ID ELSA-2013-0581 Type oraclelinux Reporter Oracle Modified 2013-02-28T00:00:00
Description
[2.7.6-12.0.1.el6_4.1]
- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball
[2.7.6-12.el6_4.1]
-detect and stop excessive entities expansion upon replacement (rhbz#912574)
[2.7.6-12.el6]
- fix out of range heap access (CVE-2012-5134)
[2.7.6-11.el6]
- Change the XPath code to percolate allocation error (CVE-2011-1944)
[2.7.6-10.el6]
- Fix an off by one pointer access (CVE-2011-3102)
[2.7.6-9.el6]
- Fix a failure to report xmlreader parsing failures
- Fix parser local buffers size problems (rhbz#843742)
- Fix entities local buffers size problems (rhbz#843742)
- Fix an error in previous commit (rhbz#843742)
- Do not fetch external parsed entities
- Impose a reasonable limit on attribute size (rhbz#843742)
- Impose a reasonable limit on comment size (rhbz#843742)
- Impose a reasonable limit on PI size (rhbz#843742)
- Cleanups and new limit APIs for dictionaries (rhbz#843742)
- Introduce some default parser limits (rhbz#843742)
- Implement some default limits in the XPath module
- Fixup limits parser (rhbz#843742)
- Enforce XML_PARSER_EOF state handling through the parser
- Avoid quadratic behaviour in some push parsing cases (rhbz#843742)
- More avoid quadratic behaviour (rhbz#843742)
- Strengthen behaviour of the push parser in problematic situations (rhbz#843742)
- More fixups on the push parser behaviour (rhbz#843742)
- Fix a segfault on XSD validation on pattern error
- Fix an unimplemented part in RNG value validation
{"cve": [{"lastseen": "2021-02-02T05:59:55", "description": "Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.", "edition": 6, "cvss3": {}, "published": "2012-11-28T01:55:00", "title": "CVE-2012-5134", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5134"], "modified": "2017-08-29T01:32:00", "cpe": ["cpe:/a:google:chrome:23.0.1271.23", "cpe:/a:xmlsoft:libxml2:2.7.4", "cpe:/a:google:chrome:23.0.1271.61", "cpe:/a:google:chrome:23.0.1271.0", "cpe:/a:xmlsoft:libxml2:2.1.1", "cpe:/a:xmlsoft:libxml2:2.4.13", "cpe:/a:xmlsoft:libxml2:2.6.27", "cpe:/a:xmlsoft:libxml2:2.5.10", "cpe:/a:xmlsoft:libxml2:2.3.7", "cpe:/o:apple:iphone_os:1.1.0", "cpe:/a:google:chrome:23.0.1271.44", "cpe:/a:xmlsoft:libxml2:2.4.15", "cpe:/a:xmlsoft:libxml2:2.0.0", "cpe:/a:google:chrome:23.0.1271.64", "cpe:/a:xmlsoft:libxml2:2.4.28", "cpe:/a:xmlsoft:libxml2:2.6.17", "cpe:/a:google:chrome:23.0.1271.37", "cpe:/o:apple:iphone_os:4.2.1", "cpe:/a:google:chrome:23.0.1271.24", "cpe:/a:xmlsoft:libxml2:1.8.4", "cpe:/a:xmlsoft:libxml2:2.4.18", "cpe:/a:xmlsoft:libxml2:2.4.1", "cpe:/a:google:chrome:23.0.1271.3", "cpe:/a:xmlsoft:libxml2:1.8.5", "cpe:/a:xmlsoft:libxml2:2.7.0", "cpe:/a:xmlsoft:libxml2:2.3.5", "cpe:/a:xmlsoft:libxml2:2.6.7", "cpe:/o:apple:iphone_os:5.0", "cpe:/a:xmlsoft:libxml2:2.6.2", "cpe:/a:google:chrome:23.0.1271.54", "cpe:/o:apple:iphone_os:2.0.0", "cpe:/a:xmlsoft:libxml2:2.3.4", "cpe:/o:apple:iphone_os:3.0", "cpe:/a:xmlsoft:libxml2:1.8.1", "cpe:/a:xmlsoft:libxml2:2.4.5", "cpe:/a:xmlsoft:libxml2:2.2.6", "cpe:/o:apple:iphone_os:4.1", "cpe:/a:xmlsoft:libxml2:1.8.0", "cpe:/o:apple:iphone_os:2.2.1", "cpe:/o:apple:iphone_os:6.0", "cpe:/o:apple:iphone_os:2.0.1", "cpe:/a:google:chrome:23.0.1271.39", "cpe:/a:google:chrome:23.0.1271.41", "cpe:/a:xmlsoft:libxml2:2.5.4", "cpe:/a:xmlsoft:libxml2:2.5.7", "cpe:/a:xmlsoft:libxml2:2.3.1", "cpe:/o:apple:iphone_os:6.1.3", "cpe:/a:google:chrome:23.0.1271.19", "cpe:/a:google:chrome:23.0.1271.51", "cpe:/a:xmlsoft:libxml2:2.4.10", "cpe:/a:google:chrome:23.0.1271.16", "cpe:/a:xmlsoft:libxml2:2.4.12", "cpe:/a:xmlsoft:libxml2:2.6.20", "cpe:/o:apple:iphone_os:4.3.0", "cpe:/a:google:chrome:23.0.1271.32", "cpe:/a:google:chrome:23.0.1271.84", "cpe:/o:apple:iphone_os:4.2.5", "cpe:/a:xmlsoft:libxml2:2.6.11", "cpe:/a:google:chrome:23.0.1271.60", "cpe:/a:google:chrome:23.0.1271.31", "cpe:/o:apple:iphone_os:3.0.1", "cpe:/a:xmlsoft:libxml2:2.3.12", "cpe:/a:google:chrome:23.0.1271.18", "cpe:/o:apple:iphone_os:5.1.1", "cpe:/a:xmlsoft:libxml2:2.7.5", "cpe:/a:google:chrome:23.0.1271.56", "cpe:/o:apple:iphone_os:6.0.1", "cpe:/a:xmlsoft:libxml2:2.6.32", "cpe:/a:xmlsoft:libxml2:2.4.24", "cpe:/a:xmlsoft:libxml2:1.7.0", "cpe:/a:xmlsoft:libxml2:2.5.11", "cpe:/a:google:chrome:23.0.1271.57", "cpe:/a:google:chrome:23.0.1271.14", "cpe:/o:apple:iphone_os:4.3.2", "cpe:/a:xmlsoft:libxml2:2.2.0", "cpe:/a:google:chrome:23.0.1271.2", "cpe:/a:google:chrome:23.0.1271.21", "cpe:/a:google:chrome:23.0.1271.10", "cpe:/a:xmlsoft:libxml2:2.2.4", "cpe:/a:google:chrome:23.0.1271.20", "cpe:/a:xmlsoft:libxml2:2.4.26", "cpe:/a:xmlsoft:libxml2:2.6.14", "cpe:/a:xmlsoft:libxml2:2.7.7", "cpe:/a:xmlsoft:libxml2:2.2.5", "cpe:/a:xmlsoft:libxml2:2.3.0", "cpe:/a:xmlsoft:libxml2:2.6.3", "cpe:/o:apple:iphone_os:6.1.4", "cpe:/o:apple:iphone_os:6.1.2", "cpe:/a:xmlsoft:libxml2:2.4.16", "cpe:/o:apple:iphone_os:4.0.2", "cpe:/a:google:chrome:23.0.1271.1", "cpe:/a:xmlsoft:libxml2:2.3.10", "cpe:/o:apple:iphone_os:3.1.3", "cpe:/a:xmlsoft:libxml2:1.7.4", "cpe:/a:xmlsoft:libxml2:2.6.18", "cpe:/a:xmlsoft:libxml2:1.8.16", "cpe:/a:google:chrome:23.0.1271.22", "cpe:/a:xmlsoft:libxml2:2.3.6", "cpe:/a:google:chrome:23.0.1271.53", "cpe:/a:xmlsoft:libxml2:2.4.30", "cpe:/a:xmlsoft:libxml2:2.6.30", "cpe:/a:google:chrome:23.0.1271.17", "cpe:/a:google:chrome:23.0.1271.36", "cpe:/a:google:chrome:23.0.1271.86", "cpe:/a:xmlsoft:libxml2:2.6.13", "cpe:/a:google:chrome:23.0.1271.46", "cpe:/a:xmlsoft:libxml2:2.4.8", "cpe:/a:xmlsoft:libxml2:2.4.29", "cpe:/a:google:chrome:23.0.1271.85", "cpe:/a:google:chrome:23.0.1271.55", "cpe:/a:google:chrome:23.0.1271.45", "cpe:/a:xmlsoft:libxml2:2.2.8", "cpe:/a:google:chrome:23.0.1271.4", "cpe:/o:apple:iphone_os:4.0.1", "cpe:/o:apple:iphone_os:6.1", "cpe:/o:apple:iphone_os:2.1", "cpe:/a:google:chrome:23.0.1271.40", "cpe:/a:xmlsoft:libxml2:1.7.2", "cpe:/a:xmlsoft:libxml2:2.4.11", "cpe:/o:apple:iphone_os:4.0", "cpe:/a:google:chrome:23.0.1271.15", "cpe:/o:apple:iphone_os:2.0", "cpe:/o:apple:iphone_os:1.1.2", "cpe:/a:google:chrome:23.0.1271.58", "cpe:/a:xmlsoft:libxml2:1.8.9", "cpe:/a:xmlsoft:libxml2:2.3.8", "cpe:/a:google:chrome:23.0.1271.49", "cpe:/a:xmlsoft:libxml2:2.6.1", "cpe:/a:xmlsoft:libxml2:1.8.2", "cpe:/a:xmlsoft:libxml2:2.6.22", "cpe:/a:xmlsoft:libxml2:2.6.12", "cpe:/o:apple:iphone_os:6.0.2", "cpe:/a:xmlsoft:libxml2:2.6.26", "cpe:/o:apple:iphone_os:1.1.4", "cpe:/a:google:chrome:23.0.1271.35", "cpe:/a:xmlsoft:libxml2:2.4.3", "cpe:/a:google:chrome:23.0.1271.83", "cpe:/a:xmlsoft:libxml2:2.2.2", "cpe:/a:xmlsoft:libxml2:2.4.27", "cpe:/o:apple:iphone_os:3.1", "cpe:/a:xmlsoft:libxml2:2.6.8", "cpe:/a:xmlsoft:libxml2:2.4.2", "cpe:/a:xmlsoft:libxml2:2.7.3", "cpe:/a:xmlsoft:libxml2:2.3.14", "cpe:/a:google:chrome:23.0.1271.52", "cpe:/o:apple:iphone_os:4.2.8", "cpe:/a:xmlsoft:libxml2:2.3.11", "cpe:/a:google:chrome:23.0.1271.87", "cpe:/a:xmlsoft:libxml2:2.4.6", "cpe:/a:xmlsoft:libxml2:2.4.22", "cpe:/a:xmlsoft:libxml2:2.6.9", "cpe:/a:google:chrome:23.0.1271.26", "cpe:/a:xmlsoft:libxml2:1.8.7", "cpe:/a:xmlsoft:libxml2:2.4.9", "cpe:/a:xmlsoft:libxml2:2.4.23", "cpe:/o:apple:iphone_os:4.3.3", "cpe:/a:xmlsoft:libxml2:2.5.0", "cpe:/o:apple:iphone_os:5.0.1", "cpe:/a:xmlsoft:libxml2:2.4.25", "cpe:/a:xmlsoft:libxml2:2.2.7", "cpe:/a:google:chrome:23.0.1271.6", "cpe:/a:xmlsoft:libxml2:2.5.8", "cpe:/o:apple:iphone_os:1.1.1", "cpe:/a:xmlsoft:libxml2:1.8.13", "cpe:/o:apple:iphone_os:5.1", "cpe:/a:xmlsoft:libxml2:1.7.1", "cpe:/a:google:chrome:23.0.1271.7", "cpe:/a:xmlsoft:libxml2:2.7.2", "cpe:/a:google:chrome:23.0.1271.13", "cpe:/a:xmlsoft:libxml2:2.3.3", "cpe:/o:apple:iphone_os:2.2", "cpe:/a:google:chrome:23.0.1271.88", "cpe:/o:apple:iphone_os:3.2.1", "cpe:/a:xmlsoft:libxml2:2.4.19", "cpe:/a:google:chrome:23.0.1271.33", "cpe:/a:google:chrome:23.0.1271.30", "cpe:/a:google:chrome:23.0.1271.8", "cpe:/o:apple:iphone_os:2.0.2", "cpe:/a:xmlsoft:libxml2:2.4.4", "cpe:/a:xmlsoft:libxml2:1.7.3", "cpe:/a:xmlsoft:libxml2:2.4.14", "cpe:/a:xmlsoft:libxml2:2.3.9", "cpe:/a:xmlsoft:libxml2:2.6.6", "cpe:/a:xmlsoft:libxml2:2.6.16", "cpe:/a:xmlsoft:libxml2:2.6.5", "cpe:/a:xmlsoft:libxml2:2.4.7", "cpe:/a:google:chrome:23.0.1271.11", "cpe:/a:google:chrome:23.0.1271.50", "cpe:/a:google:chrome:23.0.1271.5", "cpe:/a:xmlsoft:libxml2:2.2.10", "cpe:/o:apple:iphone_os:1.1.3", "cpe:/a:google:chrome:23.0.1271.12", "cpe:/o:apple:iphone_os:1.0.2", "cpe:/o:apple:iphone_os:2.1.1", "cpe:/a:xmlsoft:libxml2:1.8.14", "cpe:/a:xmlsoft:libxml2:2.7.6", "cpe:/a:xmlsoft:libxml2:2.6.4", "cpe:/a:xmlsoft:libxml2:2.4.17", "cpe:/o:apple:iphone_os:3.2.2", "cpe:/a:xmlsoft:libxml2:2.2.3", "cpe:/a:xmlsoft:libxml2:2.2.11", "cpe:/o:apple:iphone_os:3.2", "cpe:/a:xmlsoft:libxml2:2.1.0", "cpe:/a:xmlsoft:libxml2:2.3.2", "cpe:/o:apple:iphone_os:3.1.2", "cpe:/a:google:chrome:23.0.1271.62", "cpe:/a:xmlsoft:libxml2:1.8.6", "cpe:/a:xmlsoft:libxml2:2.4.21", "cpe:/a:xmlsoft:libxml2:2.9.0", "cpe:/o:apple:iphone_os:1.1.5", "cpe:/o:apple:iphone_os:1.0.0", "cpe:/o:apple:iphone_os:1.0.1", "cpe:/a:google:chrome:23.0.1271.38", "cpe:/a:xmlsoft:libxml2:1.8.3", "cpe:/o:apple:iphone_os:4.3.5", "cpe:/o:apple:iphone_os:4.3.1", "cpe:/a:xmlsoft:libxml2:2.4.20", "cpe:/a:xmlsoft:libxml2:2.3.13", "cpe:/a:xmlsoft:libxml2:2.2.9", "cpe:/a:xmlsoft:libxml2:2.7.1", "cpe:/a:xmlsoft:libxml2:2.2.1", "cpe:/a:google:chrome:23.0.1271.89", "cpe:/a:xmlsoft:libxml2:1.8.10", "cpe:/a:xmlsoft:libxml2:2.6.0"], "id": "CVE-2012-5134", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5134", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:23.0.1271.23:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.9:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.54:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.30:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.0:beta:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.89:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.53:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.26:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.58:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.57:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:6.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.24:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.37:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.55:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.17:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.50:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.13:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.61:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.32:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.9.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.51:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.36:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.20:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.39:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.22:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.10:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.25:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.44:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.35:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.18:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.33:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.30:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.21:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.38:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.12:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.62:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.52:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.64:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.87:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.49:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.60:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.7:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.86:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.13:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.84:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.40:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:6.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.15:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.11:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.27:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.56:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.85:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.88:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.26:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.14:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.7:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.41:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.22:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.22:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.6:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.24:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.17:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:23.0.1271.83:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:05", "description": "Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.", "edition": 6, "cvss3": {}, "published": "2012-05-16T00:55:00", "title": "CVE-2011-3102", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3102"], "modified": "2017-12-29T02:29:00", "cpe": ["cpe:/o:apple:iphone_os:1.1.0", "cpe:/o:apple:iphone_os:4.2.1", "cpe:/o:apple:iphone_os:5.0", "cpe:/o:apple:iphone_os:2.0.0", "cpe:/o:apple:iphone_os:3.0", "cpe:/o:apple:iphone_os:4.1", "cpe:/o:apple:iphone_os:2.2.1", "cpe:/o:apple:iphone_os:6.0", "cpe:/o:apple:iphone_os:2.0.1", "cpe:/o:apple:iphone_os:6.1.3", "cpe:/o:apple:iphone_os:4.3.0", "cpe:/o:apple:iphone_os:4.2.5", "cpe:/o:apple:iphone_os:3.0.1", "cpe:/o:apple:iphone_os:5.1.1", "cpe:/o:apple:iphone_os:6.0.1", "cpe:/o:apple:iphone_os:4.3.2", "cpe:/o:apple:iphone_os:6.1.4", "cpe:/o:apple:iphone_os:6.1.2", "cpe:/o:apple:iphone_os:4.0.2", "cpe:/o:apple:iphone_os:3.1.3", "cpe:/o:apple:iphone_os:4.0.1", "cpe:/o:apple:iphone_os:6.1", "cpe:/o:apple:iphone_os:2.1", "cpe:/o:apple:iphone_os:4.0", "cpe:/o:apple:iphone_os:2.0", "cpe:/o:apple:iphone_os:1.1.2", "cpe:/a:google:chrome:19.0.1084.45", "cpe:/o:apple:iphone_os:6.0.2", "cpe:/o:apple:iphone_os:1.1.4", "cpe:/o:apple:iphone_os:3.1", "cpe:/o:apple:iphone_os:4.2.8", "cpe:/o:apple:iphone_os:4.3.3", "cpe:/o:apple:iphone_os:5.0.1", "cpe:/o:apple:iphone_os:1.1.1", "cpe:/o:apple:iphone_os:5.1", "cpe:/o:apple:iphone_os:2.2", "cpe:/o:apple:iphone_os:3.2.1", "cpe:/o:apple:iphone_os:2.0.2", "cpe:/o:apple:iphone_os:1.1.3", "cpe:/o:apple:iphone_os:1.0.2", "cpe:/o:apple:iphone_os:2.1.1", "cpe:/o:apple:iphone_os:3.2.2", "cpe:/o:apple:iphone_os:3.2", "cpe:/o:apple:iphone_os:3.1.2", "cpe:/o:apple:iphone_os:1.1.5", "cpe:/o:apple:iphone_os:1.0.0", "cpe:/o:apple:iphone_os:1.0.1", "cpe:/o:apple:iphone_os:4.3.5", "cpe:/o:apple:iphone_os:4.3.1"], "id": "CVE-2011-3102", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3102", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:6.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:19.0.1084.45:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:6.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:6.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:46", "description": "libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka \"internal entity expansion\" with linear complexity.\nPer http://www.ubuntu.com/usn/USN-1782-1/ \"A security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n Ubuntu 12.10\r\n Ubuntu 12.04 LTS\r\n Ubuntu 11.10\r\n Ubuntu 10.04 LTS\r\n Ubuntu 8.04 LTS\"\r\n\r\nPer http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html \"http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html\"\r\n", "edition": 6, "cvss3": {}, "published": "2013-04-25T23:55:00", "title": "CVE-2013-0338", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0338"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:xmlsoft:libxml2:2.7.4", "cpe:/a:xmlsoft:libxml2:2.1.1", "cpe:/a:xmlsoft:libxml2:2.4.13", "cpe:/a:xmlsoft:libxml2:2.6.27", "cpe:/a:xmlsoft:libxml2:2.5.10", "cpe:/a:xmlsoft:libxml2:2.3.7", "cpe:/a:xmlsoft:libxml2:2.4.15", "cpe:/a:xmlsoft:libxml2:2.0.0", "cpe:/a:xmlsoft:libxml2:2.4.28", "cpe:/a:xmlsoft:libxml2:2.6.17", "cpe:/a:xmlsoft:libxml2:1.8.4", "cpe:/a:xmlsoft:libxml2:2.4.18", "cpe:/a:xmlsoft:libxml2:2.4.1", "cpe:/a:xmlsoft:libxml2:1.8.5", "cpe:/a:xmlsoft:libxml2:2.7.0", "cpe:/a:xmlsoft:libxml2:2.3.5", "cpe:/a:xmlsoft:libxml2:2.6.7", "cpe:/o:opensuse:opensuse:12.1", "cpe:/a:xmlsoft:libxml2:2.6.2", "cpe:/a:xmlsoft:libxml2:2.3.4", "cpe:/a:xmlsoft:libxml2:1.8.1", "cpe:/a:xmlsoft:libxml2:2.4.5", "cpe:/a:xmlsoft:libxml2:2.2.6", "cpe:/a:xmlsoft:libxml2:1.8.0", "cpe:/a:xmlsoft:libxml2:2.6.24", "cpe:/a:xmlsoft:libxml2:2.5.4", "cpe:/a:xmlsoft:libxml2:2.5.7", "cpe:/a:xmlsoft:libxml2:2.3.1", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/a:xmlsoft:libxml2:2.4.10", "cpe:/a:xmlsoft:libxml2:2.4.12", "cpe:/a:xmlsoft:libxml2:2.6.20", "cpe:/a:xmlsoft:libxml2:2.6.11", "cpe:/a:xmlsoft:libxml2:2.3.12", "cpe:/a:xmlsoft:libxml2:2.7.5", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:xmlsoft:libxml2:2.6.32", "cpe:/a:xmlsoft:libxml2:2.4.24", "cpe:/a:xmlsoft:libxml2:1.7.0", "cpe:/a:xmlsoft:libxml2:2.5.11", "cpe:/a:xmlsoft:libxml2:2.2.0", "cpe:/a:xmlsoft:libxml2:2.2.4", "cpe:/a:xmlsoft:libxml2:2.4.26", "cpe:/a:xmlsoft:libxml2:2.6.14", "cpe:/a:xmlsoft:libxml2:2.7.7", "cpe:/a:xmlsoft:libxml2:2.2.5", "cpe:/a:xmlsoft:libxml2:2.3.0", "cpe:/a:xmlsoft:libxml2:2.6.3", "cpe:/a:xmlsoft:libxml2:2.6.25", "cpe:/o:canonical:ubuntu_linux:8.04", "cpe:/a:xmlsoft:libxml2:2.4.16", "cpe:/a:xmlsoft:libxml2:2.3.10", "cpe:/a:xmlsoft:libxml2:1.7.4", "cpe:/a:xmlsoft:libxml2:2.6.18", "cpe:/a:xmlsoft:libxml2:1.8.16", "cpe:/a:xmlsoft:libxml2:2.3.6", "cpe:/a:xmlsoft:libxml2:2.4.30", "cpe:/a:xmlsoft:libxml2:2.6.30", "cpe:/a:xmlsoft:libxml2:2.6.13", "cpe:/a:xmlsoft:libxml2:2.6.28", "cpe:/a:xmlsoft:libxml2:2.4.8", "cpe:/a:xmlsoft:libxml2:2.4.29", "cpe:/a:xmlsoft:libxml2:2.2.8", "cpe:/a:xmlsoft:libxml2:1.7.2", "cpe:/a:xmlsoft:libxml2:2.4.11", "cpe:/a:xmlsoft:libxml2:2.6.23", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/a:xmlsoft:libxml2:1.8.9", "cpe:/a:xmlsoft:libxml2:2.3.8", "cpe:/a:xmlsoft:libxml2:2.6.1", "cpe:/a:xmlsoft:libxml2:1.8.2", "cpe:/a:xmlsoft:libxml2:2.6.22", "cpe:/a:xmlsoft:libxml2:2.6.12", "cpe:/a:xmlsoft:libxml2:2.6.26", "cpe:/a:xmlsoft:libxml2:2.4.3", "cpe:/a:xmlsoft:libxml2:2.2.2", "cpe:/a:xmlsoft:libxml2:2.4.27", "cpe:/a:xmlsoft:libxml2:2.6.8", "cpe:/a:xmlsoft:libxml2:2.4.2", "cpe:/a:xmlsoft:libxml2:2.7.3", "cpe:/a:xmlsoft:libxml2:2.3.14", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:xmlsoft:libxml2:2.3.11", "cpe:/a:xmlsoft:libxml2:2.7.8", "cpe:/a:xmlsoft:libxml2:2.4.6", "cpe:/a:xmlsoft:libxml2:2.4.22", "cpe:/a:xmlsoft:libxml2:2.6.9", "cpe:/a:xmlsoft:libxml2:1.8.7", "cpe:/a:xmlsoft:libxml2:2.4.9", "cpe:/a:xmlsoft:libxml2:2.4.23", "cpe:/o:opensuse:opensuse:12.2", "cpe:/a:xmlsoft:libxml2:2.6.31", "cpe:/a:xmlsoft:libxml2:2.5.0", "cpe:/a:xmlsoft:libxml2:2.4.25", "cpe:/a:xmlsoft:libxml2:2.2.7", "cpe:/a:xmlsoft:libxml2:2.5.8", "cpe:/a:xmlsoft:libxml2:1.8.13", "cpe:/a:xmlsoft:libxml2:1.7.1", "cpe:/a:xmlsoft:libxml2:2.7.2", "cpe:/a:xmlsoft:libxml2:2.3.3", "cpe:/a:xmlsoft:libxml2:2.4.19", "cpe:/a:xmlsoft:libxml2:2.6.29", "cpe:/a:xmlsoft:libxml2:2.4.4", "cpe:/a:xmlsoft:libxml2:1.7.3", "cpe:/a:xmlsoft:libxml2:2.4.14", "cpe:/a:xmlsoft:libxml2:2.3.9", "cpe:/a:xmlsoft:libxml2:2.6.6", "cpe:/a:xmlsoft:libxml2:2.6.16", "cpe:/a:xmlsoft:libxml2:2.6.5", "cpe:/a:xmlsoft:libxml2:2.4.7", "cpe:/a:xmlsoft:libxml2:2.2.10", "cpe:/a:xmlsoft:libxml2:2.6.21", "cpe:/a:xmlsoft:libxml2:1.8.14", "cpe:/a:xmlsoft:libxml2:2.7.6", "cpe:/a:xmlsoft:libxml2:2.6.4", "cpe:/a:xmlsoft:libxml2:2.4.17", "cpe:/a:xmlsoft:libxml2:2.2.3", "cpe:/a:xmlsoft:libxml2:2.2.11", "cpe:/a:xmlsoft:libxml2:2.1.0", "cpe:/o:opensuse:opensuse:12.3", "cpe:/a:xmlsoft:libxml2:2.3.2", "cpe:/a:xmlsoft:libxml2:1.8.6", "cpe:/a:xmlsoft:libxml2:2.4.21", "cpe:/a:xmlsoft:libxml2:2.9.0", "cpe:/a:xmlsoft:libxml2:1.8.3", "cpe:/a:xmlsoft:libxml2:2.4.20", "cpe:/a:xmlsoft:libxml2:2.3.13", "cpe:/a:xmlsoft:libxml2:2.2.9", "cpe:/a:xmlsoft:libxml2:2.7.1", "cpe:/a:xmlsoft:libxml2:2.2.1", "cpe:/a:xmlsoft:libxml2:1.8.10", "cpe:/a:xmlsoft:libxml2:2.6.0"], "id": "CVE-2013-0338", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0338", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:xmlsoft:libxml2:2.6.24:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.9:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.30:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.0:beta:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.14:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.18:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.16:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.21:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.21:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.20:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.9.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.22:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.29:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.25:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.30:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.16:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.25:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.28:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.29:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.13:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.20:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.27:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.31:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.28:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.26:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.14:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.22:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.24:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.23:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.3.12:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:02", "description": "Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.", "edition": 6, "cvss3": {}, "published": "2011-09-02T16:55:00", "title": "CVE-2011-1944", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1944"], "modified": "2016-06-17T01:59:00", "cpe": ["cpe:/a:xmlsoft:libxml2:2.7.4", "cpe:/a:xmlsoft:libxml:1.7.1", "cpe:/a:xmlsoft:libxml2:2.6.27", "cpe:/a:xmlsoft:libxml:1.8.0", "cpe:/a:xmlsoft:libxml2:2.6.17", "cpe:/a:xmlsoft:libxml:1.7.2", "cpe:/a:xmlsoft:libxml2:2.7.0", "cpe:/a:xmlsoft:libxml:1.5.0", "cpe:/a:xmlsoft:libxml2:2.6.7", "cpe:/a:xmlsoft:libxml2:2.6.2", "cpe:/a:xmlsoft:libxml:1.6.2", "cpe:/a:xmlsoft:libxml:1.8.4", "cpe:/a:xmlsoft:libxml:1.8.7", "cpe:/a:xmlsoft:libxml2:2.6.20", "cpe:/a:xmlsoft:libxml2:2.6.11", "cpe:/a:xmlsoft:libxml:1.8.10", "cpe:/a:xmlsoft:libxml2:2.7.5", "cpe:/a:xmlsoft:libxml2:2.6.32", "cpe:/a:xmlsoft:libxml:1.8.9", "cpe:/a:xmlsoft:libxml2:2.6.14", "cpe:/a:xmlsoft:libxml2:2.7.7", "cpe:/a:xmlsoft:libxml2:2.6.3", "cpe:/a:xmlsoft:libxml:1.6.0", "cpe:/a:xmlsoft:libxml2:2.6.18", "cpe:/a:xmlsoft:libxml:1.7.0", "cpe:/a:xmlsoft:libxml2:2.6.30", "cpe:/a:xmlsoft:libxml:1.8.5", "cpe:/a:xmlsoft:libxml2:2.6.13", "cpe:/a:xmlsoft:libxml:1.8.6", "cpe:/a:xmlsoft:libxml:1.8.1", "cpe:/a:xmlsoft:libxml:1.8.3", "cpe:/a:xmlsoft:libxml2:2.6.1", "cpe:/a:xmlsoft:libxml:1.7.4", "cpe:/a:xmlsoft:libxml2:2.6.22", "cpe:/a:xmlsoft:libxml2:2.6.12", "cpe:/a:xmlsoft:libxml2:2.6.26", "cpe:/a:xmlsoft:libxml:1.8.12", "cpe:/a:xmlsoft:libxml:1.8.2", "cpe:/a:xmlsoft:libxml2:2.6.8", "cpe:/a:xmlsoft:libxml:1.8.16", "cpe:/a:xmlsoft:libxml:1.8.15", "cpe:/a:xmlsoft:libxml:1.8.14", "cpe:/a:xmlsoft:libxml:1.8.8", "cpe:/a:xmlsoft:libxml2:2.7.3", "cpe:/a:xmlsoft:libxml2:2.7.8", "cpe:/a:xmlsoft:libxml2:2.6.9", "cpe:/a:xmlsoft:libxml:1.8.13", "cpe:/a:xmlsoft:libxml:1.6.1", "cpe:/a:xmlsoft:libxml2:2.7.2", "cpe:/a:xmlsoft:libxml:1.7.3", "cpe:/a:xmlsoft:libxml2:2.6.6", "cpe:/a:xmlsoft:libxml2:2.6.16", "cpe:/a:xmlsoft:libxml2:2.6.5", "cpe:/a:xmlsoft:libxml2:2.7.6", "cpe:/a:xmlsoft:libxml2:2.6.4", "cpe:/a:xmlsoft:libxml2:2.7.1", "cpe:/a:xmlsoft:libxml2:2.6.0", "cpe:/a:xmlsoft:libxml:1.8.11"], "id": "CVE-2011-1944", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1944", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:xmlsoft:libxml:1.8.12:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.8.14:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.20:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.30:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.8.16:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.8.9:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.8.13:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.22:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.8.15:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.7.2:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-07T11:54:04", "description": "Multiple vulnerabilities was found and corrected in libxml2 :\n\nA heap-buffer overflow was found in the way libxml2 decoded certain\nXML entitites. A remote attacker could provide a specially crafted XML\nfile, which once opened in an application linked against libxml would\ncause that application to crash, or, potentially, execute arbitrary\ncode with the privileges of the user running the application\n(CVE-2012-5134).\n\nA denial of service flaw was found in the way libxml2 performed string\nsubstitutions when entity values for entity references replacement was\nenabled. A remote attacker could provide a specially crafted XML file\nthat, when processed by an application linked against libxml2, would\nlead to excessive CPU consumption (CVE-2013-0338).\n\nAn Off-by-one error in libxml2 allows remote attackers to cause a\ndenial of service (out-of-bounds write) or possibly have unspecified\nother impact via unknown vectors (CVE-2011-3102).\n\nMultiple integer overflows in libxml2, on 64-bit Linux platforms allow\nremote attackers to cause a denial of service or possibly have\nunspecified other impact via unknown vectors (CVE-2012-2807).\n\nThe updated packages have been patched to correct these issues.", "edition": 25, "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : libxml2 (MDVSA-2013:056)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0338", "CVE-2012-5134", "CVE-2011-3102", "CVE-2012-2807"], "modified": "2013-04-20T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libxml2-utils", "cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:lib64xml2-devel", "p-cpe:/a:mandriva:linux:lib64xml2_2", "p-cpe:/a:mandriva:linux:libxml2-python"], "id": "MANDRIVA_MDVSA-2013-056.NASL", "href": "https://www.tenable.com/plugins/nessus/66070", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:056. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66070);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2011-3102\",\n \"CVE-2012-2807\",\n \"CVE-2012-5134\",\n \"CVE-2013-0338\"\n );\n script_bugtraq_id(\n 53540,\n 54718,\n 56684,\n 58180\n );\n script_xref(name:\"MDVSA\", value:\"2013:056\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libxml2 (MDVSA-2013:056)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities was found and corrected in libxml2 :\n\nA heap-buffer overflow was found in the way libxml2 decoded certain\nXML entitites. A remote attacker could provide a specially crafted XML\nfile, which once opened in an application linked against libxml would\ncause that application to crash, or, potentially, execute arbitrary\ncode with the privileges of the user running the application\n(CVE-2012-5134).\n\nA denial of service flaw was found in the way libxml2 performed string\nsubstitutions when entity values for entity references replacement was\nenabled. A remote attacker could provide a specially crafted XML file\nthat, when processed by an application linked against libxml2, would\nlead to excessive CPU consumption (CVE-2013-0338).\n\nAn Off-by-one error in libxml2 allows remote attackers to cause a\ndenial of service (out-of-bounds write) or possibly have unspecified\nother impact via unknown vectors (CVE-2011-3102).\n\nMultiple integer overflows in libxml2, on 64-bit Linux platforms allow\nremote attackers to cause a denial of service or possibly have\nunspecified other impact via unknown vectors (CVE-2012-2807).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=912400\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xml2_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64xml2-devel-2.7.8-14.20120229.2.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64xml2_2-2.7.8-14.20120229.2.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"libxml2-python-2.7.8-14.20120229.2.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"libxml2-utils-2.7.8-14.20120229.2.2.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T03:35:39", "description": "According to its self-reported version number, the remote Junos device\nis affected by multiple vulnerabilities in the libxml2 library :\n\n - A heap-based buffer overflow vulnerability exists which\n can result in arbitrary code execution. (CVE-2011-1944)\n\n - A denial of service vulnerability exists which can\n result in excessive CPU consumption. (CVE-2012-0841)\n\n - A heap-based buffer overflow vulnerability exists in\n the 'xmlParseAttValueComplex' function which can result\n in arbitrary code execution. (CVE-2012-5134)\n\n - A denial of service vulnerability exists due to\n excessive CPU and memory consumption in the processing\n of XML files containing entity declarations with long\n replacement text (also known as 'internal entity\n expansion with linear complexity'). (CVE-2013-0338)\n\n - A denial of service vulnerability exists related to the\n XML_PARSER_EOF state checking. (CVE-2013-2877)\n\nThese vulnerabilities can be exploited by a remote attacker via a\nspecially crafted XML file.", "edition": 27, "published": "2015-01-23T00:00:00", "title": "Juniper Junos libxml2 Library Multiple Vulnerabilities (JSA10669)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0338", "CVE-2012-5134", "CVE-2013-2877", "CVE-2012-0841", "CVE-2011-1944"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:juniper:junos"], "id": "JUNIPER_JSA10669.NASL", "href": "https://www.tenable.com/plugins/nessus/80957", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80957);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/12 19:01:16\");\n\n script_cve_id(\n \"CVE-2011-1944\",\n \"CVE-2012-0841\",\n \"CVE-2012-5134\",\n \"CVE-2013-0338\",\n \"CVE-2013-2877\"\n );\n script_bugtraq_id(48056, 52107, 56684, 58180, 61050);\n\n script_name(english:\"Juniper Junos libxml2 Library Multiple Vulnerabilities (JSA10669)\");\n script_summary(english:\"Checks the Junos version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote Junos device\nis affected by multiple vulnerabilities in the libxml2 library :\n\n - A heap-based buffer overflow vulnerability exists which\n can result in arbitrary code execution. (CVE-2011-1944)\n\n - A denial of service vulnerability exists which can\n result in excessive CPU consumption. (CVE-2012-0841)\n\n - A heap-based buffer overflow vulnerability exists in\n the 'xmlParseAttValueComplex' function which can result\n in arbitrary code execution. (CVE-2012-5134)\n\n - A denial of service vulnerability exists due to\n excessive CPU and memory consumption in the processing\n of XML files containing entity declarations with long\n replacement text (also known as 'internal entity\n expansion with linear complexity'). (CVE-2013-0338)\n\n - A denial of service vulnerability exists related to the\n XML_PARSER_EOF state checking. (CVE-2013-2877)\n\nThese vulnerabilities can be exploited by a remote attacker via a\nspecially crafted XML file.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10669\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant Junos upgrade referenced in Juniper advisory\nJSA10669.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/JUNOS/Version\");\n\n exit(0);\n}\n\ninclude(\"junos.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\n\nfixes = make_array();\nfixes['11.4'] = '11.4R13';\nfixes['12.1X44'] = '12.1X44-D35';\nfixes['12.1X45'] = '12.1X45-D30';\nfixes['12.1X46'] = '12.1X46-D25';\nfixes['12.1X47'] = '12.1X47-D10';\nfixes['12.2'] = '12.2R9';\nfixes['12.3'] = '12.3R7';\nfixes['13.1'] = '13.1R4-S2';\nfixes['13.3'] = '13.3R3';\nfixes['14.1'] = '14.1R2';\nfixes['14.2'] = '14.2R1';\n\nfix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);\n\n# This isn't necessary, but is included in the advisory\nif (fix == \"12.1X44-D35\")\n fix = \"12.1X44-D35 or 12.1X44-D40\";\n\nif (report_verbosity > 0)\n{\n report = get_report(ver:ver, fix:fix);\n security_hole(port:0, extra:report);\n}\nelse security_hole(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:43:08", "description": "libxml2 has been updated to fix the following security issue :\n\n - CVE-2013-0338: libxml2 allowed context-dependent\n attackers to cause a denial of service (CPU and memory\n consumption) via an XML file containing an entity\n declaration with long replacement text and many\n references to this entity, aka 'internal entity\n expansion' with linear complexity.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 19, "published": "2015-05-20T00:00:00", "title": "SUSE SLES10 Security Update : libxml2 (SUSE-SU-2013:1627-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0339", "CVE-2013-0338", "CVE-2012-5134", "CVE-2011-3919", "CVE-2013-2877", "CVE-2011-3102", "CVE-2012-0841", "CVE-2012-2807"], "modified": "2015-05-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libxml2-python", "p-cpe:/a:novell:suse_linux:libxml2", "p-cpe:/a:novell:suse_linux:libxml2-devel", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2013-1627-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83599", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2013:1627-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83599);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3102\", \"CVE-2011-3919\", \"CVE-2012-0841\", \"CVE-2012-2807\", \"CVE-2012-5134\", \"CVE-2013-0338\", \"CVE-2013-0339\", \"CVE-2013-2877\");\n script_bugtraq_id(51300, 52107, 53540, 54203, 54718, 56684, 58180, 59000, 61041, 61050);\n\n script_name(english:\"SUSE SLES10 Security Update : libxml2 (SUSE-SU-2013:1627-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libxml2 has been updated to fix the following security issue :\n\n - CVE-2013-0338: libxml2 allowed context-dependent\n attackers to cause a denial of service (CPU and memory\n consumption) via an XML file containing an entity\n declaration with long replacement text and many\n references to this entity, aka 'internal entity\n expansion' with linear complexity.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://download.suse.com/patch/finder/?keywords=aeb05c467f847178dc94b70e3bc77cc8\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cdc8f74f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3102.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3919.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0841.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2807.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-5134.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0338.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0339.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2877.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/829077\"\n );\n # https://www.suse.com/support/update/announcement/2013/suse-su-20131627-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?18ac0600\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! ereg(pattern:\"^4$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"libxml2-32bit-2.6.23-15.39.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.6.23-15.39.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"libxml2-32bit-2.6.23-15.39.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"libxml2-devel-32bit-2.6.23-15.39.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"libxml2-2.6.23-15.39.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"libxml2-devel-2.6.23-15.39.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"libxml2-python-2.6.23-15.39.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T07:48:43", "description": "The remote VMware ESXi 5.0 host is affected by the following\nvulnerabilities :\n\n - An off-by-one overflow condition exists in the\n xmlXPtrEvalXPtrPart() function due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted XML file, to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2011-3102)\n\n - Multiple integer overflow conditions exist due to\n improper validation of user-supplied input when handling\n overly long strings. An unauthenticated, remote\n attacker can exploit this, via a specially crafted XML\n file, to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2012-2807)\n\n - A heap-based underflow condition exists in the bundled\n libxml2 library due to incorrect parsing of strings not\n containing an expected space. A remote attacker can\n exploit this, via a specially crafted XML document, to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2012-5134)\n\n - A privilege escalation vulnerability exists due to\n improper handling of control code in the lgtosync.sys\n driver. A local attacker can exploit this escalate\n privileges on Windows-based 32-bit guest operating\n systems. (CVE-2013-3519)", "edition": 27, "published": "2013-11-13T00:00:00", "title": "ESXi 5.0 < Build 1022489 Multiple Vulnerabilities (remote check)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-3519", "CVE-2012-5134", "CVE-2011-3102", "CVE-2012-2807"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:vmware:esxi"], "id": "VMWARE_ESXI_5_0_BUILD_1022489_REMOTE.NASL", "href": "https://www.tenable.com/plugins/nessus/70877", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70877);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2011-3102\",\n \"CVE-2012-2807\",\n \"CVE-2012-5134\",\n \"CVE-2013-3519\"\n );\n script_bugtraq_id(\n 53540,\n 54718,\n 56684,\n 64075\n );\n script_xref(name:\"VMSA\", value:\"2013-0001\");\n script_xref(name:\"VMSA\", value:\"2013-0004\");\n script_xref(name:\"VMSA\", value:\"2013-0014\");\n\n script_name(english:\"ESXi 5.0 < Build 1022489 Multiple Vulnerabilities (remote check)\");\n script_summary(english:\"Checks ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESXi 5.0 host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESXi 5.0 host is affected by the following\nvulnerabilities :\n\n - An off-by-one overflow condition exists in the\n xmlXPtrEvalXPtrPart() function due to improper\n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted XML file, to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2011-3102)\n\n - Multiple integer overflow conditions exist due to\n improper validation of user-supplied input when handling\n overly long strings. An unauthenticated, remote\n attacker can exploit this, via a specially crafted XML\n file, to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2012-2807)\n\n - A heap-based underflow condition exists in the bundled\n libxml2 library due to incorrect parsing of strings not\n containing an expected space. A remote attacker can\n exploit this, via a specially crafted XML document, to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2012-5134)\n\n - A privilege escalation vulnerability exists due to\n improper handling of control code in the lgtosync.sys\n driver. A local attacker can exploit this escalate\n privileges on Windows-based 32-bit guest operating\n systems. (CVE-2013-3519)\");\n # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2044378\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac4c6a1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2013-0001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2013-0004.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2013-0014.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply patch ESXi500-201303101-SG.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-3519\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is (C) 2013-2019 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\n\nif (\"ESXi\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi\");\nif (\"VMware ESXi 5.0\" >!< rel) audit(AUDIT_OS_NOT, \"ESXi 5.0\");\n\nmatch = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel);\nif (isnull(match)) exit(1, 'Failed to extract the ESXi build number.');\n\nbuild = int(match[1]);\nfixed_build = 1022489;\n\nif (build < fixed_build)\n{\n if (report_verbosity > 0)\n {\n report = '\\n ESXi version : ' + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse exit(0, \"The host has \"+ver+\" build \"+build+\" and thus is not affected.\");\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:55:16", "description": "The remote host is affected by the vulnerability described in GLSA-201311-06\n(libxml2: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libxml2. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted\n document with an application linked against libxml2, possibly resulting\n in execution of arbitrary code with the privileges of the process or a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "published": "2013-11-11T00:00:00", "title": "GLSA-201311-06 : libxml2: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2871", "CVE-2013-0338", "CVE-2012-5134", "CVE-2013-2877", "CVE-2013-1969", "CVE-2013-1664"], "modified": "2013-11-11T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:libxml2"], "id": "GENTOO_GLSA-201311-06.NASL", "href": "https://www.tenable.com/plugins/nessus/70836", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201311-06.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70836);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2871\", \"CVE-2012-5134\", \"CVE-2013-0338\", \"CVE-2013-1664\", \"CVE-2013-1969\", \"CVE-2013-2877\");\n script_bugtraq_id(55331, 56684, 58180, 58892, 59265, 61050);\n script_xref(name:\"GLSA\", value:\"201311-06\");\n\n script_name(english:\"GLSA-201311-06 : libxml2: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201311-06\n(libxml2: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libxml2. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted\n document with an application linked against libxml2, possibly resulting\n in execution of arbitrary code with the privileges of the process or a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201311-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libxml2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/libxml2-2.9.1-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/libxml2\", unaffected:make_list(\"ge 2.9.1-r1\"), vulnerable:make_list(\"lt 2.9.1-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:12:05", "description": "Updated libxml2 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards.\n\nA denial of service flaw was found in the way libxml2 performed string\nsubstitutions when entity values for entity references replacement was\nenabled. A remote attacker could provide a specially crafted XML file\nthat, when processed by an application linked against libxml2, would\nlead to excessive CPU consumption. (CVE-2013-0338)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.", "edition": 24, "published": "2013-03-01T00:00:00", "title": "RHEL 5 / 6 : libxml2 (RHSA-2013:0581)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0338"], "modified": "2013-03-01T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:libxml2-debuginfo", "cpe:/o:redhat:enterprise_linux:5.9", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:libxml2-devel", "p-cpe:/a:redhat:enterprise_linux:libxml2-python", "p-cpe:/a:redhat:enterprise_linux:libxml2-static", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:libxml2"], "id": "REDHAT-RHSA-2013-0581.NASL", "href": "https://www.tenable.com/plugins/nessus/64945", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0581. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64945);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0338\");\n script_bugtraq_id(58180);\n script_xref(name:\"RHSA\", value:\"2013:0581\");\n\n script_name(english:\"RHEL 5 / 6 : libxml2 (RHSA-2013:0581)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libxml2 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards.\n\nA denial of service flaw was found in the way libxml2 performed string\nsubstitutions when entity values for entity references replacement was\nenabled. A remote attacker could provide a specially crafted XML file\nthat, when processed by an application linked against libxml2, would\nlead to excessive CPU consumption. (CVE-2013-0338)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0338\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0581\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"libxml2-2.6.26-2.1.21.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"libxml2-debuginfo-2.6.26-2.1.21.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"libxml2-devel-2.6.26-2.1.21.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libxml2-python-2.6.26-2.1.21.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"libxml2-python-2.6.26-2.1.21.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libxml2-python-2.6.26-2.1.21.el5_9.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"libxml2-2.7.6-12.el6_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libxml2-debuginfo-2.7.6-12.el6_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libxml2-devel-2.7.6-12.el6_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libxml2-python-2.7.6-12.el6_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libxml2-python-2.7.6-12.el6_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libxml2-python-2.7.6-12.el6_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"libxml2-static-2.7.6-12.el6_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"libxml2-static-2.7.6-12.el6_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libxml2-static-2.7.6-12.el6_4.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:01:03", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - libxml2 2.9.0 and earlier allows context-dependent\n attackers to cause a denial of service (CPU and memory\n consumption) via an XML file containing an entity\n declaration with long replacement text and many\n references to this entity, aka 'internal entity\n expansion' with linear complexity. (CVE-2013-0338)", "edition": 25, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : libxml2 (cve_2013_0338_denial_of)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0338"], "modified": "2015-01-19T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:libxml2"], "id": "SOLARIS11_LIBXML2_20130716.NASL", "href": "https://www.tenable.com/plugins/nessus/80690", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80690);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0338\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : libxml2 (cve_2013_0338_denial_of)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - libxml2 2.9.0 and earlier allows context-dependent\n attackers to cause a denial of service (CPU and memory\n consumption) via an XML file containing an entity\n declaration with long replacement text and many\n references to this entity, aka 'internal entity\n expansion' with linear complexity. (CVE-2013-0338)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2013-0338-denial-of-service-dos-vulnerability-in-libxml2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.7.5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:libxml2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^libxml2$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.7.0.5.0\", sru:\"SRU 11.1.7.5.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : libxml2\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"libxml2\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:26:26", "description": "libxml2 was updated to limit internal entity expansion denial of\nservice problems (IXE) (CVE-2013-0338) (bnc#805233)", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libxml2 (openSUSE-SU-2013:0552-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0338"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libxml2-2-debuginfo", "p-cpe:/a:novell:opensuse:python-libxml2-debuginfo", "p-cpe:/a:novell:opensuse:python-libxml2", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libxml2-2", "p-cpe:/a:novell:opensuse:libxml2-devel-32bit", "p-cpe:/a:novell:opensuse:libxml2-debuginfo", "p-cpe:/a:novell:opensuse:libxml2-debugsource", "p-cpe:/a:novell:opensuse:libxml2-devel", "p-cpe:/a:novell:opensuse:libxml2-2-32bit", "p-cpe:/a:novell:opensuse:python-libxml2-debugsource", "p-cpe:/a:novell:opensuse:libxml2-32bit", "p-cpe:/a:novell:opensuse:libxml2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo", "p-cpe:/a:novell:opensuse:libxml2", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:libxml2-tools", "p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit"], "id": "OPENSUSE-2013-263.NASL", "href": "https://www.tenable.com/plugins/nessus/74946", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-263.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74946);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-0338\");\n\n script_name(english:\"openSUSE Security Update : libxml2 (openSUSE-SU-2013:0552-1)\");\n script_summary(english:\"Check for the openSUSE-2013-263 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libxml2 was updated to limit internal entity expansion denial of\nservice problems (IXE) (CVE-2013-0338) (bnc#805233)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=805233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2|SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2 / 12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libxml2-2.7.8+git20110708-3.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libxml2-debuginfo-2.7.8+git20110708-3.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libxml2-debugsource-2.7.8+git20110708-3.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libxml2-devel-2.7.8+git20110708-3.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libxml2-32bit-2.7.8+git20110708-3.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libxml2-debuginfo-32bit-2.7.8+git20110708-3.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.7.8+git20110708-3.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libxml2-2-2.7.8+git20120223-8.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libxml2-2-debuginfo-2.7.8+git20120223-8.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libxml2-debugsource-2.7.8+git20120223-8.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libxml2-devel-2.7.8+git20120223-8.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libxml2-tools-2.7.8+git20120223-8.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libxml2-tools-debuginfo-2.7.8+git20120223-8.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"python-libxml2-2.7.8+git20120223-8.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"python-libxml2-debuginfo-2.7.8+git20120223-8.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"python-libxml2-debugsource-2.7.8+git20120223-8.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.7.8+git20120223-8.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.7.8+git20120223-8.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.7.8+git20120223-8.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libxml2-2-2.9.0-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libxml2-2-debuginfo-2.9.0-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libxml2-debugsource-2.9.0-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libxml2-devel-2.9.0-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libxml2-tools-2.9.0-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libxml2-tools-debuginfo-2.9.0-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-libxml2-2.9.0-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-libxml2-debuginfo-2.9.0-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-libxml2-debugsource-2.9.0-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.0-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.0-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.9.0-2.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-03-01T07:25:49", "description": "It was discovered that libxml2 incorrectly handled XML entity\nexpansion. An attacker could use this flaw to cause libxml2 to consume\nlarge amounts of resources, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2013-03-29T00:00:00", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : libxml2 vulnerability (USN-1782-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0338"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:libxml2", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1782-1.NASL", "href": "https://www.tenable.com/plugins/nessus/65730", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1782-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65730);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-0338\");\n script_bugtraq_id(58180);\n script_xref(name:\"USN\", value:\"1782-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : libxml2 vulnerability (USN-1782-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libxml2 incorrectly handled XML entity\nexpansion. An attacker could use this flaw to cause libxml2 to consume\nlarge amounts of resources, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1782-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|11\\.10|12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 11.10 / 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libxml2\", pkgver:\"2.6.31.dfsg-2ubuntu1.12\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libxml2\", pkgver:\"2.7.6.dfsg-1ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libxml2\", pkgver:\"2.7.8.dfsg-4ubuntu0.6\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libxml2\", pkgver:\"2.7.8.dfsg-5.1ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libxml2\", pkgver:\"2.8.0+dfsg1-5ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T12:47:48", "description": "From Red Hat Security Advisory 2013:0581 :\n\nUpdated libxml2 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards.\n\nA denial of service flaw was found in the way libxml2 performed string\nsubstitutions when entity values for entity references replacement was\nenabled. A remote attacker could provide a specially crafted XML file\nthat, when processed by an application linked against libxml2, would\nlead to excessive CPU consumption. (CVE-2013-0338)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.", "edition": 21, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : libxml2 (ELSA-2013-0581)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0338"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:libxml2-python", "p-cpe:/a:oracle:linux:libxml2-static", "p-cpe:/a:oracle:linux:libxml2-devel", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:libxml2"], "id": "ORACLELINUX_ELSA-2013-0581.NASL", "href": "https://www.tenable.com/plugins/nessus/68767", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0581 and \n# Oracle Linux Security Advisory ELSA-2013-0581 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68767);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0338\");\n script_bugtraq_id(48056, 53540, 56684, 58180);\n script_xref(name:\"RHSA\", value:\"2013:0581\");\n\n script_name(english:\"Oracle Linux 5 / 6 : libxml2 (ELSA-2013-0581)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0581 :\n\nUpdated libxml2 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards.\n\nA denial of service flaw was found in the way libxml2 performed string\nsubstitutions when entity values for entity references replacement was\nenabled. A remote attacker could provide a specially crafted XML file\nthat, when processed by an application linked against libxml2, would\nlead to excessive CPU consumption. (CVE-2013-0338)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-February/003308.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-March/003319.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"libxml2-2.6.26-2.1.21.0.1.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libxml2-devel-2.6.26-2.1.21.0.1.el5_9.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libxml2-python-2.6.26-2.1.21.0.1.el5_9.1\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"libxml2-2.7.6-12.0.1.el6_4.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libxml2-devel-2.7.6-12.0.1.el6_4.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libxml2-python-2.7.6-12.0.1.el6_4.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libxml2-static-2.7.6-12.0.1.el6_4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-devel / libxml2-python / libxml2-static\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:36:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0338", "CVE-2012-5134", "CVE-2013-2877", "CVE-2012-0841", "CVE-2011-1944"], "description": "Multiple vulnerabilities in the libxml version used by Junos OS.", "modified": "2018-10-26T00:00:00", "published": "2015-01-23T00:00:00", "id": "OPENVAS:1361412562310105943", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105943", "type": "openvas", "title": "Junos Multiple xml2 Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_junos_JSA10669.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Junos Multiple libxml2 Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:juniper:junos';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105943\");\n script_cve_id(\"CVE-2011-1944\", \"CVE-2012-5134\", \"CVE-2012-0841\", \"CVE-2013-2877\", \"CVE-2013-0338\");\n script_bugtraq_id(48056, 56684, 52107, 61050, 58180);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 12106 $\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Junos Multiple xml2 Vulnerabilities\");\n\n script_xref(name:\"URL\", value:\"http://kb.juniper.net/JSA10669\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities in the libxml version used by Junos OS.\");\n\n script_tag(name:\"impact\", value:\"The vulnerabilities may lead to DoS attacks or arbitrary code\nexecution.\");\n\n script_tag(name:\"insight\", value:\"libxml2 has been updated from 2.7.6 to 2.9.1 in Junos OS to\naddress multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable OS build is present on the target host.\");\n script_tag(name:\"solution\", value:\"New builds of Junos OS software are available from Juniper.\");\n script_tag(name:\"affected\", value:\"Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.3 and 14.1\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-23 10:32:34 +0700 (Fri, 23 Jan 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"JunOS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_ssh_junos_get_version.nasl\", \"gb_junos_snmp_version.nasl\");\n script_mandatory_keys(\"Junos/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nif (revcomp(a:version, b:\"11.4R13\") < 0) {\n security_message(port:0, data:version);\n exit(0);\n}\n\nif (version =~ \"^12\") {\n if (revcomp(a:version, b:\"12.1X44-D35\") < 0) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.1X45-D30\") < 0) &&\n (revcomp(a:version, b:\"12.1X45\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.1X46-D25\") < 0) &&\n (revcomp(a:version, b:\"12.1X46\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.1X47-D10\") < 0) &&\n (revcomp(a:version, b:\"12.1X47\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.2R9\") < 0) &&\n (revcomp(a:version, b:\"12.2\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"12.3R7\") < 0) &&\n (revcomp(a:version, b:\"12.3\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n}\n\nif (version =~ \"^13\") {\n if (revcomp(a:version, b:\"13.1R4-S2\") < 0) {\n security_message(port:0, data:version);\n exit(0);\n }\n else if ((revcomp(a:version, b:\"13.3R3\") < 0) &&\n (revcomp(a:version, b:\"13.3\") >= 0)) {\n security_message(port:0, data:version);\n exit(0);\n }\n}\n\nif (version =~ \"^14\") {\n if (revcomp(a:version, b:\"14.1R2\") < 0) {\n security_message(port:0, data:version);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2871", "CVE-2013-0338", "CVE-2012-5134", "CVE-2013-2877", "CVE-2013-1969", "CVE-2013-1664"], "description": "Gentoo Linux Local Security Checks GLSA 201311-06", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121065", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121065", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201311-06", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201311-06.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121065\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:16 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201311-06\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201311-06\");\n script_cve_id(\"CVE-2012-2871\", \"CVE-2012-5134\", \"CVE-2013-0338\", \"CVE-2013-1664\", \"CVE-2013-1969\", \"CVE-2013-2877\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201311-06\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-libs/libxml2\", unaffected: make_list(\"ge 2.9.1-r1\"), vulnerable: make_list(\"lt 2.9.1-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0338"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-03-12T00:00:00", "id": "OPENVAS:1361412562310881647", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881647", "type": "openvas", "title": "CentOS Update for libxml2 CESA-2013:0581 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2013:0581 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-March/019627.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881647\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 09:59:39 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2013-0338\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2013:0581\");\n script_name(\"CentOS Update for libxml2 CESA-2013:0581 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"libxml2 on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The libxml2 library is a development toolbox providing the implementation\n of various XML standards.\n\n A denial of service flaw was found in the way libxml2 performed string\n substitutions when entity values for entity references replacement was\n enabled. A remote attacker could provide a specially-crafted XML file that,\n when processed by an application linked against libxml2, would lead to\n excessive CPU consumption. (CVE-2013-0338)\n\n All users of libxml2 are advised to upgrade to these updated packages,\n which contain a backported patch to correct this issue. The desktop must\n be restarted (log out, then log back in) for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.6~12.el6_4.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.6~12.el6_4.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.6~12.el6_4.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-static\", rpm:\"libxml2-static~2.7.6~12.el6_4.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0338"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-03-05T00:00:00", "id": "OPENVAS:1361412562310870946", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870946", "type": "openvas", "title": "RedHat Update for libxml2 RHSA-2013:0581-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libxml2 RHSA-2013:0581-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00083.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870946\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-05 09:42:50 +0530 (Tue, 05 Mar 2013)\");\n script_cve_id(\"CVE-2013-0338\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"RHSA\", value:\"2013:0581-01\");\n script_name(\"RedHat Update for libxml2 RHSA-2013:0581-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n script_tag(name:\"affected\", value:\"libxml2 on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The libxml2 library is a development toolbox providing the implementation\n of various XML standards.\n\n A denial of service flaw was found in the way libxml2 performed string\n substitutions when entity values for entity references replacement was\n enabled. A remote attacker could provide a specially-crafted XML file that,\n when processed by an application linked against libxml2, would lead to\n excessive CPU consumption. (CVE-2013-0338)\n\n All users of libxml2 are advised to upgrade to these updated packages,\n which contain a backported patch to correct this issue. The desktop must\n be restarted (log out, then log back in) for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.6~12.el6_4.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.7.6~12.el6_4.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.6~12.el6_4.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.6~12.el6_4.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.26~2.1.21.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.6.26~2.1.21.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.26~2.1.21.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.26~2.1.21.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T23:02:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0338"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120136", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120136", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2013-188)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120136\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:18:21 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2013-188)\");\n script_tag(name:\"insight\", value:\"libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka internal entity expansion with linear complexity.\");\n script_tag(name:\"solution\", value:\"Run yum update libxml2 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-188.html\");\n script_cve_id(\"CVE-2013-0338\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.7.8~10.26.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-static\", rpm:\"libxml2-static~2.7.8~10.26.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.8~10.26.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.8~10.26.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.8~10.26.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-02-06T13:10:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0338"], "description": "Check for the Version of libxml2", "modified": "2018-02-05T00:00:00", "published": "2013-03-05T00:00:00", "id": "OPENVAS:881617", "href": "http://plugins.openvas.org/nasl.php?oid=881617", "type": "openvas", "title": "CentOS Update for libxml2 CESA-2013:0581 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2013:0581 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libxml2 library is a development toolbox providing the implementation\n of various XML standards.\n\n A denial of service flaw was found in the way libxml2 performed string\n substitutions when entity values for entity references replacement was\n enabled. A remote attacker could provide a specially-crafted XML file that,\n when processed by an application linked against libxml2, would lead to\n excessive CPU consumption. (CVE-2013-0338)\n\n All users of libxml2 are advised to upgrade to these updated packages,\n which contain a backported patch to correct this issue. The desktop must\n be restarted (log out, then log back in) for this update to take effect.\";\n\n\ntag_affected = \"libxml2 on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019260.html\");\n script_id(881617);\n script_version(\"$Revision: 8672 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-05 09:43:19 +0530 (Tue, 05 Mar 2013)\");\n script_cve_id(\"CVE-2013-0338\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0581\");\n script_name(\"CentOS Update for libxml2 CESA-2013:0581 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.26~2.1.21.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.26~2.1.21.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.26~2.1.21.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-26T11:09:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0338"], "description": "Check for the Version of libxml2", "modified": "2018-01-26T00:00:00", "published": "2013-04-02T00:00:00", "id": "OPENVAS:841380", "href": "http://plugins.openvas.org/nasl.php?oid=841380", "type": "openvas", "title": "Ubuntu Update for libxml2 USN-1782-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1782_1.nasl 8542 2018-01-26 06:57:28Z teissa $\n#\n# Ubuntu Update for libxml2 USN-1782-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"libxml2 on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_insight = \"It was discovered that libxml2 incorrectly handled XML entity expansion.\n An attacker could use this flaw to cause libxml2 to consume large amounts\n of resources, resulting in a denial of service.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1782-1/\");\n script_id(841380);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 12:27:22 +0530 (Tue, 02 Apr 2013)\");\n script_cve_id(\"CVE-2013-0338\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"USN\", value: \"1782-1\");\n script_name(\"Ubuntu Update for libxml2 USN-1782-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.7.8.dfsg-5.1ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.7.8.dfsg-4ubuntu0.6\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.7.6.dfsg-1ubuntu1.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.6.31.dfsg-2ubuntu1.12\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.8.0+dfsg1-5ubuntu2.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:51:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0338"], "description": "Check for the Version of libxml2", "modified": "2017-07-10T00:00:00", "published": "2013-03-12T00:00:00", "id": "OPENVAS:881647", "href": "http://plugins.openvas.org/nasl.php?oid=881647", "type": "openvas", "title": "CentOS Update for libxml2 CESA-2013:0581 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2013:0581 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libxml2 library is a development toolbox providing the implementation\n of various XML standards.\n\n A denial of service flaw was found in the way libxml2 performed string\n substitutions when entity values for entity references replacement was\n enabled. A remote attacker could provide a specially-crafted XML file that,\n when processed by an application linked against libxml2, would lead to\n excessive CPU consumption. (CVE-2013-0338)\n \n All users of libxml2 are advised to upgrade to these updated packages,\n which contain a backported patch to correct this issue. The desktop must\n be restarted (log out, then log back in) for this update to take effect.\";\n\n\ntag_affected = \"libxml2 on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019627.html\");\n script_id(881647);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 09:59:39 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2013-0338\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0581\");\n script_name(\"CentOS Update for libxml2 CESA-2013:0581 centos6 \");\n\n script_summary(\"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.6~12.el6_4.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.6~12.el6_4.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.6~12.el6_4.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-static\", rpm:\"libxml2-static~2.7.6~12.el6_4.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0338"], "description": "Oracle Linux Local Security Checks ELSA-2013-0581", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123687", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123687", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0581", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0581.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123687\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:14 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0581\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0581 - libxml2 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0581\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0581.html\");\n script_cve_id(\"CVE-2013-0338\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.26~2.1.21.0.1.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.26~2.1.21.0.1.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.26~2.1.21.0.1.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.6~12.0.1.el6_4.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.6~12.0.1.el6_4.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.6~12.0.1.el6_4.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libxml2-static\", rpm:\"libxml2-static~2.7.6~12.0.1.el6_4.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-26T11:10:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0338"], "description": "Check for the Version of libxml2", "modified": "2018-01-25T00:00:00", "published": "2013-03-05T00:00:00", "id": "OPENVAS:870946", "href": "http://plugins.openvas.org/nasl.php?oid=870946", "type": "openvas", "title": "RedHat Update for libxml2 RHSA-2013:0581-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libxml2 RHSA-2013:0581-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libxml2 library is a development toolbox providing the implementation\n of various XML standards.\n\n A denial of service flaw was found in the way libxml2 performed string\n substitutions when entity values for entity references replacement was\n enabled. A remote attacker could provide a specially-crafted XML file that,\n when processed by an application linked against libxml2, would lead to\n excessive CPU consumption. (CVE-2013-0338)\n\n All users of libxml2 are advised to upgrade to these updated packages,\n which contain a backported patch to correct this issue. The desktop must\n be restarted (log out, then log back in) for this update to take effect.\";\n\n\ntag_affected = \"libxml2 on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00083.html\");\n script_id(870946);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-05 09:42:50 +0530 (Tue, 05 Mar 2013)\");\n script_cve_id(\"CVE-2013-0338\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2013:0581-01\");\n script_name(\"RedHat Update for libxml2 RHSA-2013:0581-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.7.6~12.el6_4.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.7.6~12.el6_4.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.7.6~12.el6_4.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.7.6~12.el6_4.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.26~2.1.21.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.6.26~2.1.21.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.26~2.1.21.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.26~2.1.21.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:21:38", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0339", "CVE-2013-0338", "CVE-2012-5134", "CVE-2011-3919", "CVE-2013-2877", "CVE-2011-3102", "CVE-2012-0841", "CVE-2012-2807"], "edition": 1, "description": "This is a LTSS rollup update for the libxml2 library that\n fixes various security issues.\n\n *\n\n CVE-2013-2877: parser.c in libxml2 allowed remote\n attackers to cause a denial of service (out-of-bounds read)\n via a document that ends abruptly, related to the lack of\n certain checks for the XML_PARSER_EOF state.\n\n *\n\n CVE-2013-0338: libxml2 allowed context-dependent\n attackers to cause a denial of service (CPU and memory\n consumption) via an XML file containing an entity\n declaration with long replacement text and many references\n to this entity, aka "internal entity expansion" with linear\n complexity.\n\n *\n\n CVE-2012-5134: Heap-based buffer underflow in the\n xmlParseAttValueComplex function in parser.c in libxml2\n allowed remote attackers to cause a denial of service or\n possibly execute arbitrary code via crafted entities in an\n XML document.\n\n *\n\n CVE-2012-2807: Multiple integer overflows in libxml2\n on 64-bit Linux platforms allowed remote attackers to cause\n a denial of service or possibly have unspecified other\n impact via unknown vectors.\n\n *\n\n CVE-2011-3102: Off-by-one error in libxml2 allowed\n remote attackers to cause a denial of service\n (out-of-bounds write) or possibly have unspecified other\n impact via unknown vectors.\n\n *\n\n CVE-2012-0841: libxml2 computed hash values without\n restricting the ability to trigger hash collisions\n predictably, which allows context-dependent attackers to\n cause a denial of service (CPU consumption) via crafted XML\n data.\n\n *\n\n CVE-2011-3919: A heap-based buffer overflow during\n decoding of entity references with overly long names has\n been fixed.\n", "modified": "2013-11-04T17:04:12", "published": "2013-11-04T17:04:12", "id": "SUSE-SU-2013:1625-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00000.html", "type": "suse", "title": "Security update for libxml2 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:18:27", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0339", "CVE-2013-0338", "CVE-2012-5134", "CVE-2011-3919", "CVE-2013-2877", "CVE-2011-3102", "CVE-2012-0841", "CVE-2012-2807"], "description": "libxml2 has been updated to fix the following security\n issue:\n\n * CVE-2013-0338: libxml2 allowed context-dependent\n attackers to cause a denial of service (CPU and memory\n consumption) via an XML file containing an entity\n declaration with long replacement text and many references\n to this entity, aka "internal entity expansion" with linear\n complexity.\n", "edition": 1, "modified": "2013-11-04T18:04:12", "published": "2013-11-04T18:04:12", "id": "SUSE-SU-2013:1627-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html", "type": "suse", "title": "Security update for libxml2 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:54:56", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5134"], "description": "A Heap-based buffer underflow in the\n xmlParseAttValueComplex function in parser.c in libxml2\n allowed remote attackers to cause a denial of service or\n possibly execute arbitrary code via crafted entities in an\n XML document.\n\n", "edition": 1, "modified": "2013-01-23T14:07:38", "published": "2013-01-23T14:07:38", "id": "OPENSUSE-SU-2013:0178-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00023.html", "type": "suse", "title": "libxml2: fixed buffer overflow during decoding entities (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:37:04", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5134"], "description": "A Heap-based buffer underflow in the\n xmlParseAttValueComplex function in parser.c in libxml2\n allowed remote attackers to cause a denial of service or\n possibly execute arbitrary code via crafted entities in an\n XML document.\n\n", "edition": 1, "modified": "2012-12-17T12:08:33", "published": "2012-12-17T12:08:33", "id": "OPENSUSE-SU-2012:1647-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00014.html", "title": "libxml2: fixed buffer overflow during decoding entities (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:27:55", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5134"], "description": "A heap-based buffer underflow in the entity decoding of\n libxml2 could have caused a Denial of Service or\n potentially allowed the execution of arbitrary code. This\n has been fixed.\n", "edition": 1, "modified": "2012-12-12T17:09:09", "published": "2012-12-12T17:09:09", "id": "SUSE-SU-2012:1636-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00010.html", "type": "suse", "title": "Security update for libxml2 (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:47", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2871", "CVE-2013-0338", "CVE-2012-5134", "CVE-2013-2877", "CVE-2013-1969", "CVE-2013-1664"], "edition": 1, "description": "### Background\n\nlibxml2 is the XML C parser and toolkit developed for the Gnome project.\n\n### Description\n\nMultiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted document with an application linked against libxml2, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libxml2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/libxml2-2.9.1-r1\"", "modified": "2013-11-10T00:00:00", "published": "2013-11-10T00:00:00", "id": "GLSA-201311-06", "href": "https://security.gentoo.org/glsa/201311-06", "type": "gentoo", "title": "libxml2: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:19", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0338"], "description": "The libxml2 library is a development toolbox providing the implementation\nof various XML standards.\n\nA denial of service flaw was found in the way libxml2 performed string\nsubstitutions when entity values for entity references replacement was\nenabled. A remote attacker could provide a specially-crafted XML file that,\nwhen processed by an application linked against libxml2, would lead to\nexcessive CPU consumption. (CVE-2013-0338)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. The desktop must\nbe restarted (log out, then log back in) for this update to take effect.\n", "modified": "2018-06-06T20:24:21", "published": "2013-02-28T05:00:00", "id": "RHSA-2013:0581", "href": "https://access.redhat.com/errata/RHSA-2013:0581", "type": "redhat", "title": "(RHSA-2013:0581) Moderate: libxml2 security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-01T10:04:47", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4008", "CVE-2010-4494", "CVE-2011-0216", "CVE-2011-1944", "CVE-2011-2821", "CVE-2011-2834", "CVE-2011-3102", "CVE-2011-3905", "CVE-2011-3919", "CVE-2012-0841", "CVE-2012-5134"], "description": "These packages provide the libxml2 library, a development toolbox providing\nthe implementation of various XML standards, for users of MinGW (Minimalist\nGNU for Windows).\n\nIMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no\nlonger be updated proactively and will be deprecated with the release of\nRed Hat Enterprise Linux 6.4. These packages were provided to support other\ncapabilities in Red Hat Enterprise Linux and were not intended for direct\ncustomer use. Customers are advised to not use these packages with\nimmediate effect. Future updates to these packages will be at Red Hat's\ndiscretion and these packages may be removed in a future minor release.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nA heap-based buffer underflow flaw was found in the way libxml2 decoded\ncertain entities. A remote attacker could provide a specially-crafted XML\nfile that, when opened in an application linked against libxml2, would\ncause the application to crash or, potentially, execute arbitrary code with\nthe privileges of the user running the application. (CVE-2012-5134)\n\nIt was found that the hashing routine used by libxml2 arrays was\nsusceptible to predictable hash collisions. Sending a specially-crafted\nmessage to an XML service could result in longer processing time, which\ncould lead to a denial of service. To mitigate this issue, randomization\nhas been added to the hashing function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0841)\n\nMultiple flaws were found in the way libxml2 parsed certain XPath (XML Path\nLanguage) expressions. If an attacker were able to supply a\nspecially-crafted XML file to an application using libxml2, as well as an\nXPath expression for that application to run against the crafted file, it\ncould cause the application to crash. (CVE-2010-4008, CVE-2010-4494,\nCVE-2011-2821, CVE-2011-2834)\n\nTwo heap-based buffer overflow flaws were found in the way libxml2 decoded\ncertain XML files. A remote attacker could provide a specially-crafted XML\nfile that, when opened in an application linked against libxml2, would\ncause the application to crash or, potentially, execute arbitrary code with\nthe privileges of the user running the application. (CVE-2011-0216,\nCVE-2011-3102)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XPath expressions. If an attacker\nwere able to supply a specially-crafted XML file to an application using\nlibxml2, as well as an XPath expression for that application to run against\nthe crafted file, it could cause the application to crash or, possibly,\nexecute arbitrary code. (CVE-2011-1944)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash.\n(CVE-2011-3905)\n\nRed Hat would like to thank the Google Security Team for reporting the\nCVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the\noriginal reporter of CVE-2010-4008.\n\nAll users of mingw32-libxml2 are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\n", "modified": "2018-06-06T20:13:30", "published": "2013-01-31T05:00:00", "id": "RHSA-2013:0217", "href": "https://access.redhat.com/errata/RHSA-2013:0217", "type": "redhat", "title": "(RHSA-2013:0217) Important: mingw32-libxml2 security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:35", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5134"], "description": "The libxml2 library is a development toolbox providing the implementation\nof various XML standards.\n\nA heap-based buffer underflow flaw was found in the way libxml2 decoded\ncertain entities. A remote attacker could provide a specially-crafted XML\nfile that, when opened in an application linked against libxml2, would\ncause the application to crash or, potentially, execute arbitrary code with\nthe privileges of the user running the application. (CVE-2012-5134)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\n", "modified": "2018-06-06T20:24:24", "published": "2012-11-29T05:00:00", "id": "RHSA-2012:1512", "href": "https://access.redhat.com/errata/RHSA-2012:1512", "type": "redhat", "title": "(RHSA-2012:1512) Important: libxml2 security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:10", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0338"], "description": "**Issue Overview:**\n\nlibxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka \"internal entity expansion\" with linear complexity. \n\n \n**Affected Packages:** \n\n\nlibxml2\n\n \n**Issue Correction:** \nRun _yum update libxml2_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n libxml2-debuginfo-2.7.8-10.26.amzn1.i686 \n libxml2-static-2.7.8-10.26.amzn1.i686 \n libxml2-devel-2.7.8-10.26.amzn1.i686 \n libxml2-2.7.8-10.26.amzn1.i686 \n libxml2-python-2.7.8-10.26.amzn1.i686 \n \n src: \n libxml2-2.7.8-10.26.amzn1.src \n \n x86_64: \n libxml2-static-2.7.8-10.26.amzn1.x86_64 \n libxml2-2.7.8-10.26.amzn1.x86_64 \n libxml2-devel-2.7.8-10.26.amzn1.x86_64 \n libxml2-debuginfo-2.7.8-10.26.amzn1.x86_64 \n libxml2-python-2.7.8-10.26.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-05-13T10:28:00", "published": "2013-05-13T10:28:00", "id": "ALAS-2013-188", "href": "https://alas.aws.amazon.com/ALAS-2013-188.html", "title": "Medium: libxml2", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-10T12:35:00", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5134"], "description": "**Issue Overview:**\n\nA heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. ([CVE-2012-5134 __](<https://access.redhat.com/security/cve/CVE-2012-5134>))\n\n \n**Affected Packages:** \n\n\nlibxml2\n\n \n**Issue Correction:** \nRun _yum update libxml2_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n libxml2-python-2.7.8-10.25.amzn1.i686 \n libxml2-static-2.7.8-10.25.amzn1.i686 \n libxml2-2.7.8-10.25.amzn1.i686 \n libxml2-debuginfo-2.7.8-10.25.amzn1.i686 \n libxml2-devel-2.7.8-10.25.amzn1.i686 \n \n src: \n libxml2-2.7.8-10.25.amzn1.src \n \n x86_64: \n libxml2-static-2.7.8-10.25.amzn1.x86_64 \n libxml2-debuginfo-2.7.8-10.25.amzn1.x86_64 \n libxml2-2.7.8-10.25.amzn1.x86_64 \n libxml2-python-2.7.8-10.25.amzn1.x86_64 \n libxml2-devel-2.7.8-10.25.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2012-12-06T21:22:00", "published": "2012-12-06T21:22:00", "id": "ALAS-2012-143", "href": "https://alas.aws.amazon.com/ALAS-2012-143.html", "title": "Important: libxml2", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:34:44", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0338"], "description": "It was discovered that libxml2 incorrectly handled XML entity expansion. \nAn attacker could use this flaw to cause libxml2 to consume large amounts \nof resources, resulting in a denial of service.", "edition": 5, "modified": "2013-03-28T00:00:00", "published": "2013-03-28T00:00:00", "id": "USN-1782-1", "href": "https://ubuntu.com/security/notices/USN-1782-1", "title": "libxml2 vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-18T01:37:40", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5134"], "description": "It was discovered that libxml2 had a heap-based buffer underflow \nwhen parsing entities. If a user or automated system were tricked into \nprocessing a specially crafted XML document, applications linked against \nlibxml2 could be made to crash or possibly execute arbitrary code.", "edition": 6, "modified": "2012-12-06T00:00:00", "published": "2012-12-06T00:00:00", "id": "USN-1656-1", "href": "https://ubuntu.com/security/notices/USN-1656-1", "title": "Libxml2 vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:33:38", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3102"], "description": "Juri Aedla discovered that libxml2 contained an off by one error in its \nXPointer functionality. If a user or application linked against libxml2 \nwere tricked into opening a specially crafted XML file, an attacker could \ncause the application to crash or possibly execute arbitrary code with the \nprivileges of the user invoking the program.", "edition": 5, "modified": "2012-05-21T00:00:00", "published": "2012-05-21T00:00:00", "id": "USN-1447-1", "href": "https://ubuntu.com/security/notices/USN-1447-1", "title": "libxml2 vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:47", "bulletinFamily": "software", "cvelist": ["CVE-2013-0338"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2013:017\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : libxml2\r\n Date : March 5, 2013\r\n Affected: Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been found and corrected in libxml2:\r\n \r\n A denial of service flaw was found in the way libxml2 performed string\r\n substitutions when entity values for entity references replacement\r\n was enabled. A remote attacker could provide a specially-crafted XML\r\n file that, when processed by an application linked against libxml2,\r\n would lead to excessive CPU consumption (CVE-2013-0338).\r\n \r\n The updated packages have been upgraded to the 2.7.6 version and\r\n patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338\r\n https://bugzilla.redhat.com/show_bug.cgi?id=912400\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n e3d2c325dbb2d33ea2839de58db1fa74 mes5/i586/libxml2_2-2.7.6-0.1mdvmes5.2.i586.rpm\r\n 567c33bce54fe89ec728e520e4c9bac2 mes5/i586/libxml2-devel-2.7.6-0.1mdvmes5.2.i586.rpm\r\n 18079083eb5e222383723eeae94c3a28 mes5/i586/libxml2-python-2.7.6-0.1mdvmes5.2.i586.rpm\r\n 7d75b05078300ea34c7e086d4f4b04a4 mes5/i586/libxml2-utils-2.7.6-0.1mdvmes5.2.i586.rpm \r\n 90e90f1098aababac24391b8e67fbeaa mes5/SRPMS/libxml2-2.7.6-0.1mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n ab842379cfd78d886fc4e5d6f8205474 mes5/x86_64/lib64xml2_2-2.7.6-0.1mdvmes5.2.x86_64.rpm\r\n 1b4f5427a29f8499fce023d401914d8d mes5/x86_64/lib64xml2-devel-2.7.6-0.1mdvmes5.2.x86_64.rpm\r\n ebd9cb9095b6555afed217d194639953 mes5/x86_64/libxml2-python-2.7.6-0.1mdvmes5.2.x86_64.rpm\r\n bb0fa6697516e0ea613f838606df963b mes5/x86_64/libxml2-utils-2.7.6-0.1mdvmes5.2.x86_64.rpm \r\n 90e90f1098aababac24391b8e67fbeaa mes5/SRPMS/libxml2-2.7.6-0.1mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niD8DBQFRNhDTmqjQ0CJFipgRAlxVAKCI3IVADRuzzTIMvzJUSncEaExDCQCfZmRn\r\nx9DDDoGvOVCAPJpfCum3F0M=\r\n=qxLm\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2013-03-11T00:00:00", "published": "2013-03-11T00:00:00", "id": "SECURITYVULNS:DOC:29160", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29160", "title": "[ MDVSA-2013:017 ] libxml2", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:49", "bulletinFamily": "software", "cvelist": ["CVE-2012-5134"], "description": "Heap buffer overflow in xmlParseAttValueComplex", "edition": 1, "modified": "2012-12-06T00:00:00", "published": "2012-12-06T00:00:00", "id": "SECURITYVULNS:VULN:12743", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12743", "title": "libxml2 buffer overflow", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "cvelist": ["CVE-2011-3102"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2012:098\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : libxml2\r\n Date : June 21, 2012\r\n Affected: 2010.1, 2011., Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been discovered and corrected in libxml2:\r\n \r\n An Off-by-one error in libxml2 allows remote attackers to cause a\r\n denial of service (out-of-bounds write) or possibly have unspecified\r\n other impact via unknown vectors (CVE-2011-3102).\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2010.1:\r\n c0461d223d25e8a2857c64953b2b4bbb 2010.1/i586/libxml2_2-2.7.7-1.8mdv2010.2.i586.rpm\r\n 7706b1ef1bf98997275d907f00115d40 2010.1/i586/libxml2-devel-2.7.7-1.8mdv2010.2.i586.rpm\r\n ac3a4580937dfc0bea6a8b5a4440d3d7 2010.1/i586/libxml2-python-2.7.7-1.8mdv2010.2.i586.rpm\r\n 2543421fd9a764712956d9ec7cc29735 2010.1/i586/libxml2-utils-2.7.7-1.8mdv2010.2.i586.rpm \r\n 7b5cc8f7d4307694f994b4841298001a 2010.1/SRPMS/libxml2-2.7.7-1.8mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n be969eb2120f0ce934b4a3e439eeef9e 2010.1/x86_64/lib64xml2_2-2.7.7-1.8mdv2010.2.x86_64.rpm\r\n b157a2a25300a94f43d9519f65b34fc5 2010.1/x86_64/lib64xml2-devel-2.7.7-1.8mdv2010.2.x86_64.rpm\r\n c3e4d81eb93b56c97c3fc4a4de9898d1 2010.1/x86_64/libxml2-python-2.7.7-1.8mdv2010.2.x86_64.rpm\r\n 34ccac69c45a74aca6dc3b5ddbca3897 2010.1/x86_64/libxml2-utils-2.7.7-1.8mdv2010.2.x86_64.rpm \r\n 7b5cc8f7d4307694f994b4841298001a 2010.1/SRPMS/libxml2-2.7.7-1.8mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2011:\r\n fa3e1afaa06313e8e637e0e1bd8dc034 2011/i586/libxml2_2-2.7.8-6.6-mdv2011.0.i586.rpm\r\n f9bf3505ce7dfdc2ea26bb5a3ead5a2b 2011/i586/libxml2-devel-2.7.8-6.6-mdv2011.0.i586.rpm\r\n 793a7f2e79156fd24256720972e00ae4 2011/i586/libxml2-python-2.7.8-6.6-mdv2011.0.i586.rpm\r\n 629e9ce8da67bd42d0b75c7a1d971598 2011/i586/libxml2-utils-2.7.8-6.6-mdv2011.0.i586.rpm \r\n 26a2ff0552ddc63b67578555c559933a 2011/SRPMS/libxml2-2.7.8-6.6.src.rpm\r\n\r\n Mandriva Linux 2011/X86_64:\r\n 64f1f52da84a5bac34f4480f2243335d 2011/x86_64/lib64xml2_2-2.7.8-6.6-mdv2011.0.x86_64.rpm\r\n f54abb23118e2a84b7294a94a9de9fec 2011/x86_64/lib64xml2-devel-2.7.8-6.6-mdv2011.0.x86_64.rpm\r\n 35f8648d5135a7ad82290658449e4419 2011/x86_64/libxml2-python-2.7.8-6.6-mdv2011.0.x86_64.rpm\r\n f1b999261ab2ddbc75e39edf574682e0 2011/x86_64/libxml2-utils-2.7.8-6.6-mdv2011.0.x86_64.rpm \r\n 26a2ff0552ddc63b67578555c559933a 2011/SRPMS/libxml2-2.7.8-6.6.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n e8f78cba230875f00cc66e38a5d073ab mes5/i586/libxml2_2-2.7.1-1.12mdvmes5.2.i586.rpm\r\n 8a05a37e788390d5bdf7c7d06bdb3d45 mes5/i586/libxml2-devel-2.7.1-1.12mdvmes5.2.i586.rpm\r\n 85aa790648a830200b25cd7d3c560f9b mes5/i586/libxml2-python-2.7.1-1.12mdvmes5.2.i586.rpm\r\n dd17b0e4dfad86cf598c8296053f70e1 mes5/i586/libxml2-utils-2.7.1-1.12mdvmes5.2.i586.rpm \r\n 5095525663e34a9c6e7b8bdae763be58 mes5/SRPMS/libxml2-2.7.1-1.12mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 7dc33151c191a90e7b5a7b26ee3e6335 mes5/x86_64/lib64xml2_2-2.7.1-1.12mdvmes5.2.x86_64.rpm\r\n efd29140bba4ca35237798f6f14b3ac1 mes5/x86_64/lib64xml2-devel-2.7.1-1.12mdvmes5.2.x86_64.rpm\r\n 8d081103c58c000c3f7803911ce122a0 mes5/x86_64/libxml2-python-2.7.1-1.12mdvmes5.2.x86_64.rpm\r\n 6efed51b1b6a05f7fa2f864d17b12bc5 mes5/x86_64/libxml2-utils-2.7.1-1.12mdvmes5.2.x86_64.rpm \r\n 5095525663e34a9c6e7b8bdae763be58 mes5/SRPMS/libxml2-2.7.1-1.12mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niD8DBQFP4tCUmqjQ0CJFipgRAo9rAKC4sIZw21Mn38SOsU0jPtmiXCSm4QCeJFz8\r\n+WSFZ3W+HdBn8JaKKGRLGAc=\r\n=dP6J\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-06-24T00:00:00", "published": "2012-06-24T00:00:00", "id": "SECURITYVULNS:DOC:28201", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28201", "title": "[ MDVSA-2012:098 ] libxml2", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:47", "bulletinFamily": "software", "cvelist": ["CVE-2011-3102"], "description": "No description provided", "edition": 1, "modified": "2012-06-24T00:00:00", "published": "2012-06-24T00:00:00", "id": "SECURITYVULNS:VULN:12436", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12436", "title": "libxml off-by-one", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2020-10-30T13:24:08", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0338"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0581\n\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards.\n\nA denial of service flaw was found in the way libxml2 performed string\nsubstitutions when entity values for entity references replacement was\nenabled. A remote attacker could provide a specially-crafted XML file that,\nwhen processed by an application linked against libxml2, would lead to\nexcessive CPU consumption. (CVE-2013-0338)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. The desktop must\nbe restarted (log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/031298.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/031665.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-March/007013.html\n\n**Affected packages:**\nlibxml2\nlibxml2-devel\nlibxml2-python\nlibxml2-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0581.html", "edition": 87, "modified": "2013-03-09T00:45:23", "published": "2013-03-01T00:45:13", "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/031298.html", "id": "CESA-2013:0581", "title": "libxml2 security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-01T13:34:28", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3905", "CVE-2010-4008", "CVE-2011-0216", "CVE-2012-5134", "CVE-2011-3919", "CVE-2011-2834", "CVE-2010-4494", "CVE-2011-3102", "CVE-2012-0841", "CVE-2011-2821", "CVE-2011-1944"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0217\n\n\nThese packages provide the libxml2 library, a development toolbox providing\nthe implementation of various XML standards, for users of MinGW (Minimalist\nGNU for Windows).\n\nIMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no\nlonger be updated proactively and will be deprecated with the release of\nRed Hat Enterprise Linux 6.4. These packages were provided to support other\ncapabilities in Red Hat Enterprise Linux and were not intended for direct\ncustomer use. Customers are advised to not use these packages with\nimmediate effect. Future updates to these packages will be at Red Hat's\ndiscretion and these packages may be removed in a future minor release.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nA heap-based buffer underflow flaw was found in the way libxml2 decoded\ncertain entities. A remote attacker could provide a specially-crafted XML\nfile that, when opened in an application linked against libxml2, would\ncause the application to crash or, potentially, execute arbitrary code with\nthe privileges of the user running the application. (CVE-2012-5134)\n\nIt was found that the hashing routine used by libxml2 arrays was\nsusceptible to predictable hash collisions. Sending a specially-crafted\nmessage to an XML service could result in longer processing time, which\ncould lead to a denial of service. To mitigate this issue, randomization\nhas been added to the hashing function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0841)\n\nMultiple flaws were found in the way libxml2 parsed certain XPath (XML Path\nLanguage) expressions. If an attacker were able to supply a\nspecially-crafted XML file to an application using libxml2, as well as an\nXPath expression for that application to run against the crafted file, it\ncould cause the application to crash. (CVE-2010-4008, CVE-2010-4494,\nCVE-2011-2821, CVE-2011-2834)\n\nTwo heap-based buffer overflow flaws were found in the way libxml2 decoded\ncertain XML files. A remote attacker could provide a specially-crafted XML\nfile that, when opened in an application linked against libxml2, would\ncause the application to crash or, potentially, execute arbitrary code with\nthe privileges of the user running the application. (CVE-2011-0216,\nCVE-2011-3102)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XPath expressions. If an attacker\nwere able to supply a specially-crafted XML file to an application using\nlibxml2, as well as an XPath expression for that application to run against\nthe crafted file, it could cause the application to crash or, possibly,\nexecute arbitrary code. (CVE-2011-1944)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash.\n(CVE-2011-3905)\n\nRed Hat would like to thank the Google Security Team for reporting the\nCVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the\noriginal reporter of CVE-2010-4008.\n\nAll users of mingw32-libxml2 are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-February/031259.html\n\n**Affected packages:**\nmingw32-libxml2\nmingw32-libxml2-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0217.html", "edition": 4, "modified": "2013-02-01T00:53:30", "published": "2013-02-01T00:53:30", "href": "http://lists.centos.org/pipermail/centos-announce/2013-February/031259.html", "id": "CESA-2013:0217", "title": "mingw32 security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:28:40", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5134"], "description": "**CentOS Errata and Security Advisory** CESA-2012:1512\n\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards.\n\nA heap-based buffer underflow flaw was found in the way libxml2 decoded\ncertain entities. A remote attacker could provide a specially-crafted XML\nfile that, when opened in an application linked against libxml2, would\ncause the application to crash or, potentially, execute arbitrary code with\nthe privileges of the user running the application. (CVE-2012-5134)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-November/031056.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-November/031057.html\n\n**Affected packages:**\nlibxml2\nlibxml2-devel\nlibxml2-python\nlibxml2-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1512.html", "edition": 3, "modified": "2012-11-29T21:27:43", "published": "2012-11-29T20:24:03", "href": "http://lists.centos.org/pipermail/centos-announce/2012-November/031056.html", "id": "CESA-2012:1512", "title": "libxml2 security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2020-08-01T13:38:22", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3905", "CVE-2010-4008", "CVE-2011-0216", "CVE-2012-5134", "CVE-2011-3919", "CVE-2011-2834", "CVE-2010-4494", "CVE-2011-3102", "CVE-2012-0841", "CVE-2011-2821", "CVE-2011-1944"], "description": "[2.7.6-6]\n- Synchronize patch-set with mainline-version.\n- Bump version to 5, 6.\n Related: rhbz#891477\n[2.7.6-4] \n- Change release number to 4.\n- Added patch libxml2-Fix-an-off-by-one-pointer-access.patch\n- Added patch libxml2-Fix-a-segfault-on-XSD-validation-on-pattern-error.patch\n- Added patch libxml2-Fix-entities-local-buffers-size-problems.patch\n- Added patch libxml2-gnome-bug-561340-fix.patch\n- Added patch for CVE-2012-0841\n- Added patch for CVE-2011-0216\n- Added patch for CVE-2011-2834\n- Added patch for CVE-2011-3919\n- Added patch for CVE-2011-1944\n- Added patch for CVE-2011-3905\n Related: rhbz#891477", "edition": 5, "modified": "2013-01-31T00:00:00", "published": "2013-01-31T00:00:00", "id": "ELSA-2013-0217", "href": "http://linux.oracle.com/errata/ELSA-2013-0217.html", "title": "mingw32-libxml2 security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3905", "CVE-2011-3919", "CVE-2011-3102", "CVE-2012-0841", "CVE-2011-1944", "CVE-2012-2807"], "description": "[2.7.6-8.0.1.el6_3.3 ]\n- Update doc/redhat.gif in tarball\n- Add libxml2-oracle-enterprise.patch and update logos in tarball\n[2.7.6-8.el6_3.3]\n- Change the XPath code to percolate allocation error (CVE-2011-1944)\n[2.7.6-8.el6_3.2]\n- Fix an off by one pointer access (CVE-2011-3102)\n[2.7.6-8.el6_3.1]\n- Fix a failure to report xmlreader parsing failures\n- Fix parser local buffers size problems (rhbz#843741)\n- Fix entities local buffers size problems (rhbz#843741)\n- Fix an error in previous commit (rhbz#843741)\n- Do not fetch external parsed entities\n- Impose a reasonable limit on attribute size (rhbz#843741)\n- Impose a reasonable limit on comment size (rhbz#843741)\n- Impose a reasonable limit on PI size (rhbz#843741)\n- Cleanups and new limit APIs for dictionaries (rhbz#843741)\n- Introduce some default parser limits (rhbz#843741)\n- Implement some default limits in the XPath module\n- Fixup limits parser (rhbz#843741)\n- Enforce XML_PARSER_EOF state handling through the parser\n- Avoid quadratic behaviour in some push parsing cases (rhbz#843741)\n- More avoid quadratic behaviour (rhbz#843741)\n- Strengthen behaviour of the push parser in problematic situations (rhbz#843741)\n- More fixups on the push parser behaviour (rhbz#843741)\n- Fix a segfault on XSD validation on pattern error\n- Fix an unimplemented part in RNG value validation\n[2.7.6-8.el6]\n- remove chunk in patch related to configure.in as it breaks rebuild\n- Resolves: rhbz#788846\n[2.7.6-7.el6]\n- fix previous build to force compilation of randomization code\n- Resolves: rhbz#788846\n[2.7.6-6.el6]\n- adds randomization to hash and dict structures CVE-2012-0841\n- Resolves: rhbz#788846\n[2.7.6-5.el6]\n- Make sure the parser returns when getting a Stop order CVE-2011-3905\n- Fix an allocation error when copying entities CVE-2011-3919\n- Resolves: rhbz#771910", "edition": 4, "modified": "2012-09-18T00:00:00", "published": "2012-09-18T00:00:00", "id": "ELSA-2012-1288", "href": "http://linux.oracle.com/errata/ELSA-2012-1288.html", "title": "libxml2 security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:02", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5134"], "description": "[2.7.6-8.0.1.el6_3.4 ]\n- Update doc/redhat.gif in tarball\n- Add libxml2-oracle-enterprise.patch and update logos in tarball\n[2.7.6-8.el6_3.4]\n- fix out of range heap access (CVE-2012-5134)", "edition": 4, "modified": "2012-11-29T00:00:00", "published": "2012-11-29T00:00:00", "id": "ELSA-2012-1512", "href": "http://linux.oracle.com/errata/ELSA-2012-1512.html", "title": "libxml2 security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "vmware": [{"lastseen": "2019-11-06T16:05:37", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5134"], "description": "a. Update to ESX/ESXi libxml2 userworld and service console. \n\n\n \nThe ESX/ESXi userworld libxml2 library has been updated to resolve a security issue. Also, the ESX service console libxml2 packages are updated to the following versions:\n\n * libxml2-2.6.26-2.1.15.el5_8.6\n * libxml2-python-2.6.26-2.1.15.el5_8.6\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-5134 to this issue.\n\nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.\n", "edition": 4, "modified": "2013-05-30T00:00:00", "published": "2013-03-28T00:00:00", "id": "VMSA-2013-0004", "href": "https://www.vmware.com/security/advisories/VMSA-2013-0004.html", "title": "VMware ESXi and ESX security update for third party library", "type": "vmware", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:14:27", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5134"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2580-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nDecember 02, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxml2\nVulnerability : buffer overflow\nProblem type : local(remote)\nDebian-specific: no\nCVE ID : CVE-2012-5134\n\nJueri Aedla discovered a buffer overflow in the libxml XML library, which\ncould result in the execution of arbitrary code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze6.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.8.0+dfsg1-7.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-12-02T20:54:50", "published": "2012-12-02T20:54:50", "id": "DEBIAN:DSA-2580-1:CEB88", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00224.html", "title": "[SECURITY] [DSA 2580-1] libxml security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:30:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3102"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2479-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 23, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxml2\nVulnerability : off-by-one\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-3102\n\nJueri Aedla discovered an off-by-one in libxml2, which could result in\nthe execution of arbitrary code.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze4.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.8.dfsg-9.1.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-05-23T19:40:03", "published": "2012-05-23T19:40:03", "id": "DEBIAN:DSA-2479-1:280B6", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00116.html", "title": "[SECURITY] [DSA 2479-1] libxml2 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:35:53", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5134"], "description": "New libxml2 packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,\n14.0, and -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.0 ChangeLog:\n\npatches/packages/libxml2-2.8.0-i486-2_slack14.0.txz: Rebuilt.\n Patched a heap-based buffer underflow in the xmlParseAttValueComplex\n function in parser.c in libxml2 2.9.0 and earlier that could allow a\n remote attacker to cause a denial of service or possibly execute\n arbitrary code via crafted entities in an XML document.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libxml2-2.6.32-i486-3_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libxml2-2.6.32-i486-4_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libxml2-2.7.3-i486-5_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libxml2-2.7.3-x86_64-5_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libxml2-2.7.6-i486-3_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libxml2-2.7.6-x86_64-3_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libxml2-2.7.8-i486-5_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libxml2-2.7.8-x86_64-5_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libxml2-2.8.0-i486-2_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libxml2-2.8.0-x86_64-2_slack14.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libxml2-2.8.0-i486-2.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libxml2-2.8.0-x86_64-2.txz\n\n\nMD5 signatures:\n\nSlackware 12.1 package:\n4b8f8073e5ab0e468368aac52031e133 libxml2-2.6.32-i486-3_slack12.1.tgz\n\nSlackware 12.2 package:\na38284d735b51156b6a0c2aad4a0b0b6 libxml2-2.6.32-i486-4_slack12.2.tgz\n\nSlackware 13.0 package:\nde8fa68b968b05115f06fd1a6c8c874d libxml2-2.7.3-i486-5_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nff17bc7c4513ad04192ecc351f390d2e libxml2-2.7.3-x86_64-5_slack13.0.txz\n\nSlackware 13.1 package:\n82340fb2bd9eb47336c072dc0f801589 libxml2-2.7.6-i486-3_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n1e37ae374658bedbaa62aee52d960e6d libxml2-2.7.6-x86_64-3_slack13.1.txz\n\nSlackware 13.37 package:\na2c3792fbf110ad3d05fd347deff3958 libxml2-2.7.8-i486-5_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n817ab99eff08314862f48c33703f572f libxml2-2.7.8-x86_64-5_slack13.37.txz\n\nSlackware 14.0 package:\nb407f6c6e488375e9d7775c1b8eb7231 libxml2-2.8.0-i486-2_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nb11a66b5e80391dac16d92c59a7aa111 libxml2-2.8.0-x86_64-2_slack14.0.txz\n\nSlackware -current package:\ndba82933cc4a5298b14ca4f085e930ce l/libxml2-2.8.0-i486-2.txz\n\nSlackware x86_64 -current package:\n061c5ad8691d874a9c2a9079c312a725 l/libxml2-2.8.0-x86_64-2.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg libxml2-2.8.0-i486-2_slack14.0.txz", "modified": "2012-12-07T03:51:19", "published": "2012-12-07T03:51:19", "id": "SSA-2012-341-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.514209", "type": "slackware", "title": "[slackware-security] libxml2", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
