Detections
Analytics
Debian DSA-3057-1 : libxml2 - security update
medium Nessus Plugin ID 78694
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. (CVE-2014-3660 )In addition, this update addresses a misapplied chunk for a patch released in version 2.8.0+dfsg1-7+wheezy1 (#762864), and a memory leak regression (#765770) introduced in version 2.8.0+dfsg1-7+nmu3.
Solution
Upgrade the libxml2 packages.For the stable distribution (wheezy), this problem has been fixed in version 2.8.0+dfsg1-7+wheezy2.
See Also
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762864
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765722
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765770
https://security-tracker.debian.org/tracker/CVE-2014-3660
Plugin Details
Severity: Medium
ID: 78694
File Name: debian_DSA-3057.nasl
Version: 1.9
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 10/28/2014
Updated: 1/11/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.1
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:libxml2, cpe:/o:debian:debian_linux:7.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 10/26/2014
Reference Information
CVE: CVE-2014-3660
BID: 70644
DSA: 3057