ID RHSA-2008:0032 Type redhat Reporter RedHat Modified 2019-03-22T23:42:37
Description
The libxml2 packages provide a library that allows you to manipulate XML
files. It includes support to read, modify, and write XML and HTML files.
A denial of service flaw was found in the way libxml2 processes certain
content. If an application linked against libxml2 processes malformed XML
content, it could cause the application to stop responding. (CVE-2007-6284)
Red Hat would like to thank the Google Security Team for responsibly
disclosing this issue.
All users are advised to upgrade to these updated packages, which contain a
backported patch to resolve this issue.
{"cve": [{"lastseen": "2020-10-03T11:45:55", "description": "The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.", "edition": 3, "cvss3": {}, "published": "2008-01-12T02:46:00", "title": "CVE-2007-6284", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6284"], "modified": "2018-10-15T21:51:00", "cpe": ["cpe:/o:mandrakesoft:mandrake_linux:2008.0", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0", "cpe:/o:debian:debian_linux:3.1", "cpe:/o:redhat:fedora:8", "cpe:/o:mandrakesoft:mandrake_linux:2007.1", "cpe:/o:redhat:fedora:7", "cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0", "cpe:/o:mandrakesoft:mandrake_linux:2007"], "id": "CVE-2007-6284", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6284", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*", "cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*", "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T00:26:36", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6284"], "description": "Brad Fitzpatrick discovered that libxml2 did not correctly handle certain \nUTF-8 sequences. If a remote attacker were able to trick a user or \nautomated system into processing a specially crafted XML document, the \napplication linked against libxml2 could enter an infinite loop, leading \nto a denial of service via CPU resource consumption.", "edition": 5, "modified": "2008-01-14T00:00:00", "published": "2008-01-14T00:00:00", "id": "USN-569-1", "href": "https://ubuntu.com/security/notices/USN-569-1", "title": "libxml2 vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:36", "bulletinFamily": "software", "cvelist": ["CVE-2007-6284"], "description": "## Solution Description\nUpgrade to version 2.6.31 or higher, as it has been reported to fix this vulnerability. In addition, Daniel Veillard has released a patch for some older versions.\n## Short Description\nLibxml2 xmlCurrentChar Function UTF-8 Parsing DoS\n## References:\n[Secunia Advisory ID:28444](https://secuniaresearch.flexerasoftware.com/advisories/28444/)\n[Secunia Advisory ID:28439](https://secuniaresearch.flexerasoftware.com/advisories/28439/)\n[Secunia Advisory ID:28470](https://secuniaresearch.flexerasoftware.com/advisories/28470/)\n[Secunia Advisory ID:28475](https://secuniaresearch.flexerasoftware.com/advisories/28475/)\n[Secunia Advisory ID:28458](https://secuniaresearch.flexerasoftware.com/advisories/28458/)\n[Secunia Advisory ID:28450](https://secuniaresearch.flexerasoftware.com/advisories/28450/)\nOther Solution URL: http://veillard.com/libxml2.patch\nOther Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0032.html\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html\nOther Advisory URL: https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-January/000655.html\nOther Advisory URL: http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:010\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2008-January/000302.html\nMail List Post: http://mail.gnome.org/archives/xml/2008-January/msg00036.html\n[CVE-2007-6284](https://vulners.com/cve/CVE-2007-6284)\n", "edition": 1, "modified": "2008-01-11T13:22:03", "published": "2008-01-11T13:22:03", "href": "https://vulners.com/osvdb/OSVDB:40194", "id": "OSVDB:40194", "title": "Libxml2 xmlCurrentChar Function UTF-8 Parsing DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-04-09T11:41:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "description": "Check for the Version of libxml2", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830390", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830390", "type": "openvas", "title": "Mandriva Update for libxml2 MDVSA-2008:010 (libxml2)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libxml2 MDVSA-2008:010 (libxml2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A denial of service flaw was discovered by the Google Security Team\n in the way libxml2 processes malformed XML content. This flaw could\n cause the application to stop responding.\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"libxml2 on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-01/msg00019.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830390\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:010\");\n script_cve_id(\"CVE-2007-6284\");\n script_name( \"Mandriva Update for libxml2 MDVSA-2008:010 (libxml2)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.27~3.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.27~3.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.27~3.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.6.27~3.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2\", rpm:\"lib64xml2~2.6.27~3.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.6.27~3.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2-python\", rpm:\"lib64xml2-python~2.6.27~3.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.26~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.26~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.26~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.6.26~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2\", rpm:\"lib64xml2~2.6.26~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.6.26~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2-python\", rpm:\"lib64xml2-python~2.6.26~2.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.30~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.30~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-utils\", rpm:\"libxml2-utils~2.6.30~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2_2\", rpm:\"libxml2_2~2.6.30~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.30~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2-devel\", rpm:\"lib64xml2-devel~2.6.30~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64xml2_2\", rpm:\"lib64xml2_2~2.6.30~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libxml2\n libxml2-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020669 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065503", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065503", "type": "openvas", "title": "SLES9: Security update for libxml2", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020669.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for libxml2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libxml2\n libxml2-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020669 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65503\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-6284\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for libxml2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.7~28.11\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:38:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "description": "Check for the Version of libxml2", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880226", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880226", "type": "openvas", "title": "CentOS Update for libxml2 CESA-2008:0032 centos3 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2008:0032 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libxml2 packages provide a library that allows you to manipulate XML\n files. It includes support to read, modify, and write XML and HTML files.\n\n A denial of service flaw was found in the way libxml2 processes certain\n content. If an application linked against libxml2 processes malformed XML\n content, it could cause the application to stop responding. (CVE-2007-6284)\n \n Red Hat would like to thank the Google Security Team for responsibly\n disclosing this issue.\n \n All users are advised to upgrade to these updated packages, which contain a\n backported patch to resolve this issue.\";\n\ntag_affected = \"libxml2 on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014570.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880226\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0032\");\n script_cve_id(\"CVE-2007-6284\");\n script_name( \"CentOS Update for libxml2 CESA-2008:0032 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.5.10~8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.5.10~8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.5.10~8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:38:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "description": "Check for the Version of libxml2", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880162", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880162", "type": "openvas", "title": "CentOS Update for libxml2 CESA-2008:0032-03 centos2 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2008:0032-03 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libxml2 packages provide a library that allows you to manipulate XML\n files. It includes support to read, modify, and write XML and HTML files.\n\n A denial of service flaw was found in the way libxml2 processes certain\n content. If an application linked against libxml2 processes malformed XML\n content, it could cause the application to stop responding. (CVE-2007-6284)\n \n Red Hat would like to thank the Google Security Team for responsibly\n disclosing this issue.\n \n All users are advised to upgrade to these updated packages, which contain a\n backported patch to resolve this issue.\";\n\ntag_affected = \"libxml2 on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014584.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880162\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0032-03\");\n script_cve_id(\"CVE-2007-6284\");\n script_name( \"CentOS Update for libxml2 CESA-2008:0032-03 centos2 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.4.19~7.ent\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.4.19~7.ent\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.4.19~7.ent\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "description": "Check for the Version of libxml2", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880180", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880180", "type": "openvas", "title": "CentOS Update for libxml2 CESA-2008:0032 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2008:0032 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libxml2 packages provide a library that allows you to manipulate XML\n files. It includes support to read, modify, and write XML and HTML files.\n\n A denial of service flaw was found in the way libxml2 processes certain\n content. If an application linked against libxml2 processes malformed XML\n content, it could cause the application to stop responding. (CVE-2007-6284)\n \n Red Hat would like to thank the Google Security Team for responsibly\n disclosing this issue.\n \n All users are advised to upgrade to these updated packages, which contain a\n backported patch to resolve this issue.\";\n\ntag_affected = \"libxml2 on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014601.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880180\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0032\");\n script_cve_id(\"CVE-2007-6284\");\n script_name( \"CentOS Update for libxml2 CESA-2008:0032 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.16~10.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.16~10.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.16~10.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "description": "Check for the Version of libxml2", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:880226", "href": "http://plugins.openvas.org/nasl.php?oid=880226", "type": "openvas", "title": "CentOS Update for libxml2 CESA-2008:0032 centos3 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2008:0032 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libxml2 packages provide a library that allows you to manipulate XML\n files. It includes support to read, modify, and write XML and HTML files.\n\n A denial of service flaw was found in the way libxml2 processes certain\n content. If an application linked against libxml2 processes malformed XML\n content, it could cause the application to stop responding. (CVE-2007-6284)\n \n Red Hat would like to thank the Google Security Team for responsibly\n disclosing this issue.\n \n All users are advised to upgrade to these updated packages, which contain a\n backported patch to resolve this issue.\";\n\ntag_affected = \"libxml2 on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014570.html\");\n script_id(880226);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0032\");\n script_cve_id(\"CVE-2007-6284\");\n script_name( \"CentOS Update for libxml2 CESA-2008:0032 centos3 x86_64\");\n\n script_summary(\"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.5.10~8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.5.10~8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.5.10~8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "description": "Check for the Version of libxml2", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880216", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880216", "type": "openvas", "title": "CentOS Update for libxml2 CESA-2008:0032 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2008:0032 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libxml2 packages provide a library that allows you to manipulate XML\n files. It includes support to read, modify, and write XML and HTML files.\n\n A denial of service flaw was found in the way libxml2 processes certain\n content. If an application linked against libxml2 processes malformed XML\n content, it could cause the application to stop responding. (CVE-2007-6284)\n \n Red Hat would like to thank the Google Security Team for responsibly\n disclosing this issue.\n \n All users are advised to upgrade to these updated packages, which contain a\n backported patch to resolve this issue.\";\n\ntag_affected = \"libxml2 on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014569.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880216\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0032\");\n script_cve_id(\"CVE-2007-6284\");\n script_name( \"CentOS Update for libxml2 CESA-2008:0032 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.5.10~8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.5.10~8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.5.10~8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "description": "Check for the Version of libxml2", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:880162", "href": "http://plugins.openvas.org/nasl.php?oid=880162", "type": "openvas", "title": "CentOS Update for libxml2 CESA-2008:0032-03 centos2 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2008:0032-03 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libxml2 packages provide a library that allows you to manipulate XML\n files. It includes support to read, modify, and write XML and HTML files.\n\n A denial of service flaw was found in the way libxml2 processes certain\n content. If an application linked against libxml2 processes malformed XML\n content, it could cause the application to stop responding. (CVE-2007-6284)\n \n Red Hat would like to thank the Google Security Team for responsibly\n disclosing this issue.\n \n All users are advised to upgrade to these updated packages, which contain a\n backported patch to resolve this issue.\";\n\ntag_affected = \"libxml2 on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014584.html\");\n script_id(880162);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0032-03\");\n script_cve_id(\"CVE-2007-6284\");\n script_name( \"CentOS Update for libxml2 CESA-2008:0032-03 centos2 i386\");\n\n script_summary(\"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.4.19~7.ent\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.4.19~7.ent\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.4.19~7.ent\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200801-20.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:60282", "href": "http://plugins.openvas.org/nasl.php?oid=60282", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200801-20 (libxml2)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A Denial of Service vulnerability has been reported in libxml2.\";\ntag_solution = \"All libxml2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/libxml2-2.6.30-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200801-20\nhttp://bugs.gentoo.org/show_bug.cgi?id=202628\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200801-20.\";\n\n \n\nif(description)\n{\n script_id(60282);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-6284\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200801-20 (libxml2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-libs/libxml2\", unaffected: make_list(\"ge 2.6.30-r1\"), vulnerable: make_list(\"lt 2.6.30-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:56:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "description": "Check for the Version of libxml2", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:870066", "href": "http://plugins.openvas.org/nasl.php?oid=870066", "type": "openvas", "title": "RedHat Update for libxml2 RHSA-2008:0032-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libxml2 RHSA-2008:0032-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libxml2 packages provide a library that allows you to manipulate XML\n files. It includes support to read, modify, and write XML and HTML files.\n\n A denial of service flaw was found in the way libxml2 processes certain\n content. If an application linked against libxml2 processes malformed XML\n content, it could cause the application to stop responding. (CVE-2007-6284)\n \n Red Hat would like to thank the Google Security Team for responsibly\n disclosing this issue.\n \n All users are advised to upgrade to these updated packages, which contain a\n backported patch to resolve this issue.\";\n\ntag_affected = \"libxml2 on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1,\n Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-January/msg00002.html\");\n script_id(870066);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0032-01\");\n script_cve_id(\"CVE-2007-6284\");\n script_name( \"RedHat Update for libxml2 RHSA-2008:0032-01\");\n\n script_summary(\"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.4.19~7.ent\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.4.19~7.ent\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.4.19~7.ent\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.26~2.1.2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.6.26~2.1.2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.26~2.1.2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.26~2.1.2.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.16~10.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.6.16~10.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.16~10.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.16~10.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.5.10~8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.5.10~8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.5.10~8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.5.10~8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:11", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6284"], "description": "### Background\n\nlibxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. \n\n### Description\n\nBrad Fitzpatrick reported that the xmlCurrentChar() function does not properly handle some UTF-8 multibyte encodings. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted XML document with an application using libxml2, possibly resulting in a high CPU consumption. Note that this vulnerability could also be triggered without user interaction by an automated system processing XML content. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll libxml2 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/libxml2-2.6.30-r1\"", "edition": 1, "modified": "2008-01-30T00:00:00", "published": "2008-01-30T00:00:00", "id": "GLSA-200801-20", "href": "https://security.gentoo.org/glsa/200801-20", "type": "gentoo", "title": "libxml2: Denial of Service", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2020-07-17T03:29:00", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6284"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0032\n\n\nThe libxml2 packages provide a library that allows you to manipulate XML\r\nfiles. It includes support to read, modify, and write XML and HTML files.\r\n\r\nA denial of service flaw was found in the way libxml2 processes certain\r\ncontent. If an application linked against libxml2 processes malformed XML\r\ncontent, it could cause the application to stop responding. (CVE-2007-6284)\r\n\r\nRed Hat would like to thank the Google Security Team for responsibly\r\ndisclosing this issue.\r\n\r\nAll users are advised to upgrade to these updated packages, which contain a\r\nbackported patch to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026607.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026608.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026611.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026613.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026615.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026616.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026627.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026628.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026639.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026640.html\n\n**Affected packages:**\nlibxml2\nlibxml2-devel\nlibxml2-python\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0032.html", "edition": 6, "modified": "2008-01-14T12:58:06", "published": "2008-01-11T14:30:01", "href": "http://lists.centos.org/pipermail/centos-announce/2008-January/026607.html", "id": "CESA-2008:0032", "title": "libxml2 security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-20T18:29:24", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6284"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0032-03\n\n\nThe libxml2 packages provide a library that allows you to manipulate XML\r\nfiles. It includes support to read, modify, and write XML and HTML files.\r\n\r\nA denial of service flaw was found in the way libxml2 processes certain\r\ncontent. If an application linked against libxml2 processes malformed XML\r\ncontent, it could cause the application to stop responding. (CVE-2007-6284)\r\n\r\nRed Hat would like to thank the Google Security Team for responsibly\r\ndisclosing this issue.\r\n\r\nAll users are advised to upgrade to these updated packages, which contain a\r\nbackported patch to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026622.html\n\n**Affected packages:**\nlibxml2\nlibxml2-devel\nlibxml2-python\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 4, "modified": "2008-01-13T02:24:38", "published": "2008-01-13T02:24:38", "href": "http://lists.centos.org/pipermail/centos-announce/2008-January/026622.html", "id": "CESA-2008:0032-03", "title": "libxml2 security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:45", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6284"], "description": " [2.5.10-8.0.1]\n - Add patch libxml2-enterprise.patch, and other logo changes in tarball\n \n [2.5.10-8]\n - Patch to fix UTF-8 decoding problem CVE-2007-6284\n - Resolves: rhbz#425930 ", "edition": 4, "modified": "2008-01-11T00:00:00", "published": "2008-01-11T00:00:00", "id": "ELSA-2008-0032", "href": "http://linux.oracle.com/errata/ELSA-2008-0032.html", "title": "Important: libxml2 security update ", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:28", "bulletinFamily": "software", "cvelist": ["CVE-2007-6284"], "description": "Hanging on XML parsing.", "edition": 1, "modified": "2008-01-13T00:00:00", "published": "2008-01-13T00:00:00", "id": "SECURITYVULNS:VULN:8561", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8561", "title": "libxml DoS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:18:56", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6284"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1461-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 13, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : libxml2\nVulnerability : missing input validation\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2007-6284\n\nBrad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2,\nthe GNOME XML library, validate UTF-8 correctness insufficiently, which\nmay lead to denial of service by forcing libxml2 into an infinite loop.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.6.27.dfsg-2.\n\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 2.6.16-7sarge1.\n\nWe recommend that you upgrade your libxml2 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 3.1 (oldstable)\n- ----------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1.dsc\n Size/MD5 checksum: 884 991cf7cfdaf3ef05e95ec11f1b99b345\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1.diff.gz\n Size/MD5 checksum: 127107 b142c10e523b8d72ec427382849f2d39\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16.orig.tar.gz\n Size/MD5 checksum: 4008551 7b28b412498625b51d86e58e30fbdd31\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.16-7sarge1_all.deb\n Size/MD5 checksum: 17242 ebfb4ef8a14dec1a34ad62fe6955afef\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-python2.3_2.6.16-7sarge1_all.deb\n Size/MD5 checksum: 10850 7a426e3c11a74852fc695612e2bfca25\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.16-7sarge1_all.deb\n Size/MD5 checksum: 930164 e4458eaa1f1080dfe1745a92c8f667e5\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_alpha.deb\n Size/MD5 checksum: 178380 39cec4bba77bc3aef4aefd5f7303470d\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_alpha.deb\n Size/MD5 checksum: 178364 2ce12c73236c4c341b358c92b198dbae\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_alpha.deb\n Size/MD5 checksum: 177434 0fb0c05e5397d45ef0f3b46ade61b9a5\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_alpha.deb\n Size/MD5 checksum: 32144 a8e00165ef4f0394e56b19d5b53689c2\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_alpha.deb\n Size/MD5 checksum: 693524 6d2d2b24908645d3e7eb18a2a68f55bf\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_alpha.deb\n Size/MD5 checksum: 797876 d1f891c9bc973625fe9630417d1736c8\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_amd64.deb\n Size/MD5 checksum: 639976 c7e4f773476dcd7160db8f7dde721acc\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_amd64.deb\n Size/MD5 checksum: 177492 036dac53f32c6de1687db56091ce7053\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_amd64.deb\n Size/MD5 checksum: 629976 57128d940cbf7a3c7b0fc33c959a4412\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_amd64.deb\n Size/MD5 checksum: 176350 bb18c925d5ac4a32b9671b2d10a5a3ec\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_amd64.deb\n Size/MD5 checksum: 30478 f089b56d3a85b90aaef374e7334670f6\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_amd64.deb\n Size/MD5 checksum: 177470 299fbaab814c6602dbe828be31857703\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_arm.deb\n Size/MD5 checksum: 159118 37b60276f1605a208923b20b5b35e937\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_arm.deb\n Size/MD5 checksum: 28364 ede14581faef3f86c970a1d1c1e0fc4b\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_arm.deb\n Size/MD5 checksum: 157942 940113a10f6a77a2393010ea7ebbdc8e\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_arm.deb\n Size/MD5 checksum: 159142 edbf498c3d5224ff5988f4e5e506781d\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_arm.deb\n Size/MD5 checksum: 584958 6ad2bd0b2d9b0c5ec581f1ded97b368d\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_arm.deb\n Size/MD5 checksum: 659776 6faa760c520074913612c6c04f13c391\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_hppa.deb\n Size/MD5 checksum: 185554 813b9d2c5f8b142359cda44718797033\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_hppa.deb\n Size/MD5 checksum: 691512 66f6713fed2673a7c65499bc3948d88d\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_hppa.deb\n Size/MD5 checksum: 30762 ddd5dfa0add92fb1a45d8b5c9f330612\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_hppa.deb\n Size/MD5 checksum: 185578 605633ecf2334e8f7620d8a8fe32b4ca\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_hppa.deb\n Size/MD5 checksum: 721798 55ca114ed3e1fb0ae159cab73d5aad1e\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_hppa.deb\n Size/MD5 checksum: 184294 6cdf988e87065a5205721e6116c0434c\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_i386.deb\n Size/MD5 checksum: 591050 5143284e844b0806c7ca9fdbdc17564a\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_i386.deb\n Size/MD5 checksum: 162230 253df68abbc124c535a660b97aaa4297\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_i386.deb\n Size/MD5 checksum: 163274 02c5664ef3a4855a62d30713661dec97\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_i386.deb\n Size/MD5 checksum: 28226 f791765de50d84da4e657a638f6c7724\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_i386.deb\n Size/MD5 checksum: 163262 b8bd4effcff791316e0b3650db191d26\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_i386.deb\n Size/MD5 checksum: 602092 083c076ddea6f81c19af79e6a622a83c\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_ia64.deb\n Size/MD5 checksum: 185194 5a864b2d70dde6d4ffa8cdd8aadbe413\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_ia64.deb\n Size/MD5 checksum: 842344 86d7e89b56255cae370aefeeeb96d0e8\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_ia64.deb\n Size/MD5 checksum: 183904 62e2b5ed12e59e2368fb45f56d83c941\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_ia64.deb\n Size/MD5 checksum: 38540 9f34df8ef2e01216cc8a5fa08b4f8916\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_ia64.deb\n Size/MD5 checksum: 185202 9064c2260585e95a60cce48b4d74061c\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_ia64.deb\n Size/MD5 checksum: 920016 bdc8c365fb1da5622994713cb89a47c9\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_mips.deb\n Size/MD5 checksum: 609946 5e1f1e4202a3e7e9634392adfdad07fe\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_mips.deb\n Size/MD5 checksum: 163220 a08fa2094cb4f39377afb287ce5229d1\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_mips.deb\n Size/MD5 checksum: 700974 628e1ec484bc7ce129fad1515c8b5783\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_mips.deb\n Size/MD5 checksum: 162038 3a45da812a45d8d85d33b5f3840fae3f\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_mips.deb\n Size/MD5 checksum: 163234 0b1cc66b99d312fa45e66b7b87096b54\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_mips.deb\n Size/MD5 checksum: 29496 3f4fa64beef55f29b03edf2996fd8dd3\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_powerpc.deb\n Size/MD5 checksum: 165682 5ad90c7182dde3d3cf174d00137df9bd\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_powerpc.deb\n Size/MD5 checksum: 632382 992847eaea206f7d712b3036f09d82aa\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_powerpc.deb\n Size/MD5 checksum: 166908 d3caf8e62750c3b9df18b5364317d6de\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_powerpc.deb\n Size/MD5 checksum: 31988 27f4605932172e075e73aecb6b37f860\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_powerpc.deb\n Size/MD5 checksum: 166896 3993311ca8340ec597563e80e8ae04f6\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_powerpc.deb\n Size/MD5 checksum: 681998 f0286ca7b57c2d130afb87a2e7f55903\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_s390.deb\n Size/MD5 checksum: 183942 efa98b27ad26269269f116179a4181a0\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_s390.deb\n Size/MD5 checksum: 637590 68a43b7225a3ff9750e47b2ce8fafbff\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_s390.deb\n Size/MD5 checksum: 30400 e68e4ddeab759336fea8bdae170a98ae\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_s390.deb\n Size/MD5 checksum: 183954 b44b12173c11bae11097e824090d637e\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_s390.deb\n Size/MD5 checksum: 182594 59901b903a43b00b9a4a812138fa5110\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_s390.deb\n Size/MD5 checksum: 649804 22e69a23cd59d0469ed45c07a6c4415c\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_sparc.deb\n Size/MD5 checksum: 29200 7fae0af3ee437f1033b50b42d9291a52\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_sparc.deb\n Size/MD5 checksum: 623322 f0852fd2bdd47faedb17501f9a3354d2\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_sparc.deb\n Size/MD5 checksum: 614266 9d755c02d262c4ec9adad8397d436849\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_sparc.deb\n Size/MD5 checksum: 171374 b8e62a9c54a25427a92542eeecfa0738\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_sparc.deb\n Size/MD5 checksum: 171392 5b9ca6662c35ea726786c8b155adcec0\n http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_sparc.deb\n Size/MD5 checksum: 170388 05873d9dabafcbf0e83c46406a48709e\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz\n Size/MD5 checksum: 3416175 5ff71b22f6253a6dd9afc1c34778dec3\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2.diff.gz\n Size/MD5 checksum: 142579 2bfdb7f543d1bb2c113056ba7c47a8fa\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2.dsc\n Size/MD5 checksum: 893 ac5bb60fd79506befb89e6d63bb81d45\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-2_all.deb\n Size/MD5 checksum: 1292456 add37f996a875359e75ecae4c9bef721\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_alpha.deb\n Size/MD5 checksum: 37982 bd804f474a937b035ba1d4ae93beef1f\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_alpha.deb\n Size/MD5 checksum: 916190 97cf9a61c0468acef543c6b493089705\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_alpha.deb\n Size/MD5 checksum: 184462 32bb058f96ccdf3d96d8ab98877cbdfd\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_alpha.deb\n Size/MD5 checksum: 819852 e49620aaf549e0f42daafe19446b3697\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_alpha.deb\n Size/MD5 checksum: 882770 6ead0a0d5a8d0ae0b68bd363698e90a1\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_amd64.deb\n Size/MD5 checksum: 36782 16832b84e2ce688cbbd76ffd4166784a\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_amd64.deb\n Size/MD5 checksum: 890410 fe49261529663335d74be60721367d12\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_amd64.deb\n Size/MD5 checksum: 182914 94d2d0c1dfa0be939e7b4904791533d8\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_amd64.deb\n Size/MD5 checksum: 745942 53e57327592b75b05c9eee7b38411a00\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_amd64.deb\n Size/MD5 checksum: 795816 a2c97e1d523794671a634c54f8138d99\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_arm.deb\n Size/MD5 checksum: 34676 6b5aab661fa339dc4e7ef170188ed38b\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_arm.deb\n Size/MD5 checksum: 816410 5f275d04567bb4ff2cdf33b6982d1e5f\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_arm.deb\n Size/MD5 checksum: 740760 1b7e6e93b930ff32555b10eff05283d4\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_arm.deb\n Size/MD5 checksum: 672372 18ab49b2dcb50a31d7c25ddc3823326c\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_arm.deb\n Size/MD5 checksum: 165292 d3ab4deccf39fdca6006696dd3c3f963\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_hppa.deb\n Size/MD5 checksum: 36852 7738d949e025d84c5667d53c9cf403f3\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_hppa.deb\n Size/MD5 checksum: 864108 e3a94508a260d4f991eb8918e6f6584e\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_hppa.deb\n Size/MD5 checksum: 191966 b9d90fa3f9a973bfe2842b5f3208d591\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_hppa.deb\n Size/MD5 checksum: 856828 ef1afa089d983f53fa079a994e6fab58\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_hppa.deb\n Size/MD5 checksum: 849018 0ebc8e2a0e3d20d7f934bd2ddf0f003e\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_i386.deb\n Size/MD5 checksum: 755368 3fc87d8fc0659e1d018ffbb59ac8aae1\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_i386.deb\n Size/MD5 checksum: 856908 fbc44fb4865f19f7fcb283ec99b53ba6\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_i386.deb\n Size/MD5 checksum: 680886 733b4aa48f453a2d140a9aa57ee3f314\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_i386.deb\n Size/MD5 checksum: 169040 a9f98e8d028167654639d90e03181187\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_i386.deb\n Size/MD5 checksum: 34494 0282972a80e337f0992dcb4106b8122b\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_ia64.deb\n Size/MD5 checksum: 48486 34b3f19c4ce8bed2ba28128afc742377\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_ia64.deb\n Size/MD5 checksum: 196532 af8e2034ea28de239a6bc4584511a545\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_ia64.deb\n Size/MD5 checksum: 1105058 8fc89d88515989c16c6372f6d5014ce3\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_ia64.deb\n Size/MD5 checksum: 873228 1fbadfd4d88d5e9060ef05ef1442ef0a\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_ia64.deb\n Size/MD5 checksum: 1078832 0d42237d6e8a124c6a041a2a6b13055a\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_mips.deb\n Size/MD5 checksum: 34424 5c6fb6b9d2bddb99a34eda06eabca56e\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_mips.deb\n Size/MD5 checksum: 840438 a2c9843b6e015b52db01bc2e3c9eb396\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_mips.deb\n Size/MD5 checksum: 171630 5ba55f80321214ee0eed2bb7b8a10b64\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_mips.deb\n Size/MD5 checksum: 769422 87c44cc7652046131abfcc9e8345afc6\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_mips.deb\n Size/MD5 checksum: 925916 90b551e4742f9fc704f0d48362f0caf8\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_powerpc.deb\n Size/MD5 checksum: 172728 c1571f184ce56c5ddd7dc5566d92a7ed\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_powerpc.deb\n Size/MD5 checksum: 770242 7d21dccba9d10e96cdd8ce1ed79b3466\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_powerpc.deb\n Size/MD5 checksum: 779176 1b2d9ccc35217fec472a3db390ca2956\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_powerpc.deb\n Size/MD5 checksum: 896976 7024c07f1b0f910437513ba6f5bd7878\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_powerpc.deb\n Size/MD5 checksum: 37662 3d6896da0ac4aaf7f9f239a4f9a3a516\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_s390.deb\n Size/MD5 checksum: 749440 d4bf85450d358fc299df52c7c742cc24\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_s390.deb\n Size/MD5 checksum: 884816 f174f9cc572a465b494d9403d76b3c9d\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_s390.deb\n Size/MD5 checksum: 805010 42eb2a1f87ceb6cabfa8ba23e3c27b1e\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_s390.deb\n Size/MD5 checksum: 36370 3b564945daf64add099b143a631e3f25\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_s390.deb\n Size/MD5 checksum: 185722 4a0ad6d068a460806422f096c21c7197\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_sparc.deb\n Size/MD5 checksum: 759128 41f8e81199b7b3b8c2b55034d4bc5a54\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_sparc.deb\n Size/MD5 checksum: 712498 2f279ec5bd2b8427e1254f0fba9bdec7\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_sparc.deb\n Size/MD5 checksum: 781060 8c7c1b07b375f1de81f9273cec6c1d26\n http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_sparc.deb\n Size/MD5 checksum: 176868 45fa6a0155f48ebac9e5f5a85db9fba1\n http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_sparc.deb\n Size/MD5 checksum: 34572 b310e0a4f223bbdcba80c46eb09a1c92\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2008-01-13T16:57:50", "published": "2008-01-13T16:57:50", "id": "DEBIAN:DSA-1461-1:8AFC5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00019.html", "title": "[SECURITY] [DSA 1461-1] New libxml2 packages fix denial of service", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "seebug": [{"lastseen": "2017-11-19T21:49:39", "description": "BUGTRAQ ID: 27248\r\nCVE(CAN) ID: CVE-2007-6284\r\n\r\nlibxml2\u8f6f\u4ef6\u5305\u63d0\u4f9b\u5141\u8bb8\u7528\u6237\u64cd\u63a7XML\u6587\u4ef6\u7684\u51fd\u6570\u5e93\uff0c\u5305\u542b\u6709\u8bfb\u3001\u4fee\u6539\u548c\u5199XML\u548cHTML\u6587\u4ef6\u652f\u6301\u3002\r\n\r\nlibxml\u5e93\u5728\u5904\u7406\u5305\u542b\u7578\u5f62\u6570\u636e\u7684XML\u6587\u4ef6\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u7cfb\u7edf\u4e0d\u53ef\u7528\u3002\r\n\r\nlibxml\u5e93\u7684UTF-8\u89e3\u7801\u51fd\u6570xmlCurrentChar()\u6ca1\u6709\u68c0\u67e5UTF-8\u7684\u6b63\u786e\u6027\uff0c\u5982\u679c\u7528\u6237\u4f7f\u7528\u94fe\u63a5\u5230\u8be5\u5e93\u7684\u5e94\u7528\u7a0b\u5e8f\u6253\u5f00\u4e86\u5305\u542b\u6709\u591a\u5b57\u8282\u7ec4\u5408\u7684\u7578\u5f62XML\u5185\u5bb9\u7684\u8bdd\uff0c\u5c31\u4f1a\u5bfc\u81f4\u51fd\u6570\u5e93\u9677\u5165\u6b7b\u5faa\u73af\u6302\u8d77\uff0c\u6d88\u8017\u5927\u91cf\u7cfb\u7edf\u8d44\u6e90\u3002\r\n\r\n\n\nXMLSoft Libxml2 < 2.6.31\n Debian\r\n------\r\nDebian\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08DSA-1461-1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nDSA-1461-1\uff1aNew libxml2 packages fix denial of service\r\n\u94fe\u63a5\uff1a<a href=http://www.debian.org/security/2008/dsa-1461 target=_blank>http://www.debian.org/security/2008/dsa-1461</a>\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1a\r\n\r\nSource archives:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1.dsc target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1.dsc</a>\r\nSize/MD5 checksum: 884 991cf7cfdaf3ef05e95ec11f1b99b345\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1.diff.gz target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1.diff.gz</a>\r\nSize/MD5 checksum: 127107 b142c10e523b8d72ec427382849f2d39\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16.orig.tar.gz</a>\r\nSize/MD5 checksum: 4008551 7b28b412498625b51d86e58e30fbdd31\r\n\r\nArchitecture independent packages:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.16-7sarge1_all.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.16-7sarge1_all.deb</a>\r\nSize/MD5 checksum: 17242 ebfb4ef8a14dec1a34ad62fe6955afef\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-python2.3_2.6.16-7sarge1_all.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-python2.3_2.6.16-7sarge1_all.deb</a>\r\nSize/MD5 checksum: 10850 7a426e3c11a74852fc695612e2bfca25\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.16-7sarge1_all.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.16-7sarge1_all.deb</a>\r\nSize/MD5 checksum: 930164 e4458eaa1f1080dfe1745a92c8f667e5\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_alpha.deb</a>\r\nSize/MD5 checksum: 178380 39cec4bba77bc3aef4aefd5f7303470d\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_alpha.deb</a>\r\nSize/MD5 checksum: 178364 2ce12c73236c4c341b358c92b198dbae\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_alpha.deb</a>\r\nSize/MD5 checksum: 177434 0fb0c05e5397d45ef0f3b46ade61b9a5\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_alpha.deb</a>\r\nSize/MD5 checksum: 32144 a8e00165ef4f0394e56b19d5b53689c2\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_alpha.deb</a>\r\nSize/MD5 checksum: 693524 6d2d2b24908645d3e7eb18a2a68f55bf\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_alpha.deb</a>\r\nSize/MD5 checksum: 797876 d1f891c9bc973625fe9630417d1736c8\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_amd64.deb</a>\r\nSize/MD5 checksum: 639976 c7e4f773476dcd7160db8f7dde721acc\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_amd64.deb</a>\r\nSize/MD5 checksum: 177492 036dac53f32c6de1687db56091ce7053\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_amd64.deb</a>\r\nSize/MD5 checksum: 629976 57128d940cbf7a3c7b0fc33c959a4412\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_amd64.deb</a>\r\nSize/MD5 checksum: 176350 bb18c925d5ac4a32b9671b2d10a5a3ec\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_amd64.deb</a>\r\nSize/MD5 checksum: 30478 f089b56d3a85b90aaef374e7334670f6\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_amd64.deb</a>\r\nSize/MD5 checksum: 177470 299fbaab814c6602dbe828be31857703\r\n\r\narm architecture (ARM)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_arm.deb</a>\r\nSize/MD5 checksum: 159118 37b60276f1605a208923b20b5b35e937\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_arm.deb</a>\r\nSize/MD5 checksum: 28364 ede14581faef3f86c970a1d1c1e0fc4b\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_arm.deb</a>\r\nSize/MD5 checksum: 157942 940113a10f6a77a2393010ea7ebbdc8e\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_arm.deb</a>\r\nSize/MD5 checksum: 159142 edbf498c3d5224ff5988f4e5e506781d\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_arm.deb</a>\r\nSize/MD5 checksum: 584958 6ad2bd0b2d9b0c5ec581f1ded97b368d\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_arm.deb</a>\r\nSize/MD5 checksum: 659776 6faa760c520074913612c6c04f13c391\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_hppa.deb</a>\r\nSize/MD5 checksum: 185554 813b9d2c5f8b142359cda44718797033\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_hppa.deb</a>\r\nSize/MD5 checksum: 691512 66f6713fed2673a7c65499bc3948d88d\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_hppa.deb</a>\r\nSize/MD5 checksum: 30762 ddd5dfa0add92fb1a45d8b5c9f330612\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_hppa.deb</a>\r\nSize/MD5 checksum: 185578 605633ecf2334e8f7620d8a8fe32b4ca\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_hppa.deb</a>\r\nSize/MD5 checksum: 721798 55ca114ed3e1fb0ae159cab73d5aad1e\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_hppa.deb</a>\r\nSize/MD5 checksum: 184294 6cdf988e87065a5205721e6116c0434c\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_i386.deb</a>\r\nSize/MD5 checksum: 591050 5143284e844b0806c7ca9fdbdc17564a\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_i386.deb</a>\r\nSize/MD5 checksum: 162230 253df68abbc124c535a660b97aaa4297\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_i386.deb</a>\r\nSize/MD5 checksum: 163274 02c5664ef3a4855a62d30713661dec97\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_i386.deb</a>\r\nSize/MD5 checksum: 28226 f791765de50d84da4e657a638f6c7724\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_i386.deb</a>\r\nSize/MD5 checksum: 163262 b8bd4effcff791316e0b3650db191d26\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_i386.deb</a>\r\nSize/MD5 checksum: 602092 083c076ddea6f81c19af79e6a622a83c\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_ia64.deb</a>\r\nSize/MD5 checksum: 185194 5a864b2d70dde6d4ffa8cdd8aadbe413\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_ia64.deb</a>\r\nSize/MD5 checksum: 842344 86d7e89b56255cae370aefeeeb96d0e8\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_ia64.deb</a>\r\nSize/MD5 checksum: 183904 62e2b5ed12e59e2368fb45f56d83c941\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_ia64.deb</a>\r\nSize/MD5 checksum: 38540 9f34df8ef2e01216cc8a5fa08b4f8916\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_ia64.deb</a>\r\nSize/MD5 checksum: 185202 9064c2260585e95a60cce48b4d74061c\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_ia64.deb</a>\r\nSize/MD5 checksum: 920016 bdc8c365fb1da5622994713cb89a47c9\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_mips.deb</a>\r\nSize/MD5 checksum: 609946 5e1f1e4202a3e7e9634392adfdad07fe\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_mips.deb</a>\r\nSize/MD5 checksum: 163220 a08fa2094cb4f39377afb287ce5229d1\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_mips.deb</a>\r\nSize/MD5 checksum: 700974 628e1ec484bc7ce129fad1515c8b5783\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_mips.deb</a>\r\nSize/MD5 checksum: 162038 3a45da812a45d8d85d33b5f3840fae3f\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_mips.deb</a>\r\nSize/MD5 checksum: 163234 0b1cc66b99d312fa45e66b7b87096b54\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_mips.deb</a>\r\nSize/MD5 checksum: 29496 3f4fa64beef55f29b03edf2996fd8dd3\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_powerpc.deb</a>\r\nSize/MD5 checksum: 165682 5ad90c7182dde3d3cf174d00137df9bd\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_powerpc.deb</a>\r\nSize/MD5 checksum: 632382 992847eaea206f7d712b3036f09d82aa\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_powerpc.deb</a>\r\nSize/MD5 checksum: 166908 d3caf8e62750c3b9df18b5364317d6de\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_powerpc.deb</a>\r\nSize/MD5 checksum: 31988 27f4605932172e075e73aecb6b37f860\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_powerpc.deb</a>\r\nSize/MD5 checksum: 166896 3993311ca8340ec597563e80e8ae04f6\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_powerpc.deb</a>\r\nSize/MD5 checksum: 681998 f0286ca7b57c2d130afb87a2e7f55903\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_s390.deb</a>\r\nSize/MD5 checksum: 183942 efa98b27ad26269269f116179a4181a0\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_s390.deb</a>\r\nSize/MD5 checksum: 637590 68a43b7225a3ff9750e47b2ce8fafbff\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_s390.deb</a>\r\nSize/MD5 checksum: 30400 e68e4ddeab759336fea8bdae170a98ae\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_s390.deb</a>\r\nSize/MD5 checksum: 183954 b44b12173c11bae11097e824090d637e\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_s390.deb</a>\r\nSize/MD5 checksum: 182594 59901b903a43b00b9a4a812138fa5110\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_s390.deb</a>\r\nSize/MD5 checksum: 649804 22e69a23cd59d0469ed45c07a6c4415c\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_sparc.deb</a>\r\nSize/MD5 checksum: 29200 7fae0af3ee437f1033b50b42d9291a52\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_sparc.deb</a>\r\nSize/MD5 checksum: 623322 f0852fd2bdd47faedb17501f9a3354d2\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_sparc.deb</a>\r\nSize/MD5 checksum: 614266 9d755c02d262c4ec9adad8397d436849\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_sparc.deb</a>\r\nSize/MD5 checksum: 171374 b8e62a9c54a25427a92542eeecfa0738\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_sparc.deb</a>\r\nSize/MD5 checksum: 171392 5b9ca6662c35ea726786c8b155adcec0\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_sparc.deb</a>\r\nSize/MD5 checksum: 170388 05873d9dabafcbf0e83c46406a48709e\r\n\r\nDebian 4.0 (stable)\r\n- -------------------\r\n\r\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz</a>\r\nSize/MD5 checksum: 3416175 5ff71b22f6253a6dd9afc1c34778dec3\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2.diff.gz target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2.diff.gz</a>\r\nSize/MD5 checksum: 142579 2bfdb7f543d1bb2c113056ba7c47a8fa\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2.dsc target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2.dsc</a>\r\nSize/MD5 checksum: 893 ac5bb60fd79506befb89e6d63bb81d45\r\n\r\nArchitecture independent packages:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-2_all.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-2_all.deb</a>\r\nSize/MD5 checksum: 1292456 add37f996a875359e75ecae4c9bef721\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_alpha.deb</a>\r\nSize/MD5 checksum: 37982 bd804f474a937b035ba1d4ae93beef1f\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_alpha.deb</a>\r\nSize/MD5 checksum: 916190 97cf9a61c0468acef543c6b493089705\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_alpha.deb</a>\r\nSize/MD5 checksum: 184462 32bb058f96ccdf3d96d8ab98877cbdfd\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_alpha.deb</a>\r\nSize/MD5 checksum: 819852 e49620aaf549e0f42daafe19446b3697\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_alpha.deb</a>\r\nSize/MD5 checksum: 882770 6ead0a0d5a8d0ae0b68bd363698e90a1\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_amd64.deb</a>\r\nSize/MD5 checksum: 36782 16832b84e2ce688cbbd76ffd4166784a\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_amd64.deb</a>\r\nSize/MD5 checksum: 890410 fe49261529663335d74be60721367d12\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_amd64.deb</a>\r\nSize/MD5 checksum: 182914 94d2d0c1dfa0be939e7b4904791533d8\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_amd64.deb</a>\r\nSize/MD5 checksum: 745942 53e57327592b75b05c9eee7b38411a00\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_amd64.deb</a>\r\nSize/MD5 checksum: 795816 a2c97e1d523794671a634c54f8138d99\r\n\r\narm architecture (ARM)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_arm.deb</a>\r\nSize/MD5 checksum: 34676 6b5aab661fa339dc4e7ef170188ed38b\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_arm.deb</a>\r\nSize/MD5 checksum: 816410 5f275d04567bb4ff2cdf33b6982d1e5f\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_arm.deb</a>\r\nSize/MD5 checksum: 740760 1b7e6e93b930ff32555b10eff05283d4\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_arm.deb</a>\r\nSize/MD5 checksum: 672372 18ab49b2dcb50a31d7c25ddc3823326c\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_arm.deb</a>\r\nSize/MD5 checksum: 165292 d3ab4deccf39fdca6006696dd3c3f963\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_hppa.deb</a>\r\nSize/MD5 checksum: 36852 7738d949e025d84c5667d53c9cf403f3\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_hppa.deb</a>\r\nSize/MD5 checksum: 864108 e3a94508a260d4f991eb8918e6f6584e\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_hppa.deb</a>\r\nSize/MD5 checksum: 191966 b9d90fa3f9a973bfe2842b5f3208d591\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_hppa.deb</a>\r\nSize/MD5 checksum: 856828 ef1afa089d983f53fa079a994e6fab58\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_hppa.deb</a>\r\nSize/MD5 checksum: 849018 0ebc8e2a0e3d20d7f934bd2ddf0f003e\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_i386.deb</a>\r\nSize/MD5 checksum: 755368 3fc87d8fc0659e1d018ffbb59ac8aae1\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_i386.deb</a>\r\nSize/MD5 checksum: 856908 fbc44fb4865f19f7fcb283ec99b53ba6\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_i386.deb</a>\r\nSize/MD5 checksum: 680886 733b4aa48f453a2d140a9aa57ee3f314\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_i386.deb</a>\r\nSize/MD5 checksum: 169040 a9f98e8d028167654639d90e03181187\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_i386.deb</a>\r\nSize/MD5 checksum: 34494 0282972a80e337f0992dcb4106b8122b\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_ia64.deb</a>\r\nSize/MD5 checksum: 48486 34b3f19c4ce8bed2ba28128afc742377\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_ia64.deb</a>\r\nSize/MD5 checksum: 196532 af8e2034ea28de239a6bc4584511a545\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_ia64.deb</a>\r\nSize/MD5 checksum: 1105058 8fc89d88515989c16c6372f6d5014ce3\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_ia64.deb</a>\r\nSize/MD5 checksum: 873228 1fbadfd4d88d5e9060ef05ef1442ef0a\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_ia64.deb</a>\r\nSize/MD5 checksum: 1078832 0d42237d6e8a124c6a041a2a6b13055a\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_mips.deb</a>\r\nSize/MD5 checksum: 34424 5c6fb6b9d2bddb99a34eda06eabca56e\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_mips.deb</a>\r\nSize/MD5 checksum: 840438 a2c9843b6e015b52db01bc2e3c9eb396\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_mips.deb</a>\r\nSize/MD5 checksum: 171630 5ba55f80321214ee0eed2bb7b8a10b64\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_mips.deb</a>\r\nSize/MD5 checksum: 769422 87c44cc7652046131abfcc9e8345afc6\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_mips.deb</a>\r\nSize/MD5 checksum: 925916 90b551e4742f9fc704f0d48362f0caf8\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_powerpc.deb</a>\r\nSize/MD5 checksum: 172728 c1571f184ce56c5ddd7dc5566d92a7ed\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_powerpc.deb</a>\r\nSize/MD5 checksum: 770242 7d21dccba9d10e96cdd8ce1ed79b3466\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_powerpc.deb</a>\r\nSize/MD5 checksum: 779176 1b2d9ccc35217fec472a3db390ca2956\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_powerpc.deb</a>\r\nSize/MD5 checksum: 896976 7024c07f1b0f910437513ba6f5bd7878\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_powerpc.deb</a>\r\nSize/MD5 checksum: 37662 3d6896da0ac4aaf7f9f239a4f9a3a516\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_s390.deb</a>\r\nSize/MD5 checksum: 749440 d4bf85450d358fc299df52c7c742cc24\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_s390.deb</a>\r\nSize/MD5 checksum: 884816 f174f9cc572a465b494d9403d76b3c9d\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_s390.deb</a>\r\nSize/MD5 checksum: 805010 42eb2a1f87ceb6cabfa8ba23e3c27b1e\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_s390.deb</a>\r\nSize/MD5 checksum: 36370 3b564945daf64add099b143a631e3f25\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_s390.deb</a>\r\nSize/MD5 checksum: 185722 4a0ad6d068a460806422f096c21c7197\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_sparc.deb</a>\r\nSize/MD5 checksum: 759128 41f8e81199b7b3b8c2b55034d4bc5a54\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_sparc.deb</a>\r\nSize/MD5 checksum: 712498 2f279ec5bd2b8427e1254f0fba9bdec7\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_sparc.deb</a>\r\nSize/MD5 checksum: 781060 8c7c1b07b375f1de81f9273cec6c1d26\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_sparc.deb</a>\r\nSize/MD5 checksum: 176868 45fa6a0155f48ebac9e5f5a85db9fba1\r\n<a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_sparc.deb</a>\r\nSize/MD5 checksum: 34572 b310e0a4f223bbdcba80c46eb09a1c92\r\n\r\n\u8865\u4e01\u5b89\u88c5\u65b9\u6cd5\uff1a\r\n\r\n1. \u624b\u5de5\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u4e0b\u8f7d\u8865\u4e01\u8f6f\u4ef6\uff1a\r\n # wget url (url\u662f\u8865\u4e01\u4e0b\u8f7d\u94fe\u63a5\u5730\u5740)\r\n\r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u5b89\u88c5\u8865\u4e01\uff1a \r\n # dpkg -i file.deb (file\u662f\u76f8\u5e94\u7684\u8865\u4e01\u540d)\r\n\r\n2. \u4f7f\u7528apt-get\u81ea\u52a8\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u66f4\u65b0\u5185\u90e8\u6570\u636e\u5e93\uff1a\r\n # apt-get update\r\n \r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u5b89\u88c5\u66f4\u65b0\u8f6f\u4ef6\u5305\uff1a\r\n # apt-get upgrade\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2008:0032-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2008:0032-01\uff1aImportant: libxml2 security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2008-0032.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0032.html</a>\r\n\r\nSun\r\n---\r\nSun\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08Sun-Alert-103201\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nSun-Alert-103201\uff1aSecurity Vulnerability in the libxml2 Library may Lead to a Denial of Service (DoS)\r\n\u94fe\u63a5\uff1a<a href=http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-103201-1 target=_blank>http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-103201-1</a>\r\n\r\nXMLSoft\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://veillard.com/libxml2.patch target=_blank>http://veillard.com/libxml2.patch</a>", "published": "2008-01-16T00:00:00", "title": "libxml2 xmlCurrentChar()\u51fd\u6570UTF-8\u89e3\u6790\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-6284"], "modified": "2008-01-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2824", "id": "SSV:2824", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}], "nessus": [{"lastseen": "2021-01-07T15:19:56", "description": "Updated libxml2 package to address a denial of service flaw.\n\nThanks to the Google security team for identifying and reporting\nthis issue.\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org)\nhas assigned the name CVE-2007-6284 to this issue.", "edition": 24, "published": "2009-07-27T00:00:00", "title": "VMSA-2008-0006 : Updated libxml2 service console package", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "modified": "2009-07-27T00:00:00", "cpe": ["cpe:/o:vmware:esx:3.0.2", "cpe:/o:vmware:esx:3.5", "cpe:/o:vmware:esx:2.5.4", "cpe:/o:vmware:esx:3.0.1", "cpe:/o:vmware:esx:2.5.5"], "id": "VMWARE_VMSA-2008-0006.NASL", "href": "https://www.tenable.com/plugins/nessus/40376", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2008-0006. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40376);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-6284\");\n script_bugtraq_id(27248);\n script_xref(name:\"VMSA\", value:\"2008-0006\");\n\n script_name(english:\"VMSA-2008-0006 : Updated libxml2 service console package\");\n script_summary(english:\"Checks esxupdate output for the patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote VMware ESX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libxml2 package to address a denial of service flaw.\n\nThanks to the Google security team for identifying and reporting\nthis issue.\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org)\nhas assigned the name CVE-2007-6284 to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2008/000011.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:2.5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:2.5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2008-03-28\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 2.5.4\", patch:\"17\")) flag++;\n\nif (esx_check(ver:\"ESX 2.5.5\", patch:\"6\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003521\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003528\")) flag++;\n\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200803214-UG\",\n patch_updates : make_list(\"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:esx_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:51:49", "description": "A denial of service flaw was discovered by the Google Security Team in\nthe way libxml2 processes malformed XML content. This flaw could cause\nthe application to stop responding.\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : libxml2 (MDVSA-2008:010)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libxml2-utils", "cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:lib64xml2-devel", "p-cpe:/a:mandriva:linux:lib64xml2_2", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:libxml2_2", "p-cpe:/a:mandriva:linux:libxml2", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:lib64xml2", "p-cpe:/a:mandriva:linux:lib64xml2-python", "p-cpe:/a:mandriva:linux:libxml2-devel", "p-cpe:/a:mandriva:linux:libxml2-python"], "id": "MANDRIVA_MDVSA-2008-010.NASL", "href": "https://www.tenable.com/plugins/nessus/36842", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:010. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36842);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-6284\");\n script_xref(name:\"MDVSA\", value:\"2008:010\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libxml2 (MDVSA-2008:010)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was discovered by the Google Security Team in\nthe way libxml2 processes malformed XML content. This flaw could cause\nthe application to stop responding.\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64xml2_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libxml2_2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64xml2-2.6.26-2.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64xml2-devel-2.6.26-2.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64xml2-python-2.6.26-2.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libxml2-2.6.26-2.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libxml2-devel-2.6.26-2.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libxml2-python-2.6.26-2.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"libxml2-utils-2.6.26-2.1mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64xml2-2.6.27-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64xml2-devel-2.6.27-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64xml2-python-2.6.27-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libxml2-2.6.27-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libxml2-devel-2.6.27-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libxml2-python-2.6.27-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"libxml2-utils-2.6.27-3.1mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xml2-devel-2.6.30-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64xml2_2-2.6.30-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxml2-devel-2.6.30-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libxml2-python-2.6.30-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"libxml2-utils-2.6.30-1.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libxml2_2-2.6.30-1.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:46:32", "description": "libxml2 contained a DoS condition in xmlCurrentChar()'s UTF-8\nprocessing. CVE-2007-6284 has been assigned to this problem.", "edition": 24, "published": "2008-01-27T00:00:00", "title": "SuSE 10 Security Update : libxml2 (ZYPP Patch Number 4840)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "modified": "2008-01-27T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_LIBXML2-4840.NASL", "href": "https://www.tenable.com/plugins/nessus/30094", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30094);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6284\");\n\n script_name(english:\"SuSE 10 Security Update : libxml2 (ZYPP Patch Number 4840)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libxml2 contained a DoS condition in xmlCurrentChar()'s UTF-8\nprocessing. CVE-2007-6284 has been assigned to this problem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6284.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4840.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"libxml2-2.6.23-15.7.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"libxml2-devel-2.6.23-15.7.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"libxml2-python-2.6.23-15.5.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"libxml2-32bit-2.6.23-15.7.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.6.23-15.7.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"libxml2-2.6.23-15.7.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"libxml2-devel-2.6.23-15.7.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"libxml2-python-2.6.23-15.5.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"libxml2-32bit-2.6.23-15.7.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.6.23-15.7.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:44:55", "description": "Brad Fitzpatrick discovered that the UTF-8 decoding functions of\nlibxml2, the GNOME XML library, validate UTF-8 correctness\ninsufficiently, which may lead to denial of service by forcing libxml2\ninto an infinite loop.", "edition": 28, "published": "2008-01-14T00:00:00", "title": "Debian DSA-1461-1 : libxml2 - missing input validation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "modified": "2008-01-14T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:libxml2"], "id": "DEBIAN_DSA-1461.NASL", "href": "https://www.tenable.com/plugins/nessus/29938", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1461. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29938);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-6284\");\n script_xref(name:\"DSA\", value:\"1461\");\n\n script_name(english:\"Debian DSA-1461-1 : libxml2 - missing input validation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Brad Fitzpatrick discovered that the UTF-8 decoding functions of\nlibxml2, the GNOME XML library, validate UTF-8 correctness\ninsufficiently, which may lead to denial of service by forcing libxml2\ninto an infinite loop.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1461\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libxml2 packages.\n\nFor the old stable distribution (sarge), this problem has been fixed\nin version 2.6.16-7sarge1.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.6.27.dfsg-2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libxml2\", reference:\"2.6.16-7sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libxml2-dev\", reference:\"2.6.16-7sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libxml2-doc\", reference:\"2.6.16-7sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libxml2-python2.3\", reference:\"2.6.16-7sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libxml2-utils\", reference:\"2.6.16-7sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"python-libxml2\", reference:\"2.6.16-7sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"python2.2-libxml2\", reference:\"2.6.16-7sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"python2.3-libxml2\", reference:\"2.6.16-7sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"python2.4-libxml2\", reference:\"2.6.16-7sarge1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxml2\", reference:\"2.6.27.dfsg-2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxml2-dbg\", reference:\"2.6.27.dfsg-2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxml2-dev\", reference:\"2.6.27.dfsg-2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxml2-doc\", reference:\"2.6.27.dfsg-2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libxml2-utils\", reference:\"2.6.27.dfsg-2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python-libxml2\", reference:\"2.6.27.dfsg-2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:05:58", "description": "Updated libxml2 packages that fix a security issue are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libxml2 packages provide a library that allows you to manipulate\nXML files. It includes support to read, modify, and write XML and HTML\nfiles.\n\nA denial of service flaw was found in the way libxml2 processes\ncertain content. If an application linked against libxml2 processes\nmalformed XML content, it could cause the application to stop\nresponding. (CVE-2007-6284)\n\nRed Hat would like to thank the Google Security Team for responsibly\ndisclosing this issue.\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue.", "edition": 27, "published": "2008-01-14T00:00:00", "title": "RHEL 2.1 / 3 / 4 / 5 : libxml2 (RHSA-2008:0032)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "modified": "2008-01-14T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:2.1", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:libxml2-devel", "p-cpe:/a:redhat:enterprise_linux:libxml2-python", "cpe:/o:redhat:enterprise_linux:5.1", "p-cpe:/a:redhat:enterprise_linux:libxml2", "cpe:/o:redhat:enterprise_linux:4.6"], "id": "REDHAT-RHSA-2008-0032.NASL", "href": "https://www.tenable.com/plugins/nessus/29954", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0032. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29954);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6284\");\n script_bugtraq_id(27248);\n script_xref(name:\"RHSA\", value:\"2008:0032\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 / 5 : libxml2 (RHSA-2008:0032)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libxml2 packages that fix a security issue are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libxml2 packages provide a library that allows you to manipulate\nXML files. It includes support to read, modify, and write XML and HTML\nfiles.\n\nA denial of service flaw was found in the way libxml2 processes\ncertain content. If an application linked against libxml2 processes\nmalformed XML content, it could cause the application to stop\nresponding. (CVE-2007-6284)\n\nRed Hat would like to thank the Google Security Team for responsibly\ndisclosing this issue.\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0032\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libxml2, libxml2-devel and / or libxml2-python\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0032\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"libxml2-2.4.19-7.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"libxml2-devel-2.4.19-7.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"libxml2-python-2.4.19-7.ent\")) flag++;\n\n\n if (rpm_check(release:\"RHEL3\", reference:\"libxml2-2.5.10-8\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"libxml2-devel-2.5.10-8\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"libxml2-python-2.5.10-8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"libxml2-2.6.16-10.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"libxml2-devel-2.6.16-10.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"libxml2-python-2.6.16-10.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"libxml2-2.6.26-2.1.2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"libxml2-devel-2.6.26-2.1.2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libxml2-python-2.6.26-2.1.2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"libxml2-python-2.6.26-2.1.2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libxml2-python-2.6.26-2.1.2.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-devel / libxml2-python\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T12:44:05", "description": "From Red Hat Security Advisory 2008:0032 :\n\nUpdated libxml2 packages that fix a security issue are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libxml2 packages provide a library that allows you to manipulate\nXML files. It includes support to read, modify, and write XML and HTML\nfiles.\n\nA denial of service flaw was found in the way libxml2 processes\ncertain content. If an application linked against libxml2 processes\nmalformed XML content, it could cause the application to stop\nresponding. (CVE-2007-6284)\n\nRed Hat would like to thank the Google Security Team for responsibly\ndisclosing this issue.\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 / 5 : libxml2 (ELSA-2008-0032)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libxml2-python", "p-cpe:/a:oracle:linux:libxml2-devel", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:3", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:libxml2"], "id": "ORACLELINUX_ELSA-2008-0032.NASL", "href": "https://www.tenable.com/plugins/nessus/67637", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0032 and \n# Oracle Linux Security Advisory ELSA-2008-0032 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67637);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6284\");\n script_bugtraq_id(27248);\n script_xref(name:\"RHSA\", value:\"2008:0032\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : libxml2 (ELSA-2008-0032)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0032 :\n\nUpdated libxml2 packages that fix a security issue are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe libxml2 packages provide a library that allows you to manipulate\nXML files. It includes support to read, modify, and write XML and HTML\nfiles.\n\nA denial of service flaw was found in the way libxml2 processes\ncertain content. If an application linked against libxml2 processes\nmalformed XML content, it could cause the application to stop\nresponding. (CVE-2007-6284)\n\nRed Hat would like to thank the Google Security Team for responsibly\ndisclosing this issue.\n\nAll users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-January/000481.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-January/000482.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-January/000485.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libxml2-2.5.10-8.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libxml2-2.5.10-8.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libxml2-devel-2.5.10-8.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libxml2-devel-2.5.10-8.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"libxml2-python-2.5.10-8.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"libxml2-python-2.5.10-8.0.1\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"libxml2-2.6.16-10.1.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"libxml2-2.6.16-10.1.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"libxml2-devel-2.6.16-10.1.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"libxml2-devel-2.6.16-10.1.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"libxml2-python-2.6.16-10.1.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"libxml2-python-2.6.16-10.1.0.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"libxml2-2.6.26-2.1.2.1.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libxml2-devel-2.6.26-2.1.2.1.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libxml2-python-2.6.26-2.1.2.1.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-devel / libxml2-python\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:43:49", "description": "A denial of service flaw was found in the way libxml2 processes\ncertain content. If an application linked against libxml2 processes\nmalformed XML content, it could cause the application to stop\nresponding. (CVE-2007-6284)", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080111_LIBXML2_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60342", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60342);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6284\");\n\n script_name(english:\"Scientific Linux Security Update : libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was found in the way libxml2 processes\ncertain content. If an application linked against libxml2 processes\nmalformed XML content, it could cause the application to stop\nresponding. (CVE-2007-6284)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0801&L=scientific-linux-errata&T=0&P=586\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?72684818\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libxml2, libxml2-devel and / or libxml2-python\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"libxml2-2.5.10-8\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"libxml2-devel-2.5.10-8\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"libxml2-python-2.5.10-8\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"libxml2-2.6.16-10.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libxml2-devel-2.6.16-10.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libxml2-python-2.6.16-10.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"libxml2-2.6.26-2.1.2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libxml2-devel-2.6.26-2.1.2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libxml2-python-2.6.26-2.1.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:06:17", "description": "This release fixes a potential Denial of Service attack on services\nusing libxml2 to parse user provided XML. All users are invited to\nupgrade. Fixes CVE-2007-6284\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2008-01-14T00:00:00", "title": "Fedora 8 : libxml2-2.6.31-1.fc8 (2008-0462)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "modified": "2008-01-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libxml2-debuginfo", "p-cpe:/a:fedoraproject:fedora:libxml2-devel", "p-cpe:/a:fedoraproject:fedora:libxml2", "p-cpe:/a:fedoraproject:fedora:libxml2-python", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2008-0462.NASL", "href": "https://www.tenable.com/plugins/nessus/29940", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-0462.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29940);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-6284\");\n script_bugtraq_id(27248);\n script_xref(name:\"FEDORA\", value:\"2008-0462\");\n\n script_name(english:\"Fedora 8 : libxml2-2.6.31-1.fc8 (2008-0462)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release fixes a potential Denial of Service attack on services\nusing libxml2 to parse user provided XML. All users are invited to\nupgrade. Fixes CVE-2007-6284\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=425927\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-January/006732.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d51b676a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"libxml2-2.6.31-1.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"libxml2-debuginfo-2.6.31-1.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"libxml2-devel-2.6.31-1.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"libxml2-python-2.6.31-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:02:14", "description": "libxml2 contained a DoS condition in xmlCurrentChar()'s UTF-8\nprocessing. CVE-2007-6284 has been assigned to this problem.", "edition": 24, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : libxml2 (YOU Patch Number 12032)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12032.NASL", "href": "https://www.tenable.com/plugins/nessus/41179", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41179);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6284\");\n\n script_name(english:\"SuSE9 Security Update : libxml2 (YOU Patch Number 12032)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libxml2 contained a DoS condition in xmlCurrentChar()'s UTF-8\nprocessing. CVE-2007-6284 has been assigned to this problem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6284.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12032.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"libxml2-2.6.7-28.11\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"libxml2-devel-2.6.7-28.11\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"libxml2-32bit-9-200712191220\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:06:17", "description": "This release fixes a potential Denial of Service attack on services\nusing libxml2 to parse user provided XML. All users are invited to\nupgrade. Fixes CVE-2007-6284\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2008-01-14T00:00:00", "title": "Fedora 7 : libxml2-2.6.31-1.fc7 (2008-0477)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6284"], "modified": "2008-01-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libxml2-debuginfo", "p-cpe:/a:fedoraproject:fedora:libxml2-devel", "cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:libxml2", "p-cpe:/a:fedoraproject:fedora:libxml2-python"], "id": "FEDORA_2008-0477.NASL", "href": "https://www.tenable.com/plugins/nessus/29943", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-0477.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29943);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-6284\");\n script_bugtraq_id(27248);\n script_xref(name:\"FEDORA\", value:\"2008-0477\");\n\n script_name(english:\"Fedora 7 : libxml2-2.6.31-1.fc7 (2008-0477)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release fixes a potential Denial of Service attack on services\nusing libxml2 to parse user provided XML. All users are invited to\nupgrade. Fixes CVE-2007-6284\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=425927\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-January/006749.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?411fe147\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"libxml2-2.6.31-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"libxml2-debuginfo-2.6.31-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"libxml2-devel-2.6.31-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"libxml2-python-2.6.31-1.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6284"], "description": "This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. ", "modified": "2008-01-11T22:13:53", "published": "2008-01-11T22:13:53", "id": "FEDORA:M0BMDCWH010776", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: libxml2-2.6.31-1.fc7", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6284"], "description": "This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. ", "modified": "2008-01-11T22:11:35", "published": "2008-01-11T22:11:35", "id": "FEDORA:M0BMBTTG010506", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: libxml2-2.6.31-1.fc8", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "vmware": [{"lastseen": "2019-11-06T16:05:53", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6284"], "description": "Updated libxml2 package to address a denial of service flaw. \n \nThanks to the Google security team for identifying and reporting this issue. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-6284 to this issue.\n", "edition": 4, "modified": "2008-04-11T00:00:00", "published": "2008-03-28T00:00:00", "id": "VMSA-2008-0006", "href": "https://www.vmware.com/security/advisories/VMSA-2008-0006.html", "title": "Updated libxml2 service console package", "type": "vmware", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}