RHEL 6 : libxml2 (RHSA-2015:2549)

critical Nessus Plugin ID 87233

Synopsis

The remote Red Hat host is missing one or more security updates for libxml2.

Description

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:2549 advisory.

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957, BZ#1281955)

Red Hat would like to thank the GNOME project for reporting CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242, and CVE-2015-8317. Upstream acknowledges Kostya Serebryany of Google as the original reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and CVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and CVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317.

All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL libxml2 package based on the guidance in RHSA-2015:2549.

See Also

http://www.nessus.org/u?622ffe92

https://access.redhat.com/errata/RHSA-2015:2549

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1213957

https://bugzilla.redhat.com/show_bug.cgi?id=1274222

https://bugzilla.redhat.com/show_bug.cgi?id=1276297

https://bugzilla.redhat.com/show_bug.cgi?id=1276693

https://bugzilla.redhat.com/show_bug.cgi?id=1281862

https://bugzilla.redhat.com/show_bug.cgi?id=1281879

https://bugzilla.redhat.com/show_bug.cgi?id=1281925

https://bugzilla.redhat.com/show_bug.cgi?id=1281930

https://bugzilla.redhat.com/show_bug.cgi?id=1281936

https://bugzilla.redhat.com/show_bug.cgi?id=1281943

https://bugzilla.redhat.com/show_bug.cgi?id=1281950

https://bugzilla.redhat.com/show_bug.cgi?id=1281955

Plugin Details

Severity: Critical

ID: 87233

File Name: redhat-RHSA-2015-2549.nasl

Version: 2.16

Type: local

Agent: unix

Published: 12/8/2015

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2015-8710

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:libxml2-static, p-cpe:/a:redhat:enterprise_linux:libxml2-devel, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:libxml2, p-cpe:/a:redhat:enterprise_linux:libxml2-python

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/7/2015

Vulnerability Publication Date: 11/18/2015

Reference Information

CVE: CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, CVE-2015-8710

CWE: 119, 122, 125

RHSA: 2015:2549