VMSA-2012-0012 : VMware ESXi update to third-party library

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi host is missing a security-related patch.

Description :

a. ESXi update to third-party component libxml2

The libxml2 third-party library has been updated which addresses
multiple security issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-4008, CVE-2011-0216, CVE-2011-1944,
CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 and CVE-2012-0841 to
these issues.

See also :

http://lists.vmware.com/pipermail/security-announce/2012/000190.html

Solution :

Apply the missing patch.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true