The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components :

  - COS kernel
  - libxml2

The remote VMware ESX / ESXi host is affected by multiple vulnerabilities :

  - Multiple remote code execution vulnerabilities exist in     the bundled libxml2 library in the     xmlXPathNextPrecedingSibling(), xmlNodePtr(), and     xmlXPathNextPrecedingInternal() functions due to     improper processing of namespaces and attributes nodes.
    A remote attacker can exploit these, via a specially     crafted XML file, to cause a denial of service condition     or the execution of arbitrary code. (CVE-2010-4008)

  - Multiple remote code execution vulnerabilities exist in     the bundled libxml2 library in the     xmlCharEncFirstLineInt() and xmlCharEncInFunc()     functions due to an off-by-one overflow condition. A     remote attacker can exploit these, via a specially     crafted XML file, to cause a denial of service condition     or the execution of arbitrary code. (CVE-2011-0216)

  - A remote code execution vulnerability exists in the     bundled libxml2 library due to improper sanitization of     user-supplied input when processing an XPath nodeset. A     remote attacker can exploit this, via a specially     crafted request, to cause a heap-based buffer overflow,     resulting in a denial of service condition or the     execution of arbitrary code. (CVE-2011-1944)

  - A remote code execution vulnerability exists in the     bundled libxml2 library in the xmlXPathCompOpEval()     function due to improper processing of invalid XPath     expressions. A remote attacker can exploit this, via a     specially crafted XSLT stylesheet, to cause a denial of     service condition or the execution of arbitrary code.     (CVE-2011-2834)

  - A denial of service vulnerability exists in the bundled     libxml2 library due to multiple out-of-bounds read     errors in parser.c that occur when getting a Stop order.
    A remote attacker can exploit this, via a specially     crafted XML document, to cause a denial of service     condition. (CVE-2011-3905)

  - A remote code execution vulnerability exists in the     bundled libxml2 library in the     xmlStringLenDecodeEntities() function in parser.c due     to an overflow condition that occurs when copying     entities. A remote attacker can exploit this, via a     specially crafted request, to cause a heap-based buffer     overflow, resulting in a denial of service condition or     the execution of arbitrary code. (CVE-2011-3919)

  - A denial of service vulnerability exists in the bundled     libxml2 library due to improper processing of crafted     parameters. A remote attacker can exploit this to cause     a hash collision, resulting in a denial of service     condition. (CVE-2012-0841)

The remote Solaris system is missing necessary patches to address security updates :

  - Off-by-one error in libxml in Apple Safari before 5.0.6     allows remote attackers to execute arbitrary code or     cause a denial of service (heap-based buffer overflow     and application crash) via a crafted web site.
    (CVE-2011-0216)

  - Double free vulnerability in libxml2, as used in Google     Chrome before 13.0.782.215, allows remote attackers to     cause a denial of service or possibly have unspecified     other impact via a crafted XPath expression.
    (CVE-2011-2821)

  - Double free vulnerability in libxml2, as used in Google     Chrome before 14.0.835.163, allows remote attackers to     cause a denial of service or possibly have unspecified     other impact via vectors related to XPath handling.
    (CVE-2011-2834)

  - Off-by-one error in libxml2, as used in Google Chrome     before 19.0.1084.46 and other products, allows remote     attackers to cause a denial of service (out-of-bounds     write) or possibly have unspecified other impact via     unknown vectors. (CVE-2011-3102)

  - libxml2, as used in Google Chrome before 16.0.912.63,     allows remote attackers to cause a denial of service     (out-of-bounds read) via unspecified vectors.
    (CVE-2011-3905)

  - Heap-based buffer overflow in libxml2, as used in Google     Chrome before 16.0.912.75, allows remote attackers to     cause a denial of service or possibly have unspecified     other impact via unknown vectors. (CVE-2011-3919)

  - libxml2 before 2.8.0 computes hash values without     restricting the ability to trigger hash collisions     predictably, which allows context-dependent attackers to     cause a denial of service (CPU consumption) via crafted     XML data. (CVE-2012-0841)

An updated rhev-hypervisor5 package that fixes several security issues and various bugs is now available.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.

Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.

A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029)

A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2012-0207)

A double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially crafted policy extension data. (CVE-2011-4109)

An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)

It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)

Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029, and Simon McVittie for reporting CVE-2012-0207.

This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers :

CVE-2006-1168 and CVE-2011-2716 (busybox issues)

CVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc issues)

CVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and CVE-2012-0028 (kernel issues)

CVE-2011-1526 (krb5 issue)

CVE-2011-4347 (kvm issue)

CVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 and CVE-2011-1944 (libxml2 issues)

CVE-2011-1749 (nfs-utils issue)

CVE-2011-4108 (openssl issue)

CVE-2011-0010 (sudo issue)

CVE-2011-1675 and CVE-2011-1677 (util-linux issues)

CVE-2010-0424 (vixie-cron issue)

This updated rhev-hypervisor5 package fixes various bugs.
Documentation of these changes will be available shortly in the Technical Notes document :

https://docs.redhat.com/docs/en-US/ Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes / index.html

Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.

Specially crafted XPath expressions could allow attackers to cause a denial of service or possibly have unspecified other impact (CVE-2011-2821,CVE-2011-2834).

The remote VMware ESXi 5.0 host is affected by the following security vulnerabilities :

  - Errors exist in the Libxml2 library functions     'xmlXPathNextPrecedingSibling', 'xmlNodePtr' and     'xmlXPathNextPrecedingInternal' that could allow     denial of service attacks or arbitrary code execution.
    (CVE-2010-4008)

  - Buffer overflow errors exist in the libxml2 library     functions 'xmlCharEncFirstLineInt' and     'xmlCharEncInFunc' that could allow denial of service     attacks or arbitrary code execution. (CVE-2011-0216)

  - A buffer overflow error exists in the libxml2 library     file 'xpath.c' related to handling 'XPath' nodesets that     could allow denial of service attacks or arbitrary code     execution. (CVE-2011-1944)

  - A double-free error exists in the libxml2 library     function 'xmlXPathCompOpEval' related to handling     invalid 'XPath' expressions that could allow denial of     service attacks or arbitrary code execution.
    (CVE-2011-2834)

  - An out-of-bounds read error exists in the libxml2     library file 'parser.c' related to handling 'Stop'     orders that could allow denial of service attacks.
    (CVE-2011-3905)

  - A buffer overflow error exists in the libxml2 library     function 'xmlStringLenDecodeEntities' related to     copying entities that could allow denial of service     attacks or arbitrary code execution. (CVE-2011-3919)

  - An error exists in the libxml2 library related to hash     collisions that could allow denial of service attacks.
    (CVE-2012-0841)

From Red Hat Security Advisory 2013:0217 :

Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows).

IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat's discretion and these packages may be removed in a future minor release.

A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)

A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134)

It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions.
(CVE-2012-0841)

Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834)

Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code.
(CVE-2011-1944)

An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)

Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008.

All users of mingw32-libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

From Red Hat Security Advisory 2012:0017 :

Updated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.

A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)

An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code.
(CVE-2011-1944)

Flaws were found in the way libxml2 parsed certain XPath expressions.
If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2011-2834)

An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)

Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws.

Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008.

All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.

From Red Hat Security Advisory 2012:0016 :

Updated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.

A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)

An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)

A flaw was found in the way libxml2 parsed certain XPath expressions.
If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2011-2834)

Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-2834 flaw to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger this flaw.

An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)

All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.

IMPORTANT NOTE: The mingw32 packages in Scientific Linux 6 will no longer be updated proactively and will be deprecated with the release of Scientific Linux 6.4. These packages were provided to support other capabilities in Scientific Linux and were not intended for direct use.
You are advised to not use these packages with immediate effect.

A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)

A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134)

It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions.
(CVE-2012-0841)

Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834)

Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code.
(CVE-2011-1944)

An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)

Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows).

IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat's discretion and these packages may be removed in a future minor release.

A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)

A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134)

It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions.
(CVE-2012-0841)

Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834)

Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code.
(CVE-2011-1944)

An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)

Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008.

All users of mingw32-libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

According to its banner, the remote Apple TV 2nd generation or later device has a version of iOS that is prior to 5.1. It is, therefore, reportedly affected by several vulnerabilities :

  - An uninitialized memory access issue in the handling of     Sorenson encoded movie files could lead to arbitrary     code execution. (CVE-2012-3722)

  - Following the DNAv4 protocol, the device may broadcast     MAC addresses of previously accessed networks when     connecting to a Wi-Fi network. (CVE-2012-3725)

  - A buffer overflow in libtiff's handling of ThunderScan     encoded TIFF images could lead to arbitrary code     execution. (CVE-2011-1167)

  - Multiple memory corruption issues in libpng's handling     of PNG images could lead to arbitrary code execution.
    (CVE-2011-3026 / CVE-2011-3048 / CVE-2011-3328)

  - A double free issue in ImageIO's handling of JPEG     images could lead to arbitrary code execution.
    (CVE-2012-3726)

  - An integer overflow issue in libTIFF's handling of TIFF     images could lead to arbitrary code execution.
    (CVE-2012-1173)

  - A stack-based buffer overflow in the handling of ICU     locale IDs could lead to arbitrary code execution.
    (CVE-2011-4599)

  - Multiple vulnerabilities in libxml could have a variety     of impacts, including arbitrary code execution.
    (CVE-2011-1944 / CVE-2011-2821 / CVE-2011-2834 /     CVE-2011-3919)

  - Multiple memory corruption issues in JavaScriptCore     could lead to arbitrary code execution.
    (CVE-2012-0682 / CVE-2012-0683 / CVE-2012-3589 /     CVE-2012-3590 / CVE-2012-3591 / CVE-2012-3592 /     CVE-2012-3678 / CVE-2012-3679)

lot of security bug fixes Lots of security patches

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Lot of security fixes

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The mobile device is running a version of iOS that is older than version 6.0.  Version 6.0 contains numerous security-related fixes for the following vulnerabilities :

  - Numerous memory errors exist related to handling     'TIFF', 'PNG' and 'JPEG' images and 'ImageIO' that could     allow arbitrary code execution. (CVE-2011-1167,     CVE-2011-3026, CVE-2011-3048, CVE-2011-3328,     CVE-2012-1173, CVE-2012-3726)

  - Several issues exist related to 'CoreGraphics' and     'FreeType' (CVE-2012-1126, CVE-2012-1127, CVE-2012-1128,     CVE-2012-1129, CVE-2012-1130, CVE-2012-1131,     CVE-2012-1132, CVE-2012-1133, CVE-2012-1134,     CVE-2012-1135, CVE-2012-1136, CVE-2012-1137,     CVE-2012-1138, CVE-2012-1139, CVE-2012-1140,     CVE-2012-1141, CVE-2012-1142, CVE-2012-1143,     CVE-2012-1144)

  - Numerous issues exist related to libxml and could lead     to application crashes or arbitrary code execution.
    (CVE-2011-1944, CVE-2011-2821, CVE-2011-2834,     CVE-2011-3919)

  - A stack-based buffer overflow exists related to 'locale     ID' and 'International Components for Unicode' (ICU).
    (CVE-2011-4599)

  - An unitialized memory access issue exists related to     'Sorenson' encoded movie files and 'CoreMedia'.
    (CVE-2012-3722)

  - An URL handling issue exists related to 'CFNetwork'     that can disclose sensitive information. (CVE-2012-3724)

  - The 'DNAv4' protocol discloses sensitive information     when connecting to unencrypted WiFi networks.
    (CVE-2012-3725)

  - A buffer overflow error exists related to 'IPSec' and     'racoon' configuration files. (CVE-2012-3727)

  - An invalid pointer dereference error exists related to     the kernel and packet filter ioctls. (CVE-2012-3728)

  - An uninitialized memory access error exists related to     the kernel and the Berkeley Packet Filter interpreter.
    (CVE-2012-3729)

  - Several issues exist related to 'Mail' and the handling     of attachments and 'S/MIME' signed messages.
    (CVE-2012-3730, CVE-2012-3731, CVE-2012-3732)

  - Information disclosure issues exist related to     'Messages', 'Office Viewer', system logs, and 'UIKit'.
    (CVE-2012-3733, CVE-2012-3734, CVE-2012-3743,     CVE-2012-3746)

  - Memory corruption errors exist related to 'OpenGL'.
    (CVE-2011-3457)

  - Numerous errors exist related to 'Passcode Lock'.
    (CVE-2012-3735, CVE-2012-3736, CVE-2012-3737,     CVE-2012-3738, CVE-2012-3739, CVE-2012-3740)

  - An error exists in 'Restrictions' that could allow     unauthorized purchases. (CVE-2012-3741)

  - Errors exist in 'Safari' that are related to misleading     URL characters and password auto complete.
    (CVE-2012-3742, CVE-2012-0680)

  - A buffer overflow error exists related to 'Telephony'     and SMS handling. (CVE-2012-3745)

  - Many errors exist related to the bundled 'WebKit'     components. (CVE-2011-2845, CVE-2011-3016,     CVE-2011-3021, CVE-2011-3027, CVE-2011-3032,     CVE-2011-3034, CVE-2011-3035, CVE-2011-3036,     CVE-2011-3037, CVE-2011-3038, CVE-2011-3039,     CVE-2011-3040, CVE-2011-3041, CVE-2011-3042,     CVE-2011-3043, CVE-2011-3044, CVE-2011-3050,     CVE-2011-3053, CVE-2011-3059, CVE-2011-3060,     CVE-2011-3064, CVE-2011-3067, CVE-2011-3068,     CVE-2011-3069, CVE-2011-3071, CVE-2011-3073,     CVE-2011-3074, CVE-2011-3075, CVE-2011-3076,     CVE-2011-3078, CVE-2011-3081, CVE-2011-3086,     CVE-2011-3089, CVE-2011-3090, CVE-2011-3105,     CVE-2011-3913, CVE-2011-3924, CVE-2011-3926,     CVE-2011-3958, CVE-2011-3966, CVE-2011-3968,     CVE-2011-3969, CVE-2011-3971, CVE-2012-0682,     CVE-2012-0683, CVE-2012-1520, CVE-2012-1521,     CVE-2012-2815, CVE-2012-2818, CVE-2012-3589,     CVE-2012-3590, CVE-2012-3591, CVE-2012-3592,     CVE-2012-3593, CVE-2012-3594, CVE-2012-3595,     CVE-2012-3596, CVE-2012-3597, CVE-2012-3598,     CVE-2012-3599, CVE-2012-3600, CVE-2012-3601,     CVE-2012-3602, CVE-2012-3603, CVE-2012-3604,     CVE-2012-3605, CVE-2012-3608, CVE-2012-3609,     CVE-2012-3610, CVE-2012-3611, CVE-2012-3612,     CVE-2012-3613, CVE-2012-3614, CVE-2012-3615,     CVE-2012-3617, CVE-2012-3618, CVE-2012-3620,     CVE-2012-3624, CVE-2012-3625, CVE-2012-3626,     CVE-2012-3627, CVE-2012-3628, CVE-2012-3629,     CVE-2012-3630, CVE-2012-3631, CVE-2012-3633,     CVE-2012-3634, CVE-2012-3635, CVE-2012-3636,     CVE-2012-3637, CVE-2012-3638, CVE-2012-3639,     CVE-2012-3640, CVE-2012-3641, CVE-2012-3642,     CVE-2012-3644, CVE-2012-3645, CVE-2012-3646,     CVE-2012-3647, CVE-2012-3648, CVE-2012-3650,     CVE-2012-3651, CVE-2012-3652, CVE-2012-3653,     CVE-2012-3655, CVE-2012-3656, CVE-2012-3658,     CVE-2012-3659, CVE-2012-3660, CVE-2012-3661,     CVE-2012-3663, CVE-2012-3664, CVE-2012-3665,     CVE-2012-3666, CVE-2012-3667, CVE-2012-3668,     CVE-2012-3669, CVE-2012-3670, CVE-2012-3671,     CVE-2012-3672, CVE-2012-3673, CVE-2012-3674,     CVE-2012-3676, CVE-2012-3677, CVE-2012-3678,     CVE-2012-3679, CVE-2012-3680, CVE-2012-3681,     CVE-2012-3682, CVE-2012-3683, CVE-2012-3684,     CVE-2012-3686, CVE-2012-3691, CVE-2012-3693,     CVE-2012-3695, CVE-2012-3696, CVE-2012-3703,     CVE-2012-3704, CVE-2012-3706, CVE-2012-3708,     CVE-2012-3710, CVE-2012-3747)

According to its banner, the remote Apple iOS device is missing a security update.  Versions of Apple iOS prior to 6.0 are exposed to the following vulnerabilities :

  - Numerous memory errors exist related to handling 'TIFF', 'PNG' and 'JPEG' images and 'ImageIO' that can allow arbitrary code execution. (CVE-2011-1167, CVE-2011-3026, CVE-2011-3048, CVE-2011-3328, CVE-2012-1173, CVE-2012-3726)

  - Several issues exist related to 'CoreGraphics' and 'FreeType' (CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144)

  - Numerous issues exist related to libxml and can lead to application crashes or arbitrary code execution. (CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3919)

  - A stack-based buffer overflow exists related to 'locale ID' and 'International Components for Unicode' (ICU). (CVE-2011-4599)

  - An unitialized memory access issue exists related to 'Sorenson' encoded movie files and 'CoreMedia'. (CVE-2012-3722)

  - An URL handling issue exists related to 'CFNetwork' that can disclose sensitive information. (CVE-2012-3724)

  - The 'DNAv4' protocol discloses sensitive information when connecting to unencrypted Wi-Fi networks. (CVE-2012-3725)

  - A buffer overflow error exists related to 'IPSec' and 'racoon' configuration files. (CVE-2012-3727)

  - An invalid pointer dereference error exists related to the kernel and packet filter ioctls. (CVE-2012-3728)

  - An uninitialized memory access error exists related to the kernel and the Berkeley Packet Filter interpreter. (CVE-2012-3729)

  - Several issues exist related to 'Mail' and the handling of attachments and 'S/MIME' signed messages. (CVE-2012-3730, CVE-2012-3731, CVE-2012-3732)

  - Information disclosure issues exist related to 'Messages', 'Office Viewer', system logs, and 'UIKit'. (CVE-2012-3733, CVE-2012-3734, CVE-2012-3743, CVE-2012-3746)

  - Memory corruption errors exist related to 'OpenGL'. (CVE-2011-3457)

  - Numerous errors exist related to 'Passcode Lock'. (CVE-2012-3735, CVE-2012-3736, CVE-2012-3737, CVE-2012-3738, CVE-2012-3739, CVE-2012-3740)

  - An error exists in 'Restrictions' that can allow unauthorized purchases. (CVE-2012-3741)

  - Errors exist in 'Safari' that are related to misleading URL characters and password auto complete. (CVE-2012-3742, CVE-2012-0680)

  - A buffer overflow error exists related to 'Telephony' and SMS handling. (CVE-2012-3745)

  - Many errors exist related to the bundled 'WebKit' components. (CVE-2011-2845, CVE-2011-3016, CVE-2011-3021, CVE-2011-3027, CVE-2011-3032, CVE-2011-3034, CVE-2011-3035, CVE-2011-3036, CVE-2011-3037, CVE-2011-3038, CVE-2011-3039, CVE-2011-3040, CVE-2011-3041, CVE-2011-3042, CVE-2011-3043, CVE-2011-3044, CVE-2011-3050, CVE-2011-3053, CVE-2011-3059, CVE-2011-3060, CVE-2011-3064, CVE-2011-3067, CVE-2011-3068, CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075, CVE-2011-3076, CVE-2011-3078, CVE-2011-3081, CVE-2011-3086, CVE-2011-3089, CVE-2011-3090, CVE-2011-3105, CVE-2011-3913, CVE-2011-3924, CVE-2011-3926, CVE-2011-3958, CVE-2011-3966, CVE-2011-3968, CVE-2011-3969, CVE-2011-3971, CVE-2012-0682, CVE-2012-0683, CVE-2012-1520, CVE-2012-1521, CVE-2012-2815, CVE-2012-2818, CVE-2012-3589, CVE-2012-3590, CVE-2012-3591, CVE-2012-3592, CVE-2012-3593, CVE-2012-3594, CVE-2012-3595, CVE-2012-3596, CVE-2012-3597, CVE-2012-3598, CVE-2012-3599, CVE-2012-3600, CVE-2012-3601, CVE-2012-3602, CVE-2012-3603, CVE-2012-3604, CVE-2012-3605, CVE-2012-3608, CVE-2012-3609, CVE-2012-3610, CVE-2012-3611, CVE-2012-3612, CVE-2012-3613, CVE-2012-3614, CVE-2012-3615, CVE-2012-3617, CVE-2012-3618, CVE-2012-3620, CVE-2012-3624, CVE-2012-3625, CVE-2012-3626, CVE-2012-3627, CVE-2012-3628, CVE-2012-3629, CVE-2012-3630, CVE-2012-3631, CVE-2012-3633, CVE-2012-3634, CVE-2012-3635, CVE-2012-3636, CVE-2012-3637, CVE-2012-3638, CVE-2012-3639, CVE-2012-3640, CVE-2012-3641, CVE-2012-3642, CVE-2012-3644, CVE-2012-3645, CVE-2012-3646, CVE-2012-3647, CVE-2012-3648, CVE-2012-3650, CVE-2012-3651, CVE-2012-3652, CVE-2012-3653, CVE-2012-3655, CVE-2012-3656, CVE-2012-3658, CVE-2012-3659, CVE-2012-3660, CVE-2012-3661, CVE-2012-3663, CVE-2012-3664, CVE-2012-3665, CVE-2012-3666, CVE-2012-3667, CVE-2012-3668, CVE-2012-3669, CVE-2012-3670, CVE-2012-3671, CVE-2012-3672, CVE-2012-3673, CVE-2012-3674, CVE-2012-3676, CVE-2012-3677, CVE-2012-3678, CVE-2012-3679, CVE-2012-3680, CVE-2012-3681, CVE-2012-3682, CVE-2012-3683, CVE-2012-3684, CVE-2012-3686, CVE-2012-3691, CVE-2012-3693, CVE-2012-3695, CVE-2012-3696, CVE-2012-3703, CVE-2012-3704, CVE-2012-3706, CVE-2012-3708, CVE-2012-3710, CVE-2012-3747)

The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.

A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)

An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code.
(CVE-2011-1944)

Flaws were found in the way libxml2 parsed certain XPath expressions.
If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2011-2834)

An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)

Note: Scientific Linux does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws.

All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.

The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.

A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)

An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)

A flaw was found in the way libxml2 parsed certain XPath expressions.
If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2011-2834)

Note: Scientific Linux does not ship any applications that use libxml2 in a way that would allow the CVE-2011-2834 flaw to be exploited;
however, third-party applications may allow XPath expressions to be passed which could trigger this flaw.

An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)

All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.

The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.

An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code.
(CVE-2011-1944)

Multiple flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834)

Note: Scientific Linux generally does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws.

This update also fixes the following bugs :

  - A number of patches have been applied to harden the     XPath processing code in libxml2, such as fixing memory     leaks, rounding errors, XPath numbers evaluations, and a     potential error in encoding conversion.

All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.

a. ESXi update to third-party component libxml2

   The libxml2 third-party library has been updated which addresses    multiple security issues.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)    has assigned the names CVE-2010-4008, CVE-2011-0216, CVE-2011-1944,    CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 and CVE-2012-0841 to    these issues.

According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote host is earlier than 7.1.1 and is, therefore, reportedly affected by the following vulnerabilities :

  - The bundled version of the libxml2 library contains     multiple vulnerabilities. (CVE-2011-1944, CVE-2011-2821,     CVE-2011-2834)

  - The bundled version of PHP contains multiple     vulnerabilities. (CVE-2011-3379, CVE-2011-4153,     CVE-2011-4885, CVE-2012-1823, CVE-2012-0057,     CVE-2012-0830)

  - The bundled version of the Apache HTTP Server contains     multiple vulnerabilities. (CVE-2011-3607, CVE-2011-4317,     CVE-2011-4415, CVE-2012-0021, CVE-2012-0031,     CVE-2012-0053)

  - An issue exists in the 'include/iniset.php' script in     the embedded RoundCube Webmail version that could lead     to a denial of service. (CVE-2011-4078)

  - The bundled version of OpenSSL contains multiple     vulnerabilities. (CVE-2011-4108, CVE-2011-4576,     CVE-2011-4577, CVE-2011-4619, CVE-2012-0027,     CVE-2012-1165)

  - The bundled version of curl and libcurl does not     properly consider special characters during extraction     of a pathname from a URL. (CVE-2012-0036)     
  - An off autocomplete attribute does not exist for     unspecified form fields, which makes it easier for     remote attackers to obtain access by leveraging an     unattended workstation. (CVE-2012-2012)

  - An unspecified vulnerability exists that could allow a     remote attacker to cause a denial of service, or     possibly obtain sensitive information or modify data.
    (CVE-2012-2013)

  - An unspecified vulnerability exists related to improper     input validation. (CVE-2012-2014)

  - An unspecified vulnerability allows remote,     unauthenticated users to gain privileges and obtain     sensitive information. (CVE-2012-2015)

  - An unspecified vulnerability allows local users to     obtain sensitive information via unknown vectors.
    (CVE-2012-2016)

The remote host is running a version of Mac OS X 10.7 that is older than version 10.7.4.  The newer version contains numerous security-related fixes for the following components :

  - Login Windows
  - Bluetooth
  - curl
  - HFS
  - Kernel
  - libarchive
  - libsecurity
  - libxml
  - LoginUIFramework
  - PHP
  - Quartz Composer
  - QuickTime
  - Ruby
  - Security Framework
  - Time Machine
  - X11

The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-002 applied. This update contains multiple security-related fixes for the following components :

  - curl
  - Directory Service
  - ImageIO
  - libarchive
  - libsecurity
  - libxml
  - Quartz Composer
  - QuickTime
  - Ruby
  - Samba
  - Security Framework

The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.4. The newer version contains numerous security-related fixes for the following components :

  - Login Window
  - Bluetooth
  - curl
  - HFS
  - Kernel
  - libarchive
  - libsecurity
  - libxml
  - LoginUIFramework
  - PHP
  - Quartz Composer
  - QuickTime
  - Ruby
  - Security Framework
  - Time Machine
  - X11

Note that this update addresses the recent FileVault password vulnerability, in which user passwords are stored in plaintext to a system-wide debug log if the legacy version of FileVault is used to encrypt user directories after a system upgrade to Lion. Since the patch only limits further exposure, though, we recommend that all users on the system change their passwords if user folders were encrypted using the legacy version of FileVault prior to and after an upgrade to OS X 10.7.

a. ESX third-party update for Service Console kernel

   The ESX Service Console Operating System (COS) kernel is updated    which addresses several security issues in the COS kernel.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has    assigned the names CVE-2011-3191, CVE-2011-4348 and CVE-2012-0028 to    these issues.

b. Updated ESX Service Console package libxml2

   The ESX Console Operating System (COS) libxml2 rpms are updated to    the following versions libxml2-2.6.26-2.1.12.el5_7.2 and    libxml2-python-2.6.26-2.1.12.el5_7.2 which addresses several    security issues.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has    assigned the names CVE-2010-4008, CVE-2011-0216, CVE-2011-1944,    CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 to these issues.

Many security problems have been fixed in libxml2, a popular library to handle XML data files.

  - CVE-2011-3919 :
    Juri Aedla discovered a heap-based buffer overflow that     allows remote attackers to cause a denial of service or     possibly have unspecified other impact via unknown     vectors.

  - CVE-2011-0216 :
    An Off-by-one error have been discovered that allows     remote attackers to execute arbitrary code or cause a     denial of service.

  - CVE-2011-2821 :
    A memory corruption (double free) bug has been     identified in libxml2's XPath engine. Through it, it is     possible for an attacker to cause a denial of service or     possibly have unspecified other impact. This     vulnerability does not affect the oldstable distribution     (lenny).

  - CVE-2011-2834 :
    Yang Dingning discovered a double free vulnerability     related to XPath handling.

  - CVE-2011-3905 :
    An out-of-bounds read vulnerability had been discovered,     which allows remote attackers to cause a denial of     service.

It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-0216)

It was discovered that libxml2 is vulnerable to double-free conditions when parsing certain XML documents. This could allow a remote attacker to cause a denial of service. (CVE-2011-2821, CVE-2011-2834)

It was discovered that libxml2 did not properly detect end of file when parsing certain XML documents. An attacker could exploit this to crash applications linked against libxml2. (CVE-2011-3905)

It was discovered that libxml2 did not properly decode entity references with long names. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
(CVE-2011-3919).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Specially crafted XPath expressions could have allowed attackers to cause a denial of service or possibly have unspecified other impact (CVE-2011-2821 / CVE-2011-2834). This has been fixed.

Updated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.

A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)

An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code.
(CVE-2011-1944)

Flaws were found in the way libxml2 parsed certain XPath expressions.
If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2011-2834)

An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)

Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws.

Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008.

All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.

Updated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.

A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919)

An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)

A flaw was found in the way libxml2 parsed certain XPath expressions.
If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2011-2834)

Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-2834 flaw to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger this flaw.

An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)

All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.

Updated libxml2 packages that fix several security issues and various bugs are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document.

An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code.
(CVE-2011-1944)

Multiple flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834)

Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws.

Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008.

This update also fixes the following bugs :

* A number of patches have been applied to harden the XPath processing code in libxml2, such as fixing memory leaks, rounding errors, XPath numbers evaluations, and a potential error in encoding conversion.
(BZ#732335)

All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.

The remote host is affected by the vulnerability described in GLSA-201111-01 (Chromium, V8: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and V8. Please       review the CVE identifiers and release notes referenced below for       details.
  Impact :

    A local attacker could gain root privileges (CVE-2011-1444, fixed in       chromium-11.0.696.57).
    A context-dependent attacker could entice a user to open a specially       crafted website or JavaScript program using Chromium or V8, possibly       resulting in the execution of arbitrary code with the privileges of the       process, or a Denial of Service condition. The attacker also could obtain       cookies and other sensitive information, conduct man-in-the-middle       attacks, perform address bar spoofing, bypass the same origin policy,       perform Cross-Site Scripting attacks, or bypass pop-up blocks.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-201110-26 (libxml2: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in libxml2. Please review       the CVE identifiers referenced below for details.
  Impact :

    A local or remote attacker may be able to execute arbitrary code with       the privileges of the application or cause a Denial of Service.
  Workaround :

    There is no known workaround at this time.

Double free vulnerabilities in libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression and via vectors related to XPath handling (CVE-2011-2821, CVE-2011-2834).

Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490

The updated packages have been patched to correct these issues.

Versions of Google Chrome earlier than 14.0.835.163 are affected by multiple vulnerabilities : 

  - A race condition exists related to the certificate cache. (Issue 49377)

  - The Windows Media Player plugin allows click-free access to the system Flash. (Issue 51464)
  - PIC / pie compiler lags are not used. (Linux only)(Issue 57908)
 - MIME types are not treated authoritatively at plugin load time. (Issue 75070)
  - An unspecified error allows V8 script object wrappers to crash. (Issue 76771)
  - The included PDF functionality contains a garbage collection error. (Issue 78639)
  - The Mac installer insecurely handles lock files. (Mac only)(Issue 80680)  - Out-of-bounds read issues exist related to media buffers, mp3 files, box handling, Khmer characters, video handling, Tibetan characters, and triangle arrays. (Issues 82438, 85041, 89991, 90134, 90173, 95563, 95625)
  - An unspecified error allows data displayed in the URL to be spoofed. (Issue 83031)
  - Use-after-free error exist related to unload event handling, the document loader, plugin handling, ruby table style handling, and the focus controller. (Issues 89219, 89330, 91197, 92651, 94800, 93420, 93587)
  - The URL bar can be spoofed in an unspecified manner related to the forward button. (Issue 89564)
  - A NULL pointer error exists related to WebSockets. Issue 89795)
  An off-by-one error exists related to the V8 JavaScript engine. (Issue 91120)
  - A stale node error exists related to CSS stylesheet handling. (Issue 92959)
  - A cross-origin bypass error exists related to the V8 JavaScript engine. (Issue 93416)
  - A double-free error exists related to XPath handling in libxml. (Issue 93472)
  - Incorrect permissions are assigned to non-gallery pages. (Issue 93497)
  - An improper string read occurs in the included PDF functionality. (Issue 93596)
  - An unspecified error allows unintended access to objects build in to the V8 JavaScript engine. (Issue 93906)
  - Self-signed certificates are not pinned properly. (Issue 95917)
  - A variable-type confusion issue exists in the V8 JavaScript engine related to object sealing. (Issue 95920)

The version of Google Chrome installed on the remote host is earlier than 14.0.835.163 and is affected by multiple vulnerabilities:

  - A race condition exists related to the certificate     cache. (Issue #49377)

  - The Windows Media Player plugin allows click-free     access to the system Flash. (Issue #51464)

  - MIME types are not treated authoritatively at plugin     load time. (Issue #75070)

  - An unspecified error allows V8 script object wrappers     to crash. (Issue #76771)

  - The included PDF functionality contains a garbage     collection error. (Issue #78639)

  - Out-of-bounds read issues exist related to media     buffers, mp3 files, box handling, Khmer characters,     video handling, Tibetan characters, and triangle     arrays. (Issues #82438, #85041, #89991, #90134, #90173,     #95563, #95625)

  - An unspecified error allows data displayed in the URL     to be spoofed. (Issue #83031)

  - Use-after-free errors exist related to unload event     handling, the document loader, plugin handling, ruby,     table style handling, and the focus controller.
    (Issues #89219, #89330, #91197, #92651, #94800, #93420,     #93587)

  - The URL bar can be spoofed in an unspecified manner     related to the forward button. (Issue #89564)

  - An NULL pointer error exists related to WebSockets.
    (Issue #89795)

  - An off-by-one error exists related to the V8 JavaScript     engine. (Issue #91120)

  - A stale node error exists related to CSS stylesheet     handling. (Issue #92959)

  - A cross-origin bypass error exists related to the V8     JavaScript engine. (Issue #93416)

  - A double-free error exists related to XPath handling     in libxml. (Issue #93472)

  - Incorrect permissions are assigned to non-gallery     pages. (Issue #93497)

  - An improper string read occurs in the included PDF     functionality. (Issue #93596)

  - An unspecified error allows unintended access to     objects built in to the V8 JavaScript engine.
    (Issue #93906)

  - Self-signed certificates are not pinned properly.
    (Issue #95917)

  - A variable-type confusion issue exists in the V8     JavaScript engine related to object sealing.
    (Issue #95920)

CVE-2011-2834 is not available