openSUSE Security Update : libxml2 (openSUSE-2016-32)

high Nessus Plugin ID 88122

Synopsis

The remote openSUSE host is missing a security update.

Description

- security update: This update fixes the following security issues :

- CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193]

- CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734]

- CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735]

- CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018]

- CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021]

- CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260]

- CVE-2015-5312 Fix another entity expansion issue [bnc#957105]

- CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106]

- CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107]

- CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109]

- CVE-2015-8317 Multiple out-of-bound read could lead to denial of service [bnc#956260]

- CVE-2015-8035 DoS when parsing specially crafted XML document if XZ support is enabled [bnc#954429]

- CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110] This update was imported from the SUSE:SLE-12:Update update project.

Solution

Update the affected libxml2 packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=928193

https://bugzilla.opensuse.org/show_bug.cgi?id=951734

https://bugzilla.opensuse.org/show_bug.cgi?id=951735

https://bugzilla.opensuse.org/show_bug.cgi?id=954429

https://bugzilla.opensuse.org/show_bug.cgi?id=956018

https://bugzilla.opensuse.org/show_bug.cgi?id=956021

https://bugzilla.opensuse.org/show_bug.cgi?id=956260

https://bugzilla.opensuse.org/show_bug.cgi?id=957105

https://bugzilla.opensuse.org/show_bug.cgi?id=957106

https://bugzilla.opensuse.org/show_bug.cgi?id=957107

https://bugzilla.opensuse.org/show_bug.cgi?id=957109

https://bugzilla.opensuse.org/show_bug.cgi?id=957110

Plugin Details

Severity: High

ID: 88122

File Name: openSUSE-2016-32.nasl

Version: 2.5

Type: local

Agent: unix

Published: 1/25/2016

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libxml2-tools, cpe:/o:novell:opensuse:42.1, p-cpe:/a:novell:opensuse:libxml2-devel-32bit, p-cpe:/a:novell:opensuse:libxml2-2-32bit, p-cpe:/a:novell:opensuse:libxml2-debugsource, p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit, p-cpe:/a:novell:opensuse:python-libxml2-debugsource, p-cpe:/a:novell:opensuse:python-libxml2, p-cpe:/a:novell:opensuse:libxml2-2, p-cpe:/a:novell:opensuse:libxml2-2-debuginfo, p-cpe:/a:novell:opensuse:libxml2-devel, p-cpe:/a:novell:opensuse:python-libxml2-debuginfo, p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 1/13/2016

Reference Information

CVE: CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8035, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317