certain types of files, such as XML files.\n\n A stack overflow flaw was found in the way libxml processes the root XML\n document element definition in a DTD. A remote attacker could provide a\n specially-crafted XML file, which once opened by a local, unsuspecting\n user, would lead to denial of service (application crash). (CVE-2009-2414)\n \n Multiple use-after-free flaws were found in the way libxml parses the\n Notation and Enumeration attribute types. A remote attacker could provide\n a specially-crafted XML file, which once opened by a local, unsuspecting\n user, would lead to denial of service (application crash). (CVE-2009-2416)\n \n Users should upgrade to these updated packages, which contain backported\n patches to resolve these issues. For Red Hat Enterprise Linux 3, they\n contain backported patches for the libxml and libxml2 packages. For Red Hat\n Enterprise Linux 4 and 5, they contain backported patches for the libxml2\n packages. The desktop must be restarted (log out, then log back in) for\n this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libxml2 on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-August/016074.html\");\n script_id(880794);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1206\");\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n script_name(\"CentOS Update for libxml2 CESA-2009:1206 centos5 i386\");\n\n script_summary(\"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.26~2.1.2.8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.26~2.1.2.8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.26~2.1.2.8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "The remote host is missing an update to libxml2\nannounced via advisory DSA 1859-1.", "modified": "2017-07-07T00:00:00", "published": "2009-08-17T00:00:00", "id": "OPENVAS:64638", "href": "http://plugins.openvas.org/nasl.php?oid=64638", "type": "openvas", "title": "Debian Security Advisory DSA 1859-1 (libxml2)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1859_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1859-1 (libxml2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several\nvulnerabilities in libxml2, a library for parsing and handling XML data\nfiles, which can lead to denial of service conditions or possibly arbitrary\ncode execution in the application using the library. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nAn XML document with specially-crafted Notation or Enumeration attribute\ntypes in a DTD definition leads to the use of a pointers to memory areas\nwhich have already been freed (CVE-2009-2416).\n\nMissing checks for the depth of ELEMENT DTD definitions when parsing\nchild content can lead to extensive stack-growth due to a function\nrecursion which can be triggered via a crafted XML document (CVE-2009-2414).\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.27.dfsg-6+etch1.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.6.32.dfsg-5+lenny1.\n\nFor the testing (squeeze) and unstable (sid) distribution, this problem\nwill be fixed soon.\n\n\nWe recommend that you upgrade your libxml2 packages.\";\ntag_summary = \"The remote host is missing an update to libxml2\nannounced via advisory DSA 1859-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201859-1\";\n\n\nif(description)\n{\n script_id(64638);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2416\", \"CVE-2009-2414\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1859-1 (libxml2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.6.27.dfsg-6+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.6.27.dfsg-6+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.6.27.dfsg-6+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.6.27.dfsg-6+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.6.27.dfsg-6+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.6.27.dfsg-6+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.6.32.dfsg-5+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.6.32.dfsg-5+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.6.32.dfsg-5+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.6.32.dfsg-5+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.6.32.dfsg-5+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.6.32.dfsg-5+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "The remote host is missing an update to libxml\nannounced via advisory MDVSA-2009:200-1.", "modified": "2018-04-06T00:00:00", "published": "2009-12-10T00:00:00", "id": "OPENVAS:136141256231066392", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066392", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:200-1 (libxml)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_200_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:200-1 (libxml)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in libxml:\n\nStack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26,\n2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent\nattackers to cause a denial of service (application crash) via a\nlarge depth of element declarations in a DTD, related to a function\nrecursion, as demonstrated by the Codenomicon XML fuzzing framework\n(CVE-2009-2414).\n\nMultiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16,\n2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent\nattackers to cause a denial of service (application crash) via crafted\n(1) Notation or (2) Enumeration attribute types in an XML file, as\ndemonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416).\n\nThis update provides a solution to these vulnerabilities.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:200-1\";\ntag_summary = \"The remote host is missing an update to libxml\nannounced via advisory MDVSA-2009:200-1.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66392\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:200-1 (libxml)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libxml1\", rpm:\"libxml1~1.8.17~11.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml1-devel\", rpm:\"libxml1-devel~1.8.17~11.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2_2\", rpm:\"libxml2_2~2.6.30~1.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.30~1.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.30~1.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.6.30~1.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml1\", rpm:\"lib64xml1~1.8.17~11.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml1-devel\", rpm:\"lib64xml1-devel~1.8.17~11.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml2_2\", rpm:\"lib64xml2_2~2.6.30~1.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.6.30~1.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880755", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880755", "type": "openvas", "title": "CentOS Update for libxml CESA-2009:1206 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml CESA-2009:1206 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-August/016068.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880755\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2009:1206\");\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n script_name(\"CentOS Update for libxml CESA-2009:1206 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS3\");\n script_tag(name:\"affected\", value:\"libxml on CentOS 3\");\n script_tag(name:\"insight\", value:\"libxml is a library for parsing and manipulating XML files. A Document Type\n Definition (DTD) defines the legal syntax (and also which elements can be\n used) for certain types of files, such as XML files.\n\n A stack overflow flaw was found in the way libxml processes the root XML\n document element definition in a DTD. A remote attacker could provide a\n specially-crafted XML file, which once opened by a local, unsuspecting\n user, would lead to denial of service (application crash). (CVE-2009-2414)\n\n Multiple use-after-free flaws were found in the way libxml parses the\n Notation and Enumeration attribute types. A remote attacker could provide\n a specially-crafted XML file, which once opened by a local, unsuspecting\n user, would lead to denial of service (application crash). (CVE-2009-2416)\n\n Users should upgrade to these updated packages, which contain backported\n patches to resolve these issues. For Red Hat Enterprise Linux 3, they\n contain backported patches for the libxml and libxml2 packages. For Red Hat\n Enterprise Linux 4 and 5, they contain backported patches for the libxml2\n packages. The desktop must be restarted (log out, then log back in) for\n this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml\", rpm:\"libxml~1.8.17~9.3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.5.10~15\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.5.10~15\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.5.10~15\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml-devel\", rpm:\"libxml-devel~1.8.17~9.3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:56:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "The remote host is missing an update to libxml2\nannounced via advisory FEDORA-2009-8498.", "modified": "2017-07-10T00:00:00", "published": "2009-08-17T00:00:00", "id": "OPENVAS:64626", "href": "http://plugins.openvas.org/nasl.php?oid=64626", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8498 (libxml2)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8498.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8498 (libxml2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nTwo patches for parsing problems raised by Ficora\n\nChangeLog:\n\n* Mon Aug 10 2009 Daniel Veillard - 2.7.3-3\n- two patches for parsing problems CVE-2009-2414 and CVE-2009-2416\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update libxml2' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8498\";\ntag_summary = \"The remote host is missing an update to libxml2\nannounced via advisory FEDORA-2009-8498.\";\n\n\n\nif(description)\n{\n script_id(64626);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-8498 (libxml2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=515195\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=515205\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.3~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.3~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.3~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-static\", rpm:\"libxml2-static~2.7.3~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.7.3~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "The remote host is missing updates to libxml2 announced in\nadvisory CESA-2009:1206.", "modified": "2018-04-06T00:00:00", "published": "2009-08-17T00:00:00", "id": "OPENVAS:136141256231064662", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064662", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1206 (libxml2)", "sourceData": "#CESA-2009:1206 64662 4\n# $Id: ovcesa2009_1206.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1206 (libxml2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1206\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1206\nhttps://rhn.redhat.com/errata/RHSA-2009-1206.html\";\ntag_summary = \"The remote host is missing updates to libxml2 announced in\nadvisory CESA-2009:1206.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64662\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1206 (libxml2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libxml\", rpm:\"libxml~1.8.17~9.3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.5.10~15\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.5.10~15\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.5.10~15\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml-devel\", rpm:\"libxml-devel~1.8.17~9.3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.26~2.1.2.8\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.26~2.1.2.8\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.26~2.1.2.8\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "The remote host is missing an update to libxml\nannounced via advisory MDVSA-2009:200-1.", "modified": "2017-07-06T00:00:00", "published": "2009-12-10T00:00:00", "id": "OPENVAS:66392", "href": "http://plugins.openvas.org/nasl.php?oid=66392", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:200-1 (libxml)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_200_1.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:200-1 (libxml)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in libxml:\n\nStack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26,\n2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent\nattackers to cause a denial of service (application crash) via a\nlarge depth of element declarations in a DTD, related to a function\nrecursion, as demonstrated by the Codenomicon XML fuzzing framework\n(CVE-2009-2414).\n\nMultiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16,\n2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent\nattackers to cause a denial of service (application crash) via crafted\n(1) Notation or (2) Enumeration attribute types in an XML file, as\ndemonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416).\n\nThis update provides a solution to these vulnerabilities.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:200-1\";\ntag_summary = \"The remote host is missing an update to libxml\nannounced via advisory MDVSA-2009:200-1.\";\n\n \n\nif(description)\n{\n script_id(66392);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:200-1 (libxml)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libxml1\", rpm:\"libxml1~1.8.17~11.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml1-devel\", rpm:\"libxml1-devel~1.8.17~11.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2_2\", rpm:\"libxml2_2~2.6.30~1.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.30~1.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.30~1.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.6.30~1.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml1\", rpm:\"lib64xml1~1.8.17~11.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml1-devel\", rpm:\"lib64xml1-devel~1.8.17~11.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml2_2\", rpm:\"lib64xml2_2~2.6.30~1.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.6.30~1.6mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:56:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libxml\n libxml-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5058211 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65435", "href": "http://plugins.openvas.org/nasl.php?oid=65435", "type": "openvas", "title": "SLES9: Security update for libxml.rpm", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5058211.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for libxml.rpm\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libxml\n libxml-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5058211 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65435);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2009-2416\", \"CVE-2009-2414\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for libxml.rpm\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libxml\", rpm:\"libxml~1.8.17~366.8\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "The remote host is missing an update to libxml\nannounced via advisory MDVSA-2009:200.", "modified": "2017-07-06T00:00:00", "published": "2009-08-17T00:00:00", "id": "OPENVAS:64608", "href": "http://plugins.openvas.org/nasl.php?oid=64608", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:200 (libxml)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_200.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:200 (libxml)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in libxml:\n\nStack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26,\n2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent\nattackers to cause a denial of service (application crash) via a\nlarge depth of element declarations in a DTD, related to a function\nrecursion, as demonstrated by the Codenomicon XML fuzzing framework\n(CVE-2009-2414).\n\nMultiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16,\n2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent\nattackers to cause a denial of service (application crash) via crafted\n(1) Notation or (2) Enumeration attribute types in an XML file, as\ndemonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416).\n\nThis update provides a solution to these vulnerabilities.\n\nAffected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,\n Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:200\";\ntag_summary = \"The remote host is missing an update to libxml\nannounced via advisory MDVSA-2009:200.\";\n\n \n\nif(description)\n{\n script_id(64608);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2414\", \"CVE-2009-2416\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:200 (libxml)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libxml1\", rpm:\"libxml1~1.8.17~12.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml1-devel\", rpm:\"libxml1-devel~1.8.17~12.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2_2\", rpm:\"libxml2_2~2.6.31~1.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.31~1.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.31~1.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.6.31~1.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml1\", rpm:\"lib64xml1~1.8.17~12.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml1-devel\", rpm:\"lib64xml1-devel~1.8.17~12.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml2_2\", rpm:\"lib64xml2_2~2.6.31~1.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.6.31~1.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml1\", rpm:\"libxml1~1.8.17~14.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml1-devel\", rpm:\"libxml1-devel~1.8.17~14.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2_2\", rpm:\"libxml2_2~2.7.1~1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.1~1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.1~1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.7.1~1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml1\", rpm:\"lib64xml1~1.8.17~14.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml1-devel\", rpm:\"lib64xml1-devel~1.8.17~14.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml2_2\", rpm:\"lib64xml2_2~2.7.1~1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.7.1~1.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml1\", rpm:\"libxml1~1.8.17~14.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml1-devel\", rpm:\"libxml1-devel~1.8.17~14.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2_2\", rpm:\"libxml2_2~2.7.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.7.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml1\", rpm:\"lib64xml1~1.8.17~14.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml1-devel\", rpm:\"lib64xml1-devel~1.8.17~14.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml2_2\", rpm:\"lib64xml2_2~2.7.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.7.3~2.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml1\", rpm:\"libxml1~1.8.17~6.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml1-devel\", rpm:\"libxml1-devel~1.8.17~6.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.6~1.7.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.6~1.7.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.6~1.7.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.6.6~1.7.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml1\", rpm:\"lib64xml1~1.8.17~6.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml1-devel\", rpm:\"lib64xml1-devel~1.8.17~6.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml2\", rpm:\"lib64xml2~2.6.6~1.7.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.6.6~1.7.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml2-python\", rpm:\"lib64xml2-python~2.6.6~1.7.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml1\", rpm:\"libxml1~1.8.17~8.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml1-devel\", rpm:\"libxml1-devel~1.8.17~8.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.21~3.6.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.21~3.6.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.21~3.6.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.6.21~3.6.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml1\", rpm:\"lib64xml1~1.8.17~8.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml1-devel\", rpm:\"lib64xml1-devel~1.8.17~8.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml2\", rpm:\"lib64xml2~2.6.21~3.6.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.6.21~3.6.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml2-python\", rpm:\"lib64xml2-python~2.6.21~3.6.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml1\", rpm:\"libxml1~1.8.17~14.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml1-devel\", rpm:\"libxml1-devel~1.8.17~14.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2_2\", rpm:\"libxml2_2~2.7.1~1.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.1~1.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.1~1.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.7.1~1.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml1\", rpm:\"lib64xml1~1.8.17~14.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml1-devel\", rpm:\"lib64xml1-devel~1.8.17~14.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml2_2\", rpm:\"lib64xml2_2~2.7.1~1.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.7.1~1.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": " \nlibxml:\r\n \n[1:1.8.17-9.3]\r\n- fix a couple of crash\r\n- Resolves: rhbg#515226\r\n \nlibxml2:\r\n \n[2.6.26-2.1.2.8.0.1]\r\n- Add libxml2-enterprise.patch and update logos in tarball\r\n \n[2.6.26-2.1.2.8]\r\n- Fix a couple of crash CVE-2009-2414 and CVE-2009-2416\r\n- Resolves: rhbz#515236", "edition": 4, "modified": "2009-08-10T00:00:00", "published": "2009-08-10T00:00:00", "id": "ELSA-2009-1206", "href": "http://linux.oracle.com/errata/ELSA-2009-1206.html", "title": "libxml and libxml2 security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:06", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "### Background\n\nlibxml2 is a library to manipulate XML files. \n\n### Description\n\nThe following vulnerabilities were reported after a test with the Codenomicon XML fuzzing framework: \n\n * Two use-after-free vulnerabilities are possible when parsing a XML file with Notation or Enumeration attribute types (CVE-2009-2416). \n * A stack consumption vulnerability can be triggered via a large depth of element declarations in a DTD, related to a function recursion (CVE-2009-2414). \n\n### Impact\n\nA remote attacker could entice a user or automated system to open a specially crafted XML document with an application using libxml2 resulting in a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll libxml2 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/libxml2-2.7.3-r2\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 30, 2009. It is likely that your system is already no longer affected by this issue.", "edition": 1, "modified": "2010-09-21T00:00:00", "published": "2010-09-21T00:00:00", "id": "GLSA-201009-07", "href": "https://security.gentoo.org/glsa/201009-07", "type": "gentoo", "title": "libxml2: Denial of Service", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "MinGW Windows libxml2 XML processing library. ", "modified": "2009-08-15T08:17:15", "published": "2009-08-15T08:17:15", "id": "FEDORA:4664810F876", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: mingw32-libxml2-2.7.3-2.fc11", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. ", "modified": "2009-08-11T22:40:10", "published": "2009-08-11T22:40:10", "id": "FEDORA:1D4E010F8E7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: libxml2-2.7.3-3.fc11", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0110", "CVE-2004-0989", "CVE-2009-2414", "CVE-2009-2416"], "description": "This library allows old Gnome-1 applications to manipulate XML files. ", "modified": "2009-08-15T08:20:49", "published": "2009-08-15T08:20:49", "id": "FEDORA:12C9F10F85B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: libxml-1.8.17-24.fc10", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0110", "CVE-2004-0989", "CVE-2009-2414", "CVE-2009-2416"], "description": "This library allows old Gnome-1 applications to manipulate XML files. ", "modified": "2009-08-15T08:18:18", "published": "2009-08-15T08:18:18", "id": "FEDORA:9E4C010F868", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: libxml-1.8.17-24.fc11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4225", "CVE-2008-4226", "CVE-2009-2414", "CVE-2009-2416"], "description": "This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. ", "modified": "2009-08-11T22:38:03", "published": "2009-08-11T22:38:03", "id": "FEDORA:042C510F8C4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: libxml2-2.7.3-2.fc10", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:28:20", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1206\n\n\nlibxml is a library for parsing and manipulating XML files. A Document Type\nDefinition (DTD) defines the legal syntax (and also which elements can be\nused) for certain types of files, such as XML files.\n\nA stack overflow flaw was found in the way libxml processes the root XML\ndocument element definition in a DTD. A remote attacker could provide a\nspecially-crafted XML file, which once opened by a local, unsuspecting\nuser, would lead to denial of service (application crash). (CVE-2009-2414)\n\nMultiple use-after-free flaws were found in the way libxml parses the\nNotation and Enumeration attribute types. A remote attacker could provide\na specially-crafted XML file, which once opened by a local, unsuspecting\nuser, would lead to denial of service (application crash). (CVE-2009-2416)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to resolve these issues. For Red Hat Enterprise Linux 3, they\ncontain backported patches for the libxml and libxml2 packages. For Red Hat\nEnterprise Linux 4 and 5, they contain backported patches for the libxml2\npackages. The desktop must be restarted (log out, then log back in) for\nthis update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-August/028106.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-August/028107.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-August/028112.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-August/028113.html\n\n**Affected packages:**\nlibxml\nlibxml-devel\nlibxml2\nlibxml2-devel\nlibxml2-python\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1206.html", "edition": 4, "modified": "2009-08-11T21:21:58", "published": "2009-08-10T21:37:50", "href": "http://lists.centos.org/pipermail/centos-announce/2009-August/028106.html", "id": "CESA-2009:1206", "title": "libxml, libxml2 security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:56", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2414", "CVE-2009-2416"], "description": "libxml is a library for parsing and manipulating XML files. A Document Type\nDefinition (DTD) defines the legal syntax (and also which elements can be\nused) for certain types of files, such as XML files.\n\nA stack overflow flaw was found in the way libxml processes the root XML\ndocument element definition in a DTD. A remote attacker could provide a\nspecially-crafted XML file, which once opened by a local, unsuspecting\nuser, would lead to denial of service (application crash). (CVE-2009-2414)\n\nMultiple use-after-free flaws were found in the way libxml parses the\nNotation and Enumeration attribute types. A remote attacker could provide\na specially-crafted XML file, which once opened by a local, unsuspecting\nuser, would lead to denial of service (application crash). (CVE-2009-2416)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to resolve these issues. For Red Hat Enterprise Linux 3, they\ncontain backported patches for the libxml and libxml2 packages. For Red Hat\nEnterprise Linux 4 and 5, they contain backported patches for the libxml2\npackages. The desktop must be restarted (log out, then log back in) for\nthis update to take effect.", "modified": "2018-05-26T04:26:17", "published": "2009-08-10T04:00:00", "id": "RHSA-2009:1206", "href": "https://access.redhat.com/errata/RHSA-2009:1206", "type": "redhat", "title": "(RHSA-2009:1206) Moderate: libxml and libxml2 security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-08T23:33:00", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2414", "CVE-2009-2416", "CVE-2008-3529"], "description": "It was discovered that libxml2 did not correctly handle root XML document \nelement DTD definitions. If a user were tricked into processing a specially \ncrafted XML document, a remote attacker could cause the application linked \nagainst libxml2 to crash, leading to a denial of service. (CVE-2009-2414)\n\nIt was discovered that libxml2 did not correctly parse Notation and \nEnumeration attribute types. If a user were tricked into processing a \nspecially crafted XML document, a remote attacker could cause the \napplication linked against libxml2 to crash, leading to a denial of \nservice. (CVE-2009-2416)\n\nUSN-644-1 fixed a vulnerability in libxml2. This advisory provides the \ncorresponding update for Ubuntu 9.04.\n\nOriginal advisory details:\n\nIt was discovered that libxml2 did not correctly handle long entity names. \nIf a user were tricked into processing a specially crafted XML document, a \nremote attacker could execute arbitrary code with user privileges or cause \nthe application linked against libxml2 to crash, leading to a denial of \nservice. (CVE-2008-3529)", "edition": 5, "modified": "2009-08-11T00:00:00", "published": "2009-08-11T00:00:00", "id": "USN-815-1", "href": "https://ubuntu.com/security/notices/USN-815-1", "title": "libxml2 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:56", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2416"], "description": "\nMultiple use-after-free vulnerabilities in libxml 1.8.17 that\n\t allow context-dependent attackers to cause a denial of service\n\t (application crash) via crafted (1) Notation or (2) Enumeration\n\t attribute types in an XML file.\n", "edition": 4, "modified": "2011-11-12T00:00:00", "published": "2009-08-03T00:00:00", "id": "CE4B3AF8-0B7C-11E1-846B-00235409FD3E", "href": "https://vuxml.freebsd.org/freebsd/ce4b3af8-0b7c-11e1-846b-00235409fd3e.html", "title": "libxml -- Multiple use-after-free vulnerabilities", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:56", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2414"], "description": "\nStack consumption vulnerability allows context-dependent\n\t attackers to cause a denial of service (application crash) via\n\t a large depth of element declarations in a DTD.\n", "edition": 4, "modified": "2011-11-12T00:00:00", "published": "2009-08-03T00:00:00", "id": "5A7D4110-0B7A-11E1-846B-00235409FD3E", "href": "https://vuxml.freebsd.org/freebsd/5a7d4110-0b7a-11e1-846b-00235409fd3e.html", "title": "libxml -- Stack consumption vulnerability", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}