{"id": "RHSA-2012:0017", "hash": "b0cb5e9db940a8a519aeccbeab7085ba", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:0017) Important: libxml2 security update", "description": "The libxml2 library is a development toolbox providing the implementation\nof various XML standards. One of those standards is the XML Path Language\n(XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in\nthe way libxml2 parsed certain XML files. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-0216)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XPath expressions. If an attacker\nwere able to supply a specially-crafted XML file to an application using\nlibxml2, as well as an XPath expression for that application to run against\nthe crafted file, it could cause the application to crash or, possibly,\nexecute arbitrary code. (CVE-2011-1944)\n\nFlaws were found in the way libxml2 parsed certain XPath expressions. If an\nattacker were able to supply a specially-crafted XML file to an application\nusing libxml2, as well as an XPath expression for that application to run\nagainst the crafted file, it could cause the application to crash.\n(CVE-2010-4008, CVE-2011-2834)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash.\n(CVE-2011-3905)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that\nwould allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be\nexploited; however, third-party applications may allow XPath expressions to\nbe passed which could trigger these flaws.\n\nRed Hat would like to thank the Google Security Team for reporting the\nCVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the\noriginal reporter of CVE-2010-4008.\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take effect.\n", "published": "2012-01-11T05:00:00", "modified": "2017-09-08T12:16:19", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2012:0017", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2010-4008", "CVE-2011-0216", "CVE-2011-1944", "CVE-2011-2834", "CVE-2011-3905", "CVE-2011-3919"], "lastseen": "2018-12-11T17:41:33", "history": [{"bulletin": {"id": "RHSA-2012:0017", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:0017) Important: libxml2 security update", "description": "The libxml2 library is a development toolbox providing the implementation\nof various XML standards. One of those standards is the XML Path Language\n(XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in\nthe way libxml2 parsed certain XML files. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-0216)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XPath expressions. If an attacker\nwere able to supply a specially-crafted XML file to an application using\nlibxml2, as well as an XPath expression for that application to run against\nthe crafted file, it could cause the application to crash or, possibly,\nexecute arbitrary code. (CVE-2011-1944)\n\nFlaws were found in the way libxml2 parsed certain XPath expressions. If an\nattacker were able to supply a specially-crafted XML file to an application\nusing libxml2, as well as an XPath expression for that application to run\nagainst the crafted file, it could cause the application to crash.\n(CVE-2010-4008, CVE-2011-2834)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash.\n(CVE-2011-3905)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that\nwould allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be\nexploited; however, third-party applications may allow XPath expressions to\nbe passed which could trigger these flaws.\n\nRed Hat would like to thank the Google Security Team for reporting the\nCVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the\noriginal reporter of CVE-2010-4008.\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take effect.\n", "published": "2012-01-11T05:00:00", "modified": "2016-04-04T18:41:20", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2012:0017", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2011-3905", "CVE-2010-4008", "CVE-2011-0216", "CVE-2011-3919", "CVE-2011-2834", "CVE-2011-1944"], "lastseen": "2016-09-04T11:17:37", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-devel-2.6.26-2.1.12.el5_7.2.ppc64.rpm", "operator": "lt", "packageName": "libxml2-devel", "OSVersion": "5", "OS": "RedHat", "arch": "ppc64"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-devel-2.6.26-2.1.12.el5_7.2.s390x.rpm", "operator": "lt", "packageName": "libxml2-devel", "OSVersion": "5", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-devel-2.6.26-2.1.12.el5_7.2.ia64.rpm", "operator": "lt", "packageName": "libxml2-devel", "OSVersion": "5", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-devel-2.6.26-2.1.12.el5_7.2.x86_64.rpm", "operator": "lt", "packageName": "libxml2-devel", "OSVersion": "5", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-2.6.26-2.1.12.el5_7.2.ppc64.rpm", "operator": "lt", "packageName": "libxml2", "OSVersion": "5", "OS": "RedHat", "arch": "ppc64"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-python-2.6.26-2.1.12.el5_7.2.s390x.rpm", "operator": "lt", "packageName": "libxml2-python", "OSVersion": "5", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-2.6.26-2.1.12.el5_7.2.ppc.rpm", "operator": "lt", "packageName": "libxml2", "OSVersion": "5", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-2.6.26-2.1.12.el5_7.2.x86_64.rpm", "operator": "lt", "packageName": "libxml2", "OSVersion": "5", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-2.6.26-2.1.12.el5_7.2.src.rpm", "operator": "lt", "packageName": "libxml2", "OSVersion": "5", "OS": "RedHat", "arch": "src"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-2.6.26-2.1.12.el5_7.2.ia64.rpm", "operator": "lt", "packageName": "libxml2", "OSVersion": "5", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-devel-2.6.26-2.1.12.el5_7.2.s390.rpm", "operator": "lt", "packageName": "libxml2-devel", "OSVersion": "5", "OS": "RedHat", "arch": "s390"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-2.6.26-2.1.12.el5_7.2.s390x.rpm", "operator": "lt", "packageName": "libxml2", "OSVersion": "5", "OS": "RedHat", "arch": "s390x"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm", "operator": "lt", "packageName": "libxml2-devel", "OSVersion": "5", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-python-2.6.26-2.1.12.el5_7.2.x86_64.rpm", "operator": "lt", "packageName": "libxml2-python", "OSVersion": "5", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-python-2.6.26-2.1.12.el5_7.2.ppc.rpm", "operator": "lt", "packageName": "libxml2-python", "OSVersion": "5", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm", "operator": "lt", "packageName": "libxml2", "OSVersion": "5", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-python-2.6.26-2.1.12.el5_7.2.ia64.rpm", "operator": "lt", "packageName": "libxml2-python", "OSVersion": "5", "OS": "RedHat", "arch": "ia64"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-devel-2.6.26-2.1.12.el5_7.2.ppc.rpm", "operator": "lt", "packageName": "libxml2-devel", "OSVersion": "5", "OS": "RedHat", "arch": "ppc"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-python-2.6.26-2.1.12.el5_7.2.i386.rpm", "operator": "lt", "packageName": "libxml2-python", "OSVersion": "5", "OS": "RedHat", "arch": "i386"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-2.6.26-2.1.12.el5_7.2.s390.rpm", "operator": "lt", "packageName": "libxml2", "OSVersion": "5", "OS": "RedHat", "arch": "s390"}]}, "lastseen": "2016-09-04T11:17:37", "differentElements": ["affectedPackage", "modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2012:0017", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:0017) Important: libxml2 security update", "description": "The libxml2 library is a development toolbox providing the implementation\nof various XML standards. One of those standards is the XML Path Language\n(XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in\nthe way libxml2 parsed certain XML files. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-0216)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XPath expressions. If an attacker\nwere able to supply a specially-crafted XML file to an application using\nlibxml2, as well as an XPath expression for that application to run against\nthe crafted file, it could cause the application to crash or, possibly,\nexecute arbitrary code. (CVE-2011-1944)\n\nFlaws were found in the way libxml2 parsed certain XPath expressions. If an\nattacker were able to supply a specially-crafted XML file to an application\nusing libxml2, as well as an XPath expression for that application to run\nagainst the crafted file, it could cause the application to crash.\n(CVE-2010-4008, CVE-2011-2834)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash.\n(CVE-2011-3905)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that\nwould allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be\nexploited; however, third-party applications may allow XPath expressions to\nbe passed which could trigger these flaws.\n\nRed Hat would like to thank the Google Security Team for reporting the\nCVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the\noriginal reporter of CVE-2010-4008.\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take effect.\n", "published": "2012-01-11T05:00:00", "modified": "2017-07-29T20:23:50", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2012:0017", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2010-4008", "CVE-2011-0216", "CVE-2011-1944", "CVE-2011-2834", "CVE-2011-3905", "CVE-2011-3919"], "lastseen": "2017-08-02T12:58:31", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2-devel", "packageFilename": "libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2-devel", "packageFilename": "libxml2-devel-2.6.26-2.1.12.el5_7.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}]}, "lastseen": "2017-08-02T12:58:31", "differentElements": ["affectedPackage", "modified"], "edition": 2}, {"bulletin": {"id": "RHSA-2012:0017", "hash": "6f6e3b27f2234f29b768b061a5a33b0f", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:0017) Important: libxml2 security update", "description": "The libxml2 library is a development toolbox providing the implementation\nof various XML standards. One of those standards is the XML Path Language\n(XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in\nthe way libxml2 parsed certain XML files. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-0216)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XPath expressions. If an attacker\nwere able to supply a specially-crafted XML file to an application using\nlibxml2, as well as an XPath expression for that application to run against\nthe crafted file, it could cause the application to crash or, possibly,\nexecute arbitrary code. (CVE-2011-1944)\n\nFlaws were found in the way libxml2 parsed certain XPath expressions. If an\nattacker were able to supply a specially-crafted XML file to an application\nusing libxml2, as well as an XPath expression for that application to run\nagainst the crafted file, it could cause the application to crash.\n(CVE-2010-4008, CVE-2011-2834)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash.\n(CVE-2011-3905)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that\nwould allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be\nexploited; however, third-party applications may allow XPath expressions to\nbe passed which could trigger these flaws.\n\nRed Hat would like to thank the Google Security Team for reporting the\nCVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the\noriginal reporter of CVE-2010-4008.\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take effect.\n", "published": "2012-01-11T05:00:00", "modified": "2017-09-08T12:16:19", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2012:0017", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2010-4008", "CVE-2011-0216", "CVE-2011-1944", "CVE-2011-2834", "CVE-2011-3905", "CVE-2011-3919"], "lastseen": "2017-09-09T07:20:03", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2", "packageFilename": "libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2-python", "packageFilename": "libxml2-python-2.6.26-2.1.12.el5_7.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2", "packageFilename": "libxml2-2.6.26-2.1.12.el5_7.2.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2-python", "packageFilename": "libxml2-python-2.6.26-2.1.12.el5_7.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2", "packageFilename": "libxml2-2.6.26-2.1.12.el5_7.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2-devel", "packageFilename": "libxml2-devel-2.6.26-2.1.12.el5_7.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2-python", "packageFilename": "libxml2-python-2.6.26-2.1.12.el5_7.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2", "packageFilename": "libxml2-2.6.26-2.1.12.el5_7.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2", "packageFilename": "libxml2-2.6.26-2.1.12.el5_7.2.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2-devel", "packageFilename": "libxml2-devel-2.6.26-2.1.12.el5_7.2.ppc64.rpm", "arch": "ppc64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2-devel", "packageFilename": "libxml2-devel-2.6.26-2.1.12.el5_7.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2-devel", "packageFilename": "libxml2-devel-2.6.26-2.1.12.el5_7.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2", "packageFilename": "libxml2-2.6.26-2.1.12.el5_7.2.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2", "packageFilename": "libxml2-2.6.26-2.1.12.el5_7.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2-python", "packageFilename": "libxml2-python-2.6.26-2.1.12.el5_7.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2-devel", "packageFilename": "libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2-devel", "packageFilename": "libxml2-devel-2.6.26-2.1.12.el5_7.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2-devel", "packageFilename": "libxml2-devel-2.6.26-2.1.12.el5_7.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2", "packageFilename": "libxml2-2.6.26-2.1.12.el5_7.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.26-2.1.12.el5_7.2", "packageName": "libxml2-python", "packageFilename": "libxml2-python-2.6.26-2.1.12.el5_7.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}]}, "lastseen": "2017-09-09T07:20:03", "differentElements": ["affectedPackage"], "edition": 3}], "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310870527", "OPENVAS:881182", "OPENVAS:1361412562310881182", "OPENVAS:870527", "OPENVAS:1361412562310122013", "OPENVAS:1361412562310103517", "OPENVAS:103517", "OPENVAS:881090", "OPENVAS:870530", "OPENVAS:840868"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2012-0017.NASL", "SL_20120111_LIBXML2_ON_SL5_X.NASL", "CENTOS_RHSA-2012-0017.NASL", "ORACLELINUX_ELSA-2012-0017.NASL", "VMWARE_VMSA-2012-0012_REMOTE.NASL", "VMWARE_VMSA-2012-0008_REMOTE.NASL", "VMWARE_ESXI_5_0_BUILD_764879_REMOTE.NASL", "REDHAT-RHSA-2012-0016.NASL", "ORACLELINUX_ELSA-2012-0016.NASL", "SL_20120111_LIBXML2_ON_SL4_X.NASL"]}, {"type": "centos", "idList": ["CESA-2012:0017", "CESA-2012:0016", "CESA-2013:0217", "CESA-2012:0018"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0017", "ELSA-2012-0016", "ELSA-2011-1749", "ELSA-2013-0217", "ELSA-2012-0018", "ELSA-2012-1288"]}, {"type": "cve", "idList": ["CVE-2010-4008", "CVE-2011-3905", "CVE-2011-3919", "CVE-2011-2834", "CVE-2011-1944", "CVE-2011-0216"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2394-1:72A72"]}, {"type": "vmware", "idList": ["VMSA-2012-0012", "VMSA-2012-0008"]}, {"type": "ubuntu", "idList": ["USN-1334-1"]}, {"type": "redhat", "idList": ["RHSA-2012:0016", "RHSA-2013:0217", "RHSA-2011:1749", "RHSA-2012:0018"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12101", "SECURITYVULNS:VULN:11744", "SECURITYVULNS:DOC:25124"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0107-1"]}, {"type": "gentoo", "idList": ["GLSA-201110-26"]}, {"type": "amazon", "idList": ["ALAS-2012-036"]}], "modified": "2018-12-11T17:41:33"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "libxml2", "packageVersion": "2.6.26-2.1.12.el5_7.2", "packageFilename": "libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"]}

{"openvas": [{"lastseen": "2018-11-23T15:17:17", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-01-13T00:00:00", "id": "OPENVAS:1361412562310870527", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870527", "title": "RedHat Update for libxml2 RHSA-2012:0017-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libxml2 RHSA-2012:0017-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-January/msg00005.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870527\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-13 10:42:53 +0530 (Fri, 13 Jan 2012)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:0017-01\");\n script_cve_id(\"CVE-2010-4008\", \"CVE-2011-0216\", \"CVE-2011-1944\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_name(\"RedHat Update for libxml2 RHSA-2012:0017-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"libxml2 on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The libxml2 library is a development toolbox providing the implementation\n of various XML standards. One of those standards is the XML Path Language\n (XPath), which is a language for addressing parts of an XML document.\n\n A heap-based buffer overflow flaw was found in the way libxml2 decoded\n entity references with long names. A remote attacker could provide a\n specially-crafted XML file that, when opened in an application linked\n against libxml2, would cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-3919)\n\n An off-by-one error, leading to a heap-based buffer overflow, was found in\n the way libxml2 parsed certain XML files. A remote attacker could provide a\n specially-crafted XML file that, when opened in an application linked\n against libxml2, would cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-0216)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way libxml2 parsed certain XPath expressions. If an attacker\n were able to supply a specially-crafted XML file to an application using\n libxml2, as well as an XPath expression for that application to run against\n the crafted file, it could cause the application to crash or, possibly,\n execute arbitrary code. (CVE-2011-1944)\n\n Flaws were found in the way libxml2 parsed certain XPath expressions. If an\n attacker were able to supply a specially-crafted XML file to an application\n using libxml2, as well as an XPath expression for that application to run\n against the crafted file, it could cause the application to crash.\n (CVE-2010-4008, CVE-2011-2834)\n\n An out-of-bounds memory read flaw was found in libxml2. A remote attacker\n could provide a specially-crafted XML file that, when opened in an\n application linked against libxml2, would cause the application to crash.\n (CVE-2011-3905)\n\n Note: Red Hat does not ship any applications that use libxml2 in a way that\n would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be\n exploited; however, third-party applications may allow XPath expressions to\n be passed which could trigger these flaws.\n\n Red Hat would like to thank the Google Security Team for reporting the\n CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the\n original reporter of CVE-2010-4008.\n\n All users of libxml2 are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues. The desktop must\n be restarted (log out, then log back in) for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.26~2.1.12.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.6.26~2.1.12.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.26~2.1.12.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.26~2.1.12.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:25:17", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2012-0017", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122013", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122013", "title": "Oracle Linux Local Check: ELSA-2012-0017", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0017.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122013\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:11:41 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0017\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0017 - libxml2 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0017\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0017.html\");\n script_cve_id(\"CVE-2010-4008\", \"CVE-2011-0216\", \"CVE-2011-1944\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.26~2.1.12.0.1.el5_7.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.26~2.1.12.0.1.el5_7.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.26~2.1.12.0.1.el5_7.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:56:29", "bulletinFamily": "scanner", "description": "Check for the Version of libxml2", "modified": "2017-12-29T00:00:00", "published": "2012-01-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870527", "id": "OPENVAS:870527", "title": "RedHat Update for libxml2 RHSA-2012:0017-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libxml2 RHSA-2012:0017-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libxml2 library is a development toolbox providing the implementation\n of various XML standards. One of those standards is the XML Path Language\n (XPath), which is a language for addressing parts of an XML document.\n\n A heap-based buffer overflow flaw was found in the way libxml2 decoded\n entity references with long names. A remote attacker could provide a\n specially-crafted XML file that, when opened in an application linked\n against libxml2, would cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-3919)\n \n An off-by-one error, leading to a heap-based buffer overflow, was found in\n the way libxml2 parsed certain XML files. A remote attacker could provide a\n specially-crafted XML file that, when opened in an application linked\n against libxml2, would cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-0216)\n \n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way libxml2 parsed certain XPath expressions. If an attacker\n were able to supply a specially-crafted XML file to an application using\n libxml2, as well as an XPath expression for that application to run against\n the crafted file, it could cause the application to crash or, possibly,\n execute arbitrary code. (CVE-2011-1944)\n \n Flaws were found in the way libxml2 parsed certain XPath expressions. If an\n attacker were able to supply a specially-crafted XML file to an application\n using libxml2, as well as an XPath expression for that application to run\n against the crafted file, it could cause the application to crash.\n (CVE-2010-4008, CVE-2011-2834)\n \n An out-of-bounds memory read flaw was found in libxml2. A remote attacker\n could provide a specially-crafted XML file that, when opened in an\n application linked against libxml2, would cause the application to crash.\n (CVE-2011-3905)\n \n Note: Red Hat does not ship any applications that use libxml2 in a way that\n would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be\n exploited; however, third-party applications may allow XPath expressions to\n be passed which could trigger these flaws.\n \n Red Hat would like to thank the Google Security Team for reporting the\n CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the\n original reporter of CVE-2010-4008.\n \n All users of libxml2 are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues. The desktop must\n be restarted (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"libxml2 on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-January/msg00005.html\");\n script_id(870527);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-13 10:42:53 +0530 (Fri, 13 Jan 2012)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:0017-01\");\n script_cve_id(\"CVE-2010-4008\", \"CVE-2011-0216\", \"CVE-2011-1944\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_name(\"RedHat Update for libxml2 RHSA-2012:0017-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.26~2.1.12.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.6.26~2.1.12.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.26~2.1.12.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.26~2.1.12.el5_7.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:47", "bulletinFamily": "scanner", "description": "Check for the Version of libxml2", "modified": "2018-04-06T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881182", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881182", "title": "CentOS Update for libxml2 CESA-2012:0017 centos5 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2012:0017 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libxml2 library is a development toolbox providing the implementation\n of various XML standards. One of those standards is the XML Path Language\n (XPath), which is a language for addressing parts of an XML document.\n\n A heap-based buffer overflow flaw was found in the way libxml2 decoded\n entity references with long names. A remote attacker could provide a\n specially-crafted XML file that, when opened in an application linked\n against libxml2, would cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-3919)\n \n An off-by-one error, leading to a heap-based buffer overflow, was found in\n the way libxml2 parsed certain XML files. A remote attacker could provide a\n specially-crafted XML file that, when opened in an application linked\n against libxml2, would cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-0216)\n \n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way libxml2 parsed certain XPath expressions. If an attacker\n were able to supply a specially-crafted XML file to an application using\n libxml2, as well as an XPath expression for that application to run against\n the crafted file, it could cause the application to crash or, possibly,\n execute arbitrary code. (CVE-2011-1944)\n \n Flaws were found in the way libxml2 parsed certain XPath expressions. If an\n attacker were able to supply a specially-crafted XML file to an application\n using libxml2, as well as an XPath expression for that application to run\n against the crafted file, it could cause the application to crash.\n (CVE-2010-4008, CVE-2011-2834)\n \n An out-of-bounds memory read flaw was found in libxml2. A remote attacker\n could provide a specially-crafted XML file that, when opened in an\n application linked against libxml2, would cause the application to crash.\n (CVE-2011-3905)\n \n Note: Red Hat does not ship any applications that use libxml2 in a way that\n would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be\n exploited; however, third-party applications may allow XPath expressions to\n be passed which could trigger these flaws.\n \n Red Hat would like to thank the Google Security Team for reporting the\n CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the\n original reporter of CVE-2010-4008.\n \n All users of libxml2 are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues. The desktop must\n be restarted (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"libxml2 on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-January/018371.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881182\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:34:13 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-4008\", \"CVE-2011-0216\", \"CVE-2011-1944\", \"CVE-2011-2834\",\n \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0017\");\n script_name(\"CentOS Update for libxml2 CESA-2012:0017 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.26~2.1.12.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.26~2.1.12.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.26~2.1.12.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-11T11:07:12", "bulletinFamily": "scanner", "description": "Check for the Version of libxml2", "modified": "2018-01-09T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881182", "id": "OPENVAS:881182", "title": "CentOS Update for libxml2 CESA-2012:0017 centos5 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2012:0017 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libxml2 library is a development toolbox providing the implementation\n of various XML standards. One of those standards is the XML Path Language\n (XPath), which is a language for addressing parts of an XML document.\n\n A heap-based buffer overflow flaw was found in the way libxml2 decoded\n entity references with long names. A remote attacker could provide a\n specially-crafted XML file that, when opened in an application linked\n against libxml2, would cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-3919)\n \n An off-by-one error, leading to a heap-based buffer overflow, was found in\n the way libxml2 parsed certain XML files. A remote attacker could provide a\n specially-crafted XML file that, when opened in an application linked\n against libxml2, would cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-0216)\n \n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the way libxml2 parsed certain XPath expressions. If an attacker\n were able to supply a specially-crafted XML file to an application using\n libxml2, as well as an XPath expression for that application to run against\n the crafted file, it could cause the application to crash or, possibly,\n execute arbitrary code. (CVE-2011-1944)\n \n Flaws were found in the way libxml2 parsed certain XPath expressions. If an\n attacker were able to supply a specially-crafted XML file to an application\n using libxml2, as well as an XPath expression for that application to run\n against the crafted file, it could cause the application to crash.\n (CVE-2010-4008, CVE-2011-2834)\n \n An out-of-bounds memory read flaw was found in libxml2. A remote attacker\n could provide a specially-crafted XML file that, when opened in an\n application linked against libxml2, would cause the application to crash.\n (CVE-2011-3905)\n \n Note: Red Hat does not ship any applications that use libxml2 in a way that\n would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be\n exploited; however, third-party applications may allow XPath expressions to\n be passed which could trigger these flaws.\n \n Red Hat would like to thank the Google Security Team for reporting the\n CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the\n original reporter of CVE-2010-4008.\n \n All users of libxml2 are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues. The desktop must\n be restarted (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"libxml2 on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-January/018371.html\");\n script_id(881182);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:34:13 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2010-4008\", \"CVE-2011-0216\", \"CVE-2011-1944\", \"CVE-2011-2834\",\n \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0017\");\n script_name(\"CentOS Update for libxml2 CESA-2012:0017 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.26~2.1.12.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.26~2.1.12.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.26~2.1.12.el5_7.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-01T10:32:58", "bulletinFamily": "scanner", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2012-0012.", "modified": "2018-09-28T00:00:00", "published": "2012-07-13T00:00:00", "id": "OPENVAS:1361412562310103517", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103517", "title": "VMSA-2012-0012 VMware ESXi update addresses several security issues.", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2012-0012.nasl 11696 2018-09-28 21:16:43Z cfischer $\n#\n# VMSA-2012-0012 VMware ESXi update addresses several security issues.\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103517\");\n script_cve_id(\"CVE-2010-4008\", \"CVE-2010-4494\", \"CVE-2011-0216\", \"CVE-2011-1944\", \"CVE-2011-2821\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\", \"CVE-2012-0841\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 11696 $\");\n script_name(\"VMSA-2012-0012 VMware ESXi update addresses several security issues.\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 23:16:43 +0200 (Fri, 28 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-13 17:02:01 +0100 (Fri, 13 Jul 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\", \"VMware/ESX/version\");\n\n script_xref(name:\"URL\", value:\"http://www.vmware.com/security/advisories/VMSA-2012-0012.html\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"summary\", value:\"The remote ESXi is missing one or more security related Updates from VMSA-2012-0012.\");\n\n script_tag(name:\"affected\", value:\"ESX 5.0 without patch ESXi500-201207101-SG\n\n ESXi 4.1 without patch ESXi410-201208101-SG\");\n\n script_tag(name:\"insight\", value:\"VMware ESXi update addresses several security issues.\n\n a. ESXi update to third party component libxml2\n\n The libxml2 third party library has been updated which addresses multiple security issues.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item('VMware/ESXi/LSC'))exit(0);\nif(! esxVersion = get_kb_item(\"VMware/ESX/version\"))exit(0);\n\npatches = make_array(\"5.0.0\",\"VIB:esx-base:5.0.0-1.18.768111\",\n \"4.0.0\",\"ESXi400-201209401-SG\",\n \"4.1.0\",\"ESXi410-201208101-SG\");\n\nif(!patches[esxVersion])exit(0);\n\nif(_esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n security_message(port:0);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:49", "bulletinFamily": "scanner", "description": "The remote ESXi is missing one or more security related Updates from VMSA-2012-0012.\n\nSummary\nVMware ESXi update addresses several security issues.\n\nRelevant releases\nESX 5.0 without patch ESXi500-201207101-SG\nESXi 4.1 without patch ESXi410-201208101-SG\n\nProblem Description\n\na. ESXi update to third party component libxml2\n\nThe libxml2 third party library has been updated which addresses multiple security issues.\n\nSolution\nApply the missing patch(es).", "modified": "2017-04-10T00:00:00", "published": "2012-07-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=103517", "id": "OPENVAS:103517", "title": "VMSA-2012-0012 VMware ESXi update addresses several security issues.", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_VMSA-2012-0012.nasl 5912 2017-04-10 09:01:51Z teissa $\n#\n# VMSA-2012-0012 VMware ESXi update addresses several security issues.\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"The remote ESXi is missing one or more security related Updates from VMSA-2012-0012.\n\nSummary\nVMware ESXi update addresses several security issues.\n\nRelevant releases\nESX 5.0 without patch ESXi500-201207101-SG\nESXi 4.1 without patch ESXi410-201208101-SG\n\nProblem Description\n\na. ESXi update to third party component libxml2\n\nThe libxml2 third party library has been updated which addresses multiple security issues.\n\nSolution\nApply the missing patch(es).\";\n\n\nif (description)\n{\n script_id(103517);\n script_cve_id(\"CVE-2010-4008\",\"CVE-2010-4494\",\"CVE-2011-0216\",\"CVE-2011-1944\",\"CVE-2011-2821\",\"CVE-2011-2834\",\"CVE-2011-3905\",\"CVE-2011-3919\",\"CVE-2012-0841\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version (\"$Revision: 5912 $\");\n script_name(\"VMSA-2012-0012 VMware ESXi update addresses several security issues.\");\n\n\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-10 11:01:51 +0200 (Mon, 10 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-13 17:02:01 +0100 (Fri, 13 Jul 2012)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"VMware Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2012 Greenbone Networks GmbH\");\n script_dependencies(\"gb_vmware_esxi_init.nasl\");\n script_mandatory_keys(\"VMware/ESXi/LSC\",\"VMware/ESX/version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://www.vmware.com/security/advisories/VMSA-2012-0012.html\");\n exit(0);\n}\n\ninclude(\"vmware_esx.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item('VMware/ESXi/LSC'))exit(0);\nif(! esxVersion = get_kb_item(\"VMware/ESX/version\"))exit(0);\n\npatches = make_array(\"5.0.0\",\"VIB:esx-base:5.0.0-1.18.768111\",\n \"4.0.0\",\"ESXi400-201209401-SG\",\n \"4.1.0\",\"ESXi410-201208101-SG\");\n\nif(!patches[esxVersion])exit(0);\n\nif(_esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {\n\n security_message(port:0);\n exit(0);\n\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:56:19", "bulletinFamily": "scanner", "description": "Check for the Version of libxml2", "modified": "2018-01-02T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881090", "id": "OPENVAS:881090", "title": "CentOS Update for libxml2 CESA-2012:0016 centos4 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2012:0016 centos4 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libxml2 library is a development toolbox providing the implementation\n of various XML standards. One of those standards is the XML Path Language\n (XPath), which is a language for addressing parts of an XML document.\n\n A heap-based buffer overflow flaw was found in the way libxml2 decoded\n entity references with long names. A remote attacker could provide a\n specially-crafted XML file that, when opened in an application linked\n against libxml2, would cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-3919)\n \n An off-by-one error, leading to a heap-based buffer overflow, was found in\n the way libxml2 parsed certain XML files. A remote attacker could provide a\n specially-crafted XML file that, when opened in an application linked\n against libxml2, would cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-0216)\n \n A flaw was found in the way libxml2 parsed certain XPath expressions. If an\n attacker were able to supply a specially-crafted XML file to an application\n using libxml2, as well as an XPath expression for that application to run\n against the crafted file, it could cause the application to crash.\n (CVE-2011-2834)\n \n Note: Red Hat does not ship any applications that use libxml2 in a way that\n would allow the CVE-2011-2834 flaw to be exploited; however, third-party\n applications may allow XPath expressions to be passed which could trigger\n this flaw.\n \n An out-of-bounds memory read flaw was found in libxml2. A remote attacker\n could provide a specially-crafted XML file that, when opened in an\n application linked against libxml2, would cause the application to crash.\n (CVE-2011-3905)\n \n All users of libxml2 are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues. The desktop must\n be restarted (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"libxml2 on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-January/018369.html\");\n script_id(881090);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:05:28 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0016\");\n script_name(\"CentOS Update for libxml2 CESA-2012:0016 centos4 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.16~12.9\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.16~12.9\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.16~12.9\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:58:02", "bulletinFamily": "scanner", "description": "Check for the Version of libxml2", "modified": "2017-12-26T00:00:00", "published": "2012-01-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870530", "id": "OPENVAS:870530", "title": "RedHat Update for libxml2 RHSA-2012:0016-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libxml2 RHSA-2012:0016-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libxml2 library is a development toolbox providing the implementation\n of various XML standards. One of those standards is the XML Path Language\n (XPath), which is a language for addressing parts of an XML document.\n\n A heap-based buffer overflow flaw was found in the way libxml2 decoded\n entity references with long names. A remote attacker could provide a\n specially-crafted XML file that, when opened in an application linked\n against libxml2, would cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-3919)\n \n An off-by-one error, leading to a heap-based buffer overflow, was found in\n the way libxml2 parsed certain XML files. A remote attacker could provide a\n specially-crafted XML file that, when opened in an application linked\n against libxml2, would cause the application to crash or, potentially,\n execute arbitrary code with the privileges of the user running the\n application. (CVE-2011-0216)\n \n A flaw was found in the way libxml2 parsed certain XPath expressions. If an\n attacker were able to supply a specially-crafted XML file to an application\n using libxml2, as well as an XPath expression for that application to run\n against the crafted file, it could cause the application to crash.\n (CVE-2011-2834)\n \n Note: Red Hat does not ship any applications that use libxml2 in a way that\n would allow the CVE-2011-2834 flaw to be exploited; however, third-party\n applications may allow XPath expressions to be passed which could trigger\n this flaw.\n \n An out-of-bounds memory read flaw was found in libxml2. A remote attacker\n could provide a specially-crafted XML file that, when opened in an\n application linked against libxml2, would cause the application to crash.\n (CVE-2011-3905)\n \n All users of libxml2 are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues. The desktop must\n be restarted (log out, then log back in) for this update to take effect.\";\n\ntag_affected = \"libxml2 on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-January/msg00004.html\");\n script_id(870530);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-13 10:45:41 +0530 (Fri, 13 Jan 2012)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:0016-01\");\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_name(\"RedHat Update for libxml2 RHSA-2012:0016-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libxml2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.6.16~12.9\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.6.16~12.9\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.6.16~12.9\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.6.16~12.9\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:20:13", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1334-1", "modified": "2017-12-01T00:00:00", "published": "2012-01-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840868", "id": "OPENVAS:840868", "title": "Ubuntu Update for libxml2 USN-1334-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1334_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for libxml2 USN-1334-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that libxml2 contained an off by one error. If a user or\n application linked against libxml2 were tricked into opening a specially\n crafted XML file, an attacker could cause the application to crash or\n possibly execute arbitrary code with the privileges of the user invoking\n the program. (CVE-2011-0216)\n\n It was discovered that libxml2 is vulnerable to double-free conditions\n when parsing certain XML documents. This could allow a remote attacker to\n cause a denial of service. (CVE-2011-2821, CVE-2011-2834)\n\n It was discovered that libxml2 did not properly detect end of file when\n parsing certain XML documents. An attacker could exploit this to crash\n applications linked against libxml2. (CVE-2011-3905)\n\n It was discovered that libxml2 did not properly decode entity references\n with long names. If a user or application linked against libxml2 were\n tricked into opening a specially crafted XML file, an attacker could cause\n the application to crash or possibly execute arbitrary code with the\n privileges of the user invoking the program. (CVE-2011-3919)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1334-1\";\ntag_affected = \"libxml2 on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1334-1/\");\n script_id(840868);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-20 11:00:26 +0530 (Fri, 20 Jan 2012)\");\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2821\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1334-1\");\n script_name(\"Ubuntu Update for libxml2 USN-1334-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.7.7.dfsg-4ubuntu0.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.7.6.dfsg-1ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.7.8.dfsg-2ubuntu0.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.6.31.dfsg-2ubuntu1.7\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:15:51", "bulletinFamily": "scanner", "description": "Updated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code.\n(CVE-2011-1944)\n\nFlaws were found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2011-2834)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws.\n\nRed Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008.\n\nAll users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.", "modified": "2018-11-26T00:00:00", "id": "REDHAT-RHSA-2012-0017.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57492", "published": "2012-01-12T00:00:00", "title": "RHEL 5 : libxml2 (RHSA-2012:0017)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0017. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57492);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2010-4008\", \"CVE-2011-0216\", \"CVE-2011-1944\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_bugtraq_id(44779, 48056);\n script_xref(name:\"RHSA\", value:\"2012:0017\");\n\n script_name(english:\"RHEL 5 : libxml2 (RHSA-2012:0017)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libxml2 packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards. One of those standards is the\nXML Path Language (XPath), which is a language for addressing parts of\nan XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XML files. A remote attacker\ncould provide a specially crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-0216)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XPath expressions. If an\nattacker were able to supply a specially crafted XML file to an\napplication using libxml2, as well as an XPath expression for that\napplication to run against the crafted file, it could cause the\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2011-1944)\n\nFlaws were found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an\napplication using libxml2, as well as an XPath expression for that\napplication to run against the crafted file, it could cause the\napplication to crash. (CVE-2010-4008, CVE-2011-2834)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when opened\nin an application linked against libxml2, would cause the application\nto crash. (CVE-2011-3905)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way\nthat would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834\nflaws to be exploited; however, third-party applications may allow\nXPath expressions to be passed which could trigger these flaws.\n\nRed Hat would like to thank the Google Security Team for reporting the\nCVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as\nthe original reporter of CVE-2010-4008.\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0017\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libxml2, libxml2-devel and / or libxml2-python\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0017\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"libxml2-2.6.26-2.1.12.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"libxml2-devel-2.6.26-2.1.12.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libxml2-python-2.6.26-2.1.12.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"libxml2-python-2.6.26-2.1.12.el5_7.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libxml2-python-2.6.26-2.1.12.el5_7.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-devel / libxml2-python\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:50", "bulletinFamily": "scanner", "description": "Updated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code.\n(CVE-2011-1944)\n\nFlaws were found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2011-2834)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws.\n\nRed Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008.\n\nAll users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2012-0017.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57487", "published": "2012-01-12T00:00:00", "title": "CentOS 5 : libxml2 (CESA-2012:0017)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0017 and \n# CentOS Errata and Security Advisory 2012:0017 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57487);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2010-4008\", \"CVE-2011-0216\", \"CVE-2011-1944\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_bugtraq_id(44779, 48056);\n script_xref(name:\"RHSA\", value:\"2012:0017\");\n\n script_name(english:\"CentOS 5 : libxml2 (CESA-2012:0017)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libxml2 packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards. One of those standards is the\nXML Path Language (XPath), which is a language for addressing parts of\nan XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XML files. A remote attacker\ncould provide a specially crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-0216)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XPath expressions. If an\nattacker were able to supply a specially crafted XML file to an\napplication using libxml2, as well as an XPath expression for that\napplication to run against the crafted file, it could cause the\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2011-1944)\n\nFlaws were found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an\napplication using libxml2, as well as an XPath expression for that\napplication to run against the crafted file, it could cause the\napplication to crash. (CVE-2010-4008, CVE-2011-2834)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when opened\nin an application linked against libxml2, would cause the application\nto crash. (CVE-2011-3905)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way\nthat would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834\nflaws to be exploited; however, third-party applications may allow\nXPath expressions to be passed which could trigger these flaws.\n\nRed Hat would like to thank the Google Security Team for reporting the\nCVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as\nthe original reporter of CVE-2010-4008.\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-January/018371.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dd9a3ea0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"libxml2-2.6.26-2.1.12.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libxml2-devel-2.6.26-2.1.12.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libxml2-python-2.6.26-2.1.12.el5_7.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:20", "bulletinFamily": "scanner", "description": "The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code.\n(CVE-2011-1944)\n\nFlaws were found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2011-2834)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)\n\nNote: Scientific Linux does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws.\n\nAll users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.", "modified": "2018-12-31T00:00:00", "id": "SL_20120111_LIBXML2_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61217", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : libxml2 on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61217);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2010-4008\", \"CVE-2011-0216\", \"CVE-2011-1944\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n\n script_name(english:\"Scientific Linux Security Update : libxml2 on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libxml2 library is a development toolbox providing the\nimplementation of various XML standards. One of those standards is the\nXML Path Language (XPath), which is a language for addressing parts of\nan XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XML files. A remote attacker\ncould provide a specially crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-0216)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XPath expressions. If an\nattacker were able to supply a specially crafted XML file to an\napplication using libxml2, as well as an XPath expression for that\napplication to run against the crafted file, it could cause the\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2011-1944)\n\nFlaws were found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an\napplication using libxml2, as well as an XPath expression for that\napplication to run against the crafted file, it could cause the\napplication to crash. (CVE-2010-4008, CVE-2011-2834)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when opened\nin an application linked against libxml2, would cause the application\nto crash. (CVE-2011-3905)\n\nNote: Scientific Linux does not ship any applications that use libxml2\nin a way that would allow the CVE-2011-1944, CVE-2010-4008, and\nCVE-2011-2834 flaws to be exploited; however, third-party applications\nmay allow XPath expressions to be passed which could trigger these\nflaws.\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1201&L=scientific-linux-errata&T=0&P=851\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3577703f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"libxml2-2.6.26-2.1.12.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libxml2-debuginfo-2.6.26-2.1.12.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libxml2-devel-2.6.26-2.1.12.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libxml2-python-2.6.26-2.1.12.el5_7.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:33", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2012:0017 :\n\nUpdated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code.\n(CVE-2011-1944)\n\nFlaws were found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2011-2834)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws.\n\nRed Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008.\n\nAll users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2012-0017.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68429", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : libxml2 (ELSA-2012-0017)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0017 and \n# Oracle Linux Security Advisory ELSA-2012-0017 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68429);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2010-4008\", \"CVE-2011-0216\", \"CVE-2011-1944\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_bugtraq_id(44779, 48056, 48832, 49658, 51084, 51300);\n script_xref(name:\"RHSA\", value:\"2012:0017\");\n\n script_name(english:\"Oracle Linux 5 : libxml2 (ELSA-2012-0017)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0017 :\n\nUpdated libxml2 packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards. One of those standards is the\nXML Path Language (XPath), which is a language for addressing parts of\nan XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XML files. A remote attacker\ncould provide a specially crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-0216)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XPath expressions. If an\nattacker were able to supply a specially crafted XML file to an\napplication using libxml2, as well as an XPath expression for that\napplication to run against the crafted file, it could cause the\napplication to crash or, possibly, execute arbitrary code.\n(CVE-2011-1944)\n\nFlaws were found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an\napplication using libxml2, as well as an XPath expression for that\napplication to run against the crafted file, it could cause the\napplication to crash. (CVE-2010-4008, CVE-2011-2834)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when opened\nin an application linked against libxml2, would cause the application\nto crash. (CVE-2011-3905)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way\nthat would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834\nflaws to be exploited; however, third-party applications may allow\nXPath expressions to be passed which could trigger these flaws.\n\nRed Hat would like to thank the Google Security Team for reporting the\nCVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as\nthe original reporter of CVE-2010-4008.\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-January/002549.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"libxml2-2.6.26-2.1.12.0.1.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libxml2-devel-2.6.26-2.1.12.0.1.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libxml2-python-2.6.26-2.1.12.0.1.el5_7.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-devel / libxml2-python\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:26:12", "bulletinFamily": "scanner", "description": "The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components :\n\n - COS kernel\n - libxml2", "modified": "2018-08-06T00:00:00", "id": "VMWARE_VMSA-2012-0008_REMOTE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=89109", "published": "2016-03-03T00:00:00", "title": "VMware ESX Service Console Multiple Vulnerabilities (VMSA-2012-0008) (remote check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89109);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\n \"CVE-2010-4008\",\n \"CVE-2011-0216\",\n \"CVE-2011-1944\",\n \"CVE-2011-2834\",\n \"CVE-2011-3191\",\n \"CVE-2011-3905\",\n \"CVE-2011-3919\",\n \"CVE-2011-4348\",\n \"CVE-2012-0028\"\n );\n script_bugtraq_id(\n 44779,\n 48056,\n 48832,\n 49295,\n 49658,\n 51084,\n 51300,\n 51363,\n 51947\n );\n script_xref(name:\"VMSA\", value:\"2012-0008\");\n\n script_name(english:\"VMware ESX Service Console Multiple Vulnerabilities (VMSA-2012-0008) (remote check)\");\n script_summary(english:\"Checks the remote ESX host's version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESX host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX host is missing a security-related patch. It is,\ntherefore, affected by multiple vulnerabilities, including remote code\nexecution vulnerabilities, in the following components :\n\n - COS kernel\n - libxml2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2012-0008.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Misc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\nesx = \"ESX/ESXi\";\n\nextract = eregmatch(pattern:\"^(ESXi?) (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, esx);\nelse\n{\n esx = extract[1];\n ver = extract[2];\n}\n\nproduct = \"VMware \" + esx;\n\n# fix builds \nfixes = make_array(\n \"ESX 4.1\", 659051\n);\n\nkey = esx + ' ' + ver;\nfix = NULL;\nfix = fixes[key];\n\nbmatch = eregmatch(pattern:'^VMware ESXi?.*build-([0-9]+)$', string:rel);\nif (empty_or_null(bmatch))\n audit(AUDIT_UNKNOWN_BUILD, product, ver);\n\nbuild = int(bmatch[1]);\n\nif (!fix)\n audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);\n\nif (build < fix)\n{\n # properly spaced label\n if (\"ESXi\" >< esx) ver_label = ' version : ';\n else ver_label = ' version : ';\n report = '\\n ' + esx + ver_label + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, product, ver, build);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:26:09", "bulletinFamily": "scanner", "description": "The remote VMware ESX / ESXi host is affected by multiple vulnerabilities :\n\n - Multiple remote code execution vulnerabilities exist in the bundled libxml2 library in the xmlXPathNextPrecedingSibling(), xmlNodePtr(), and xmlXPathNextPrecedingInternal() functions due to improper processing of namespaces and attributes nodes.\n A remote attacker can exploit these, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2010-4008)\n\n - Multiple remote code execution vulnerabilities exist in the bundled libxml2 library in the xmlCharEncFirstLineInt() and xmlCharEncInFunc() functions due to an off-by-one overflow condition. A remote attacker can exploit these, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2011-0216)\n\n - A remote code execution vulnerability exists in the bundled libxml2 library due to improper sanitization of user-supplied input when processing an XPath nodeset. A remote attacker can exploit this, via a specially crafted request, to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2011-1944)\n\n - A remote code execution vulnerability exists in the bundled libxml2 library in the xmlXPathCompOpEval() function due to improper processing of invalid XPath expressions. A remote attacker can exploit this, via a specially crafted XSLT stylesheet, to cause a denial of service condition or the execution of arbitrary code. (CVE-2011-2834)\n\n - A denial of service vulnerability exists in the bundled libxml2 library due to multiple out-of-bounds read errors in parser.c that occur when getting a Stop order.\n A remote attacker can exploit this, via a specially crafted XML document, to cause a denial of service condition. (CVE-2011-3905)\n\n - A remote code execution vulnerability exists in the bundled libxml2 library in the xmlStringLenDecodeEntities() function in parser.c due to an overflow condition that occurs when copying entities. A remote attacker can exploit this, via a specially crafted request, to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2011-3919)\n\n - A denial of service vulnerability exists in the bundled libxml2 library due to improper processing of crafted parameters. A remote attacker can exploit this to cause a hash collision, resulting in a denial of service condition. (CVE-2012-0841)", "modified": "2018-08-16T00:00:00", "id": "VMWARE_VMSA-2012-0012_REMOTE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=89037", "published": "2016-02-29T00:00:00", "title": "VMware ESX / ESXi libxml2 Multiple Vulnerabilities (VMSA-2012-0012) (remote check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89037);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/08/16 18:29:35\");\n\n script_cve_id(\n \"CVE-2010-4008\",\n \"CVE-2011-0216\",\n \"CVE-2011-1944\",\n \"CVE-2011-2834\",\n \"CVE-2011-3905\",\n \"CVE-2011-3919\",\n \"CVE-2012-0841\"\n );\n script_bugtraq_id(\n 44779,\n 48056,\n 48832,\n 49658, \n 51084,\n 51300,\n 52107\n );\n script_xref(name:\"VMSA\", value:\"2012-0012\");\n script_xref(name:\"IAVA\", value:\"2012-A-0148\");\n\n script_name(english:\"VMware ESX / ESXi libxml2 Multiple Vulnerabilities (VMSA-2012-0012) (remote check)\");\n script_summary(english:\"Checks the ESX / ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESX / ESXi host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX / ESXi host is affected by multiple\nvulnerabilities :\n\n - Multiple remote code execution vulnerabilities exist in\n the bundled libxml2 library in the\n xmlXPathNextPrecedingSibling(), xmlNodePtr(), and\n xmlXPathNextPrecedingInternal() functions due to\n improper processing of namespaces and attributes nodes.\n A remote attacker can exploit these, via a specially\n crafted XML file, to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2010-4008)\n\n - Multiple remote code execution vulnerabilities exist in\n the bundled libxml2 library in the\n xmlCharEncFirstLineInt() and xmlCharEncInFunc()\n functions due to an off-by-one overflow condition. A\n remote attacker can exploit these, via a specially\n crafted XML file, to cause a denial of service condition\n or the execution of arbitrary code. (CVE-2011-0216)\n\n - A remote code execution vulnerability exists in the\n bundled libxml2 library due to improper sanitization of\n user-supplied input when processing an XPath nodeset. A\n remote attacker can exploit this, via a specially\n crafted request, to cause a heap-based buffer overflow,\n resulting in a denial of service condition or the\n execution of arbitrary code. (CVE-2011-1944)\n\n - A remote code execution vulnerability exists in the\n bundled libxml2 library in the xmlXPathCompOpEval()\n function due to improper processing of invalid XPath\n expressions. A remote attacker can exploit this, via a\n specially crafted XSLT stylesheet, to cause a denial of\n service condition or the execution of arbitrary code. \n (CVE-2011-2834)\n\n - A denial of service vulnerability exists in the bundled\n libxml2 library due to multiple out-of-bounds read\n errors in parser.c that occur when getting a Stop order.\n A remote attacker can exploit this, via a specially\n crafted XML document, to cause a denial of service\n condition. (CVE-2011-3905)\n\n - A remote code execution vulnerability exists in the\n bundled libxml2 library in the\n xmlStringLenDecodeEntities() function in parser.c due\n to an overflow condition that occurs when copying\n entities. A remote attacker can exploit this, via a\n specially crafted request, to cause a heap-based buffer\n overflow, resulting in a denial of service condition or\n the execution of arbitrary code. (CVE-2011-3919)\n\n - A denial of service vulnerability exists in the bundled\n libxml2 library due to improper processing of crafted\n parameters. A remote attacker can exploit this to cause\n a hash collision, resulting in a denial of service\n condition. (CVE-2012-0841)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.vmware.com/security/advisories/VMSA-2012-0012.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX version 5.0 or ESXi version 4.0 / 4.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/29\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Misc.\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/VMware/version\");\nrelease = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\n\n# Version + build map\n# https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1014508\nfixes = make_array();\nfixes[\"ESXi 4.0\"] = 787047;\nfixes[\"ESXi 4.1\"] = 800380;\nfixes[\"ESXi 5.0\"] = 764879;\n\n# Extra fixes to report\nextra_fixes = make_array();\nextra_fixes[\"ESXi 4.1\"] = 811144;\nextra_fixes[\"ESXi 5.0\"] = 768111;\n\nmatches = eregmatch(pattern:'^VMware (ESXi?).*build-([0-9]+)$', string:release);\nif (empty_or_null(matches))\n exit(1, 'Failed to extract the ESX / ESXi build number.');\n\ntype = matches[1];\nif (type == \"ESX\") audit(AUDIT_HOST_NOT, \"VMware ESXi\");\n\nbuild = int(matches[2]);\n\nfixed_build = fixes[version];\n\nif (!isnull(fixed_build) && build < fixed_build)\n{\n if (!empty_or_null(extra_fixes[version])) fixed_build += \" / \" + extra_fixes[version];\n\n report = '\\n ESXi version : ' + version +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fixed_build +\n '\\n';\n\n security_report_v4(extra:report, port:port, severity:SECURITY_HOLE);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + version + \" build \" + build);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:16:37", "bulletinFamily": "scanner", "description": "a. ESX third-party update for Service Console kernel\n\n The ESX Service Console Operating System (COS) kernel is updated which addresses several security issues in the COS kernel.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-3191, CVE-2011-4348 and CVE-2012-0028 to these issues.\n\nb. Updated ESX Service Console package libxml2\n\n The ESX Console Operating System (COS) libxml2 rpms are updated to the following versions libxml2-2.6.26-2.1.12.el5_7.2 and libxml2-python-2.6.26-2.1.12.el5_7.2 which addresses several security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4008, CVE-2011-0216, CVE-2011-1944, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 to these issues.", "modified": "2018-08-06T00:00:00", "id": "VMWARE_VMSA-2012-0008.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58903", "published": "2012-04-28T00:00:00", "title": "VMSA-2012-0008 : VMware ESX updates to ESX Service Console", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2012-0008. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58903);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2010-4008\", \"CVE-2011-0216\", \"CVE-2011-1944\", \"CVE-2011-2834\", \"CVE-2011-3191\", \"CVE-2011-3905\", \"CVE-2011-3919\", \"CVE-2011-4348\", \"CVE-2012-0028\");\n script_bugtraq_id(44779, 48056, 48832, 49295, 49658, 51084, 51300, 51363, 51947);\n script_xref(name:\"VMSA\", value:\"2012-0008\");\n\n script_name(english:\"VMSA-2012-0008 : VMware ESX updates to ESX Service Console\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESX host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. ESX third-party update for Service Console kernel\n\n The ESX Service Console Operating System (COS) kernel is updated\n which addresses several security issues in the COS kernel.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2011-3191, CVE-2011-4348 and CVE-2012-0028 to\n these issues.\n\nb. Updated ESX Service Console package libxml2\n\n The ESX Console Operating System (COS) libxml2 rpms are updated to\n the following versions libxml2-2.6.26-2.1.12.el5_7.2 and\n libxml2-python-2.6.26-2.1.12.el5_7.2 which addresses several\n security issues.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2010-4008, CVE-2011-0216, CVE-2011-1944,\n CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2012/000189.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2012-04-26\");\nflag = 0;\n\n\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201204401-SG\",\n patch_updates : make_list(\"ESX410-201205401-SG\", \"ESX410-201206401-SG\", \"ESX410-201208101-SG\", \"ESX410-201211401-SG\", \"ESX410-201301401-SG\", \"ESX410-201304401-SG\", \"ESX410-201307401-SG\", \"ESX410-201312401-SG\", \"ESX410-201404401-SG\", \"ESX410-Update03\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.1\",\n patch : \"ESX410-201204402-SG\",\n patch_updates : make_list(\"ESX410-201208102-SG\", \"ESX410-201301405-SG\", \"ESX410-201304402-SG\", \"ESX410-201307405-SG\", \"ESX410-Update03\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:33", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2012:0016 :\n\nUpdated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2011-2834)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-2834 flaw to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger this flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2012-0016.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68428", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : libxml2 (ELSA-2012-0016)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0016 and \n# Oracle Linux Security Advisory ELSA-2012-0016 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68428);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_bugtraq_id(48832, 49658, 51084, 51300);\n script_xref(name:\"RHSA\", value:\"2012:0016\");\n\n script_name(english:\"Oracle Linux 4 : libxml2 (ELSA-2012-0016)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0016 :\n\nUpdated libxml2 packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards. One of those standards is the\nXML Path Language (XPath), which is a language for addressing parts of\nan XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XML files. A remote attacker\ncould provide a specially crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an\napplication using libxml2, as well as an XPath expression for that\napplication to run against the crafted file, it could cause the\napplication to crash. (CVE-2011-2834)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way\nthat would allow the CVE-2011-2834 flaw to be exploited; however,\nthird-party applications may allow XPath expressions to be passed\nwhich could trigger this flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when opened\nin an application linked against libxml2, would cause the application\nto crash. (CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-January/002547.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"libxml2-2.6.16-12.9.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libxml2-devel-2.6.16-12.9.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libxml2-python-2.6.16-12.9.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-devel / libxml2-python\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:15:51", "bulletinFamily": "scanner", "description": "Updated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2011-2834)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-2834 flaw to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger this flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.", "modified": "2018-11-26T00:00:00", "id": "REDHAT-RHSA-2012-0016.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57491", "published": "2012-01-12T00:00:00", "title": "RHEL 4 : libxml2 (RHSA-2012:0016)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0016. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57491);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n script_xref(name:\"RHSA\", value:\"2012:0016\");\n\n script_name(english:\"RHEL 4 : libxml2 (RHSA-2012:0016)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libxml2 packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards. One of those standards is the\nXML Path Language (XPath), which is a language for addressing parts of\nan XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XML files. A remote attacker\ncould provide a specially crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an\napplication using libxml2, as well as an XPath expression for that\napplication to run against the crafted file, it could cause the\napplication to crash. (CVE-2011-2834)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way\nthat would allow the CVE-2011-2834 flaw to be exploited; however,\nthird-party applications may allow XPath expressions to be passed\nwhich could trigger this flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when opened\nin an application linked against libxml2, would cause the application\nto crash. (CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0016\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libxml2, libxml2-devel and / or libxml2-python\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0016\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"libxml2-2.6.16-12.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"libxml2-devel-2.6.16-12.9\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"libxml2-python-2.6.16-12.9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-devel / libxml2-python\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:20", "bulletinFamily": "scanner", "description": "The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2011-2834)\n\nNote: Scientific Linux does not ship any applications that use libxml2 in a way that would allow the CVE-2011-2834 flaw to be exploited;\nhowever, third-party applications may allow XPath expressions to be passed which could trigger this flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.", "modified": "2018-12-31T00:00:00", "id": "SL_20120111_LIBXML2_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61216", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : libxml2 on SL4.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61216);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2011-0216\", \"CVE-2011-2834\", \"CVE-2011-3905\", \"CVE-2011-3919\");\n\n script_name(english:\"Scientific Linux Security Update : libxml2 on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libxml2 library is a development toolbox providing the\nimplementation of various XML standards. One of those standards is the\nXML Path Language (XPath), which is a language for addressing parts of\nan XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XML files. A remote attacker\ncould provide a specially crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions.\nIf an attacker were able to supply a specially crafted XML file to an\napplication using libxml2, as well as an XPath expression for that\napplication to run against the crafted file, it could cause the\napplication to crash. (CVE-2011-2834)\n\nNote: Scientific Linux does not ship any applications that use libxml2\nin a way that would allow the CVE-2011-2834 flaw to be exploited;\nhowever, third-party applications may allow XPath expressions to be\npassed which could trigger this flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote\nattacker could provide a specially crafted XML file that, when opened\nin an application linked against libxml2, would cause the application\nto crash. (CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1201&L=scientific-linux-errata&T=0&P=445\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?940b98e2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"libxml2-2.6.16-12.9\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libxml2-debuginfo-2.6.16-12.9\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libxml2-devel-2.6.16-12.9\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libxml2-python-2.6.16-12.9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:38:18", "bulletinFamily": "unix", "description": "[2.6.26-2.1.12.0.1.el5_7.2]\n- Add libxml2-enterprise.patch\n- Replaced docs/redhat.gif in tarball with updated image\n[2.6.26-2.1.12.el5_7.2]\n- Fix the semantic of XPath axis for namespace/attribute nodes CVE-2010-4008\n- Fix an off by one error in encoding CVE-2011-0216\n- Fix some potential problems on reallocation failures CVE-2011-1944\n- Fix missing error status in XPath evaluation CVE-2011-2834\n- Make sure the parser returns when getting a Stop order CVE-2011-3905\n- Fix an allocation error when copying entities CVE-2011-3919.patch\n- Resolves: rhbz#771906", "modified": "2012-01-11T00:00:00", "published": "2012-01-11T00:00:00", "id": "ELSA-2012-0017", "href": "http://linux.oracle.com/errata/ELSA-2012-0017.html", "title": "libxml2 security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:37:44", "bulletinFamily": "unix", "description": "[2.6.16-12.9.0.1]\n- Add oracle-enterprise.patch and replace doc/redhat.gif in the tarball\n[2.6.16-12.9]\n- Fix an off by one error in encoding CVE-2011-0216\n- Fix missing error status in XPath evaluation CVE-2011-2834\n- Make sure the parser returns when getting a Stop order CVE-2011-3905\n- Fix an allocation error when copying entities CVE-2011-3919\n- Resolves: rhbz#771904", "modified": "2012-01-11T00:00:00", "published": "2012-01-11T00:00:00", "id": "ELSA-2012-0016", "href": "http://linux.oracle.com/errata/ELSA-2012-0016.html", "title": "libxml2 security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:43:03", "bulletinFamily": "unix", "description": "[2.7.6-4.0.1.el6]\n- Update doc/redhat.gif in tarball\n- Add libxml2-oracle-enterprise.patch and update logos in tarball\n[2.7.6-4]\n- Fixes another XPath problem CVE-2011-2834\n- Resolves: rhbz#732335\n[2.7.6-3]\n- Fixes various other issues in 2.7.6 XPath evaluation\n- Resolves: rhbz#732335\n[2.7.6-2]\n- Fix a potential crasher in XPath or XSLT, CVE-2011-1944\n- Resolves: rhbz#710397", "modified": "2011-12-14T00:00:00", "published": "2011-12-14T00:00:00", "id": "ELSA-2011-1749", "href": "http://linux.oracle.com/errata/ELSA-2011-1749.html", "title": "libxml2 security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:40:00", "bulletinFamily": "unix", "description": "[2.7.6-6]\n- Synchronize patch-set with mainline-version.\n- Bump version to 5, 6.\n Related: rhbz#891477\n[2.7.6-4] \n- Change release number to 4.\n- Added patch libxml2-Fix-an-off-by-one-pointer-access.patch\n- Added patch libxml2-Fix-a-segfault-on-XSD-validation-on-pattern-error.patch\n- Added patch libxml2-Fix-entities-local-buffers-size-problems.patch\n- Added patch libxml2-gnome-bug-561340-fix.patch\n- Added patch for CVE-2012-0841\n- Added patch for CVE-2011-0216\n- Added patch for CVE-2011-2834\n- Added patch for CVE-2011-3919\n- Added patch for CVE-2011-1944\n- Added patch for CVE-2011-3905\n Related: rhbz#891477", "modified": "2013-01-31T00:00:00", "published": "2013-01-31T00:00:00", "id": "ELSA-2013-0217", "href": "http://linux.oracle.com/errata/ELSA-2013-0217.html", "title": "mingw32-libxml2 security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:48:22", "bulletinFamily": "unix", "description": "[2.7.6-4.0.1.el6_2.1]\n- Update doc/redhat.gif in tarball\n- Add libxml2-oracle-enterprise.patch and update logos in tarball\n[2.7.6-4.el6_2.1]\n- Make sure the parser returns when getting a Stop order CVE-2011-3905\n- Fix an allocation error when copying entities CVE-2011-3919\n- Resolves: rhbz#771913", "modified": "2012-01-11T00:00:00", "published": "2012-01-11T00:00:00", "id": "ELSA-2012-0018", "href": "http://linux.oracle.com/errata/ELSA-2012-0018.html", "title": "libxml2 security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:41:11", "bulletinFamily": "unix", "description": "[2.7.6-8.0.1.el6_3.3 ]\n- Update doc/redhat.gif in tarball\n- Add libxml2-oracle-enterprise.patch and update logos in tarball\n[2.7.6-8.el6_3.3]\n- Change the XPath code to percolate allocation error (CVE-2011-1944)\n[2.7.6-8.el6_3.2]\n- Fix an off by one pointer access (CVE-2011-3102)\n[2.7.6-8.el6_3.1]\n- Fix a failure to report xmlreader parsing failures\n- Fix parser local buffers size problems (rhbz#843741)\n- Fix entities local buffers size problems (rhbz#843741)\n- Fix an error in previous commit (rhbz#843741)\n- Do not fetch external parsed entities\n- Impose a reasonable limit on attribute size (rhbz#843741)\n- Impose a reasonable limit on comment size (rhbz#843741)\n- Impose a reasonable limit on PI size (rhbz#843741)\n- Cleanups and new limit APIs for dictionaries (rhbz#843741)\n- Introduce some default parser limits (rhbz#843741)\n- Implement some default limits in the XPath module\n- Fixup limits parser (rhbz#843741)\n- Enforce XML_PARSER_EOF state handling through the parser\n- Avoid quadratic behaviour in some push parsing cases (rhbz#843741)\n- More avoid quadratic behaviour (rhbz#843741)\n- Strengthen behaviour of the push parser in problematic situations (rhbz#843741)\n- More fixups on the push parser behaviour (rhbz#843741)\n- Fix a segfault on XSD validation on pattern error\n- Fix an unimplemented part in RNG value validation\n[2.7.6-8.el6]\n- remove chunk in patch related to configure.in as it breaks rebuild\n- Resolves: rhbz#788846\n[2.7.6-7.el6]\n- fix previous build to force compilation of randomization code\n- Resolves: rhbz#788846\n[2.7.6-6.el6]\n- adds randomization to hash and dict structures CVE-2012-0841\n- Resolves: rhbz#788846\n[2.7.6-5.el6]\n- Make sure the parser returns when getting a Stop order CVE-2011-3905\n- Fix an allocation error when copying entities CVE-2011-3919\n- Resolves: rhbz#771910", "modified": "2012-09-18T00:00:00", "published": "2012-09-18T00:00:00", "id": "ELSA-2012-1288", "href": "http://linux.oracle.com/errata/ELSA-2012-1288.html", "title": "libxml2 security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:21", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0017\n\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards. One of those standards is the XML Path Language\n(XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in\nthe way libxml2 parsed certain XML files. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-0216)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XPath expressions. If an attacker\nwere able to supply a specially-crafted XML file to an application using\nlibxml2, as well as an XPath expression for that application to run against\nthe crafted file, it could cause the application to crash or, possibly,\nexecute arbitrary code. (CVE-2011-1944)\n\nFlaws were found in the way libxml2 parsed certain XPath expressions. If an\nattacker were able to supply a specially-crafted XML file to an application\nusing libxml2, as well as an XPath expression for that application to run\nagainst the crafted file, it could cause the application to crash.\n(CVE-2010-4008, CVE-2011-2834)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash.\n(CVE-2011-3905)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that\nwould allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be\nexploited; however, third-party applications may allow XPath expressions to\nbe passed which could trigger these flaws.\n\nRed Hat would like to thank the Google Security Team for reporting the\nCVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the\noriginal reporter of CVE-2010-4008.\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-January/018371.html\n\n**Affected packages:**\nlibxml2\nlibxml2-devel\nlibxml2-python\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0017.html", "modified": "2012-01-11T14:19:14", "published": "2012-01-11T14:19:14", "href": "http://lists.centos.org/pipermail/centos-announce/2012-January/018371.html", "id": "CESA-2012:0017", "title": "libxml2 security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T14:46:15", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0016\n\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards. One of those standards is the XML Path Language\n(XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in\nthe way libxml2 parsed certain XML files. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions. If an\nattacker were able to supply a specially-crafted XML file to an application\nusing libxml2, as well as an XPath expression for that application to run\nagainst the crafted file, it could cause the application to crash.\n(CVE-2011-2834)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that\nwould allow the CVE-2011-2834 flaw to be exploited; however, third-party\napplications may allow XPath expressions to be passed which could trigger\nthis flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash.\n(CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-January/018369.html\n\n**Affected packages:**\nlibxml2\nlibxml2-devel\nlibxml2-python\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0016.html", "modified": "2012-01-11T13:47:59", "published": "2012-01-11T13:47:59", "href": "http://lists.centos.org/pipermail/centos-announce/2012-January/018369.html", "id": "CESA-2012:0016", "title": "libxml2 security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:07", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2013:0217\n\n\nThese packages provide the libxml2 library, a development toolbox providing\nthe implementation of various XML standards, for users of MinGW (Minimalist\nGNU for Windows).\n\nIMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no\nlonger be updated proactively and will be deprecated with the release of\nRed Hat Enterprise Linux 6.4. These packages were provided to support other\ncapabilities in Red Hat Enterprise Linux and were not intended for direct\ncustomer use. Customers are advised to not use these packages with\nimmediate effect. Future updates to these packages will be at Red Hat's\ndiscretion and these packages may be removed in a future minor release.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nA heap-based buffer underflow flaw was found in the way libxml2 decoded\ncertain entities. A remote attacker could provide a specially-crafted XML\nfile that, when opened in an application linked against libxml2, would\ncause the application to crash or, potentially, execute arbitrary code with\nthe privileges of the user running the application. (CVE-2012-5134)\n\nIt was found that the hashing routine used by libxml2 arrays was\nsusceptible to predictable hash collisions. Sending a specially-crafted\nmessage to an XML service could result in longer processing time, which\ncould lead to a denial of service. To mitigate this issue, randomization\nhas been added to the hashing function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0841)\n\nMultiple flaws were found in the way libxml2 parsed certain XPath (XML Path\nLanguage) expressions. If an attacker were able to supply a\nspecially-crafted XML file to an application using libxml2, as well as an\nXPath expression for that application to run against the crafted file, it\ncould cause the application to crash. (CVE-2010-4008, CVE-2010-4494,\nCVE-2011-2821, CVE-2011-2834)\n\nTwo heap-based buffer overflow flaws were found in the way libxml2 decoded\ncertain XML files. A remote attacker could provide a specially-crafted XML\nfile that, when opened in an application linked against libxml2, would\ncause the application to crash or, potentially, execute arbitrary code with\nthe privileges of the user running the application. (CVE-2011-0216,\nCVE-2011-3102)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XPath expressions. If an attacker\nwere able to supply a specially-crafted XML file to an application using\nlibxml2, as well as an XPath expression for that application to run against\nthe crafted file, it could cause the application to crash or, possibly,\nexecute arbitrary code. (CVE-2011-1944)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash.\n(CVE-2011-3905)\n\nRed Hat would like to thank the Google Security Team for reporting the\nCVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the\noriginal reporter of CVE-2010-4008.\n\nAll users of mingw32-libxml2 are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-February/019221.html\n\n**Affected packages:**\nmingw32-libxml2\nmingw32-libxml2-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0217.html", "modified": "2013-02-01T00:53:30", "published": "2013-02-01T00:53:30", "href": "http://lists.centos.org/pipermail/centos-announce/2013-February/019221.html", "id": "CESA-2013:0217", "title": "mingw32 security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:12", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0018\n\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash.\n(CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-January/018374.html\n\n**Affected packages:**\nlibxml2\nlibxml2-devel\nlibxml2-python\nlibxml2-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0018.html", "modified": "2012-01-11T15:05:02", "published": "2012-01-11T15:05:02", "href": "http://lists.centos.org/pipermail/centos-announce/2012-January/018374.html", "id": "CESA-2012:0018", "title": "libxml2 security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2017-09-19T13:37:08", "bulletinFamily": "NVD", "description": "libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.", "modified": "2017-09-18T21:31:38", "published": "2010-11-16T20:00:02", "id": "CVE-2010-4008", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4008", "title": "CVE-2010-4008", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:37:59", "bulletinFamily": "NVD", "description": "libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.", "modified": "2017-09-18T21:34:11", "published": "2011-12-13T16:55:01", "id": "CVE-2011-3905", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3905", "title": "CVE-2011-3905", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:38:00", "bulletinFamily": "NVD", "description": "Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", "modified": "2017-09-18T21:34:15", "published": "2012-01-07T06:55:13", "id": "CVE-2011-3919", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3919", "title": "CVE-2011-3919", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:37:42", "bulletinFamily": "NVD", "description": "Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.", "modified": "2017-09-18T21:33:16", "published": "2011-09-19T08:02:55", "id": "CVE-2011-2834", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2834", "title": "CVE-2011-2834", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-03T14:54:25", "bulletinFamily": "NVD", "description": "Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.", "modified": "2013-02-06T23:40:19", "published": "2011-07-21T19:55:01", "id": "CVE-2011-0216", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0216", "type": "cve", "title": "CVE-2011-0216", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T15:20:31", "bulletinFamily": "NVD", "description": "Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.", "modified": "2016-06-16T21:59:08", "published": "2011-09-02T12:55:03", "id": "CVE-2011-1944", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1944", "title": "CVE-2011-1944", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:32", "bulletinFamily": "unix", "description": "a. ESX third party update for Service Console kernel \nThe ESX Service Console Operating System (COS) kernel is updated which addresses several security issues in the COS kernel. \nThe Common Vulnerabilities and Exposures project ( [cve.mitre.org](<http://www.cve.mitre.org/>)) has assigned the names CVE-2011-3191, CVE-2011-4348 and CVE-2012-0028 to these issues. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "modified": "2012-09-13T00:00:00", "published": "2012-04-26T00:00:00", "id": "VMSA-2012-0008", "href": "https://www.vmware.com/security/advisories/VMSA-2012-0008.html", "title": "VMware ESX updates to ESX Service Console", "type": "vmware", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T02:40:32", "bulletinFamily": "unix", "description": "a. ESXi update to third party component libxml2 \nThe libxml2 third party library has been updated which addresses multiple security issues. \nThe Common Vulnerabilities and Exposures project ([cve.mitre.org](<http://www.cve.mitre.org>)) has assigned the names CVE-2010-4008, CVE-2011-0216,CVE-2011-1944, CVE-2011-2834, CVE-2011-3905,CVE-2011-3919 and CVE-2012-0841 to these issues. \n\n", "modified": "2012-09-13T00:00:00", "published": "2012-07-12T00:00:00", "id": "VMSA-2012-0012", "href": "https://www.vmware.com/security/advisories/VMSA-2012-0012.html", "title": "VMware ESXi update to third party library", "type": "vmware", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:15:00", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2394-1 security@debian.org\nhttp://www.debian.org/security/ Luciano Bello\nJanuary 27, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxml2\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0216 CVE-2011-2821 CVE-2011-2834 CVE-2011-3905 \n CVE-2011-3919 \nDebian Bug : 652352 643648 656377\n\nMany security problems had been fixed in libxml2, a popular library to handle\nXML data files.\n\nCVE-2011-3919:\nJ\u00c3\u00bcri Aedla discovered a heap-based buffer overflow that allows remote attackers\nto cause a denial of service or possibly have unspecified other impact via\nunknown vectors.\n\nCVE-2011-0216:\nAn Off-by-one error have been discoveried that allows remote attackers to \nexecute arbitrary code or cause a denial of service. \n\nCVE-2011-2821:\nA memory corruption (double free) bug has been identified in libxml2&#x27;s XPath\nengine. Through it, it is possible to an attacker allows cause a denial of \nservice or possibly have unspecified other impact. This vulnerability does not\naffect the oldstable distribution (lenny).\n\nCVE-2011-2834:\nYang Dingning discovered a double free vulnerability related to XPath handling.\n\nCVE-2011-3905:\nAn out-of-bounds read vulnerability had been discovered, which allows remote\nattackers to cause a denial of service.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.6.32.dfsg-5+lenny5.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze2.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 2.7.8.dfsg-7.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.7.8.dfsg-7.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-01-26T23:06:08", "published": "2012-01-26T23:06:08", "id": "DEBIAN:DSA-2394-1:72A72", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00018.html", "title": "[SECURITY] [DSA 2394-1] libxml2 security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:41:56", "bulletinFamily": "unix", "description": "The libxml2 library is a development toolbox providing the implementation\nof various XML standards. One of those standards is the XML Path Language\n(XPath), which is a language for addressing parts of an XML document.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in\nthe way libxml2 parsed certain XML files. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-0216)\n\nA flaw was found in the way libxml2 parsed certain XPath expressions. If an\nattacker were able to supply a specially-crafted XML file to an application\nusing libxml2, as well as an XPath expression for that application to run\nagainst the crafted file, it could cause the application to crash.\n(CVE-2011-2834)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that\nwould allow the CVE-2011-2834 flaw to be exploited; however, third-party\napplications may allow XPath expressions to be passed which could trigger\nthis flaw.\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash.\n(CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take effect.\n", "modified": "2017-09-08T12:17:23", "published": "2012-01-11T05:00:00", "id": "RHSA-2012:0016", "href": "https://access.redhat.com/errata/RHSA-2012:0016", "type": "redhat", "title": "(RHSA-2012:0016) Important: libxml2 security update", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:26", "bulletinFamily": "unix", "description": "The libxml2 library is a development toolbox providing the implementation\nof various XML standards. One of those standards is the XML Path Language\n(XPath), which is a language for addressing parts of an XML document.\n\nAn off-by-one error, leading to a heap-based buffer overflow, was found in\nthe way libxml2 parsed certain XML files. A remote attacker could provide\na specially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-0216)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XPath expressions. If an attacker\nwere able to supply a specially-crafted XML file to an application using\nlibxml2, as well as an XPath expression for that application to run against\nthe crafted file, it could cause the application to crash or, possibly,\nexecute arbitrary code. (CVE-2011-1944)\n\nMultiple flaws were found in the way libxml2 parsed certain XPath\nexpressions. If an attacker were able to supply a specially-crafted XML\nfile to an application using libxml2, as well as an XPath expression for\nthat application to run against the crafted file, it could cause the\napplication to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821,\nCVE-2011-2834)\n\nNote: Red Hat does not ship any applications that use libxml2 in a way that\nwould allow the CVE-2011-1944, CVE-2010-4008, CVE-2010-4494, CVE-2011-2821,\nand CVE-2011-2834 flaws to be exploited; however, third-party applications\nmay allow XPath expressions to be passed which could trigger these flaws.\n\nRed Hat would like to thank the Google Security Team for reporting the\nCVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the\noriginal reporter of CVE-2010-4008.\n\nThis update also fixes the following bugs:\n\n* A number of patches have been applied to harden the XPath processing code\nin libxml2, such as fixing memory leaks, rounding errors, XPath numbers\nevaluations, and a potential error in encoding conversion. (BZ#732335)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take effect.\n", "modified": "2018-06-06T20:24:22", "published": "2011-12-06T05:00:00", "id": "RHSA-2011:1749", "href": "https://access.redhat.com/errata/RHSA-2011:1749", "type": "redhat", "title": "(RHSA-2011:1749) Low: libxml2 security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:45:57", "bulletinFamily": "unix", "description": "These packages provide the libxml2 library, a development toolbox providing\nthe implementation of various XML standards, for users of MinGW (Minimalist\nGNU for Windows).\n\nIMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no\nlonger be updated proactively and will be deprecated with the release of\nRed Hat Enterprise Linux 6.4. These packages were provided to support other\ncapabilities in Red Hat Enterprise Linux and were not intended for direct\ncustomer use. Customers are advised to not use these packages with\nimmediate effect. Future updates to these packages will be at Red Hat's\ndiscretion and these packages may be removed in a future minor release.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nA heap-based buffer underflow flaw was found in the way libxml2 decoded\ncertain entities. A remote attacker could provide a specially-crafted XML\nfile that, when opened in an application linked against libxml2, would\ncause the application to crash or, potentially, execute arbitrary code with\nthe privileges of the user running the application. (CVE-2012-5134)\n\nIt was found that the hashing routine used by libxml2 arrays was\nsusceptible to predictable hash collisions. Sending a specially-crafted\nmessage to an XML service could result in longer processing time, which\ncould lead to a denial of service. To mitigate this issue, randomization\nhas been added to the hashing function to reduce the chance of an attacker\nsuccessfully causing intentional collisions. (CVE-2012-0841)\n\nMultiple flaws were found in the way libxml2 parsed certain XPath (XML Path\nLanguage) expressions. If an attacker were able to supply a\nspecially-crafted XML file to an application using libxml2, as well as an\nXPath expression for that application to run against the crafted file, it\ncould cause the application to crash. (CVE-2010-4008, CVE-2010-4494,\nCVE-2011-2821, CVE-2011-2834)\n\nTwo heap-based buffer overflow flaws were found in the way libxml2 decoded\ncertain XML files. A remote attacker could provide a specially-crafted XML\nfile that, when opened in an application linked against libxml2, would\ncause the application to crash or, potentially, execute arbitrary code with\nthe privileges of the user running the application. (CVE-2011-0216,\nCVE-2011-3102)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way libxml2 parsed certain XPath expressions. If an attacker\nwere able to supply a specially-crafted XML file to an application using\nlibxml2, as well as an XPath expression for that application to run against\nthe crafted file, it could cause the application to crash or, possibly,\nexecute arbitrary code. (CVE-2011-1944)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash.\n(CVE-2011-3905)\n\nRed Hat would like to thank the Google Security Team for reporting the\nCVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the\noriginal reporter of CVE-2010-4008.\n\nAll users of mingw32-libxml2 are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues.\n", "modified": "2018-06-06T20:13:30", "published": "2013-01-31T05:00:00", "id": "RHSA-2013:0217", "href": "https://access.redhat.com/errata/RHSA-2013:0217", "type": "redhat", "title": "(RHSA-2013:0217) Important: mingw32-libxml2 security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:50", "bulletinFamily": "unix", "description": "The libxml2 library is a development toolbox providing the implementation\nof various XML standards.\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded\nentity references with long names. A remote attacker could provide a\nspecially-crafted XML file that, when opened in an application linked\nagainst libxml2, would cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2011-3919)\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker\ncould provide a specially-crafted XML file that, when opened in an\napplication linked against libxml2, would cause the application to crash.\n(CVE-2011-3905)\n\nAll users of libxml2 are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The desktop must\nbe restarted (log out, then log back in) for this update to take effect.\n", "modified": "2018-06-06T20:24:33", "published": "2012-01-11T05:00:00", "id": "RHSA-2012:0018", "href": "https://access.redhat.com/errata/RHSA-2012:0018", "type": "redhat", "title": "(RHSA-2012:0018) Important: libxml2 security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:16", "bulletinFamily": "unix", "description": "It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-0216)\n\nIt was discovered that libxml2 is vulnerable to double-free conditions when parsing certain XML documents. This could allow a remote attacker to cause a denial of service. (CVE-2011-2821, CVE-2011-2834)\n\nIt was discovered that libxml2 did not properly detect end of file when parsing certain XML documents. An attacker could exploit this to crash applications linked against libxml2. (CVE-2011-3905)\n\nIt was discovered that libxml2 did not properly decode entity references with long names. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-3919)", "modified": "2012-01-19T00:00:00", "published": "2012-01-19T00:00:00", "id": "USN-1334-1", "href": "https://usn.ubuntu.com/1334-1/", "title": "libxml2 vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:45", "bulletinFamily": "software", "description": "Buffer overflow, unallocated memory reference.", "modified": "2011-12-19T00:00:00", "published": "2011-12-19T00:00:00", "id": "SECURITYVULNS:VULN:12101", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12101", "title": "libxml library security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:42", "bulletinFamily": "software", "description": "Multiple vulnerabilities related to XPath processing.", "modified": "2011-10-16T00:00:00", "published": "2011-10-16T00:00:00", "id": "SECURITYVULNS:VULN:11744", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11744", "title": "libxml2 memory corruption", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:30:16", "bulletinFamily": "unix", "description": "A heap-based buffer overflow during decoding of entity\n references with overly long names has been fixed.\n CVE-2011-3919 has been assigned.\n\n", "modified": "2012-01-19T20:08:14", "published": "2012-01-19T20:08:14", "id": "OPENSUSE-SU-2012:0107-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00047.html", "type": "suse", "title": "libxml2: fixing heap-based buffer overflow (CVE-2011-3919) (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:35", "bulletinFamily": "unix", "description": "### Background\n\nlibxml2 is the XML C parser and toolkit developed for the Gnome project.\n\n### Description\n\nMultiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local or remote attacker may be able to execute arbitrary code with the privileges of the application or cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libxml2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/libxml2-2.7.8-r3\"", "modified": "2011-10-26T00:00:00", "published": "2011-10-26T00:00:00", "id": "GLSA-201110-26", "href": "https://security.gentoo.org/glsa/201110-26", "type": "gentoo", "title": "libxml2: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:25", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. ([CVE-2011-3919 __](<https://access.redhat.com/security/cve/CVE-2011-3919>))\n\nAn out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. ([CVE-2011-3905 __](<https://access.redhat.com/security/cve/CVE-2011-3905>))\n\n \n**Affected Packages:** \n\n\nlibxml2\n\n \n**Issue Correction:** \nRun _yum update libxml2_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n libxml2-devel-2.7.6-4.11.amzn1.i686 \n libxml2-static-2.7.6-4.11.amzn1.i686 \n libxml2-debuginfo-2.7.6-4.11.amzn1.i686 \n libxml2-python-2.7.6-4.11.amzn1.i686 \n libxml2-2.7.6-4.11.amzn1.i686 \n \n src: \n libxml2-2.7.6-4.11.amzn1.src \n \n x86_64: \n libxml2-2.7.6-4.11.amzn1.x86_64 \n libxml2-python-2.7.6-4.11.amzn1.x86_64 \n libxml2-devel-2.7.6-4.11.amzn1.x86_64 \n libxml2-debuginfo-2.7.6-4.11.amzn1.x86_64 \n libxml2-static-2.7.6-4.11.amzn1.x86_64 \n \n \n", "modified": "2014-09-14T15:12:00", "published": "2014-09-14T15:12:00", "id": "ALAS-2012-036", "href": "https://alas.aws.amazon.com/ALAS-2012-36.html", "title": "Important: libxml2", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}