Detections
Analytics

OracleVM 3.3 : libxml2 (OVMSA-2015-0152)

high Nessus Plugin ID 87232

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - Update doc/redhat.gif in tarball

 - Add libxml2-oracle-enterprise.patch and update logos in tarball

 - Fix a series of CVEs (rhbz#1286495)

 - CVE-2015-7941 Cleanup conditional section error handling

 - CVE-2015-8317 Fail parsing early on if encoding conversion failed

 - CVE-2015-7942 Another variation of overflow in Conditional sections

 - CVE-2015-7942 Fix an error in previous Conditional section patch

 - Fix parsing short unclosed comment uninitialized access

 - CVE-2015-7498 Avoid processing entities after encoding conversion failures

 - CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey

 - CVE-2015-5312 Another entity expansion issue

 - CVE-2015-7499 Add xmlHaltParser to stop the parser

 - CVE-2015-7499 Detect incoherency on GROW

 - CVE-2015-7500 Fix memory access error due to incorrect entities boundaries

 - CVE-2015-8242 Buffer overead with HTML parser in push mode

 - Libxml violates the zlib interface and crashes

Solution

Update the affected libxml2 / libxml2-python packages.

See Also

http://www.nessus.org/u?1268d569

Plugin Details

Severity: High

ID: 87232

File Name: oraclevm_OVMSA-2015-0152.nasl

Version: 2.8

Type: local

Published: 12/8/2015

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:oracle:vm_server:3.3, p-cpe:/a:oracle:vm:libxml2-python, p-cpe:/a:oracle:vm:libxml2

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/7/2015

Vulnerability Publication Date: 11/18/2015

Reference Information

CVE: CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8242, CVE-2015-8317