The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to     cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value,     related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. (CVE-2016-4483)

Note that Nessus relies on the presence of the package as reported by the vendor.

According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-23 advisory. Several of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with best practice, Tenable has opted to upgrade these components to address the potential impact of the issues. Nessus Network Monitor 6.2.2 updates the following components:

  - c-ares from version 1.10.0 to version 1.19.1.
  - curl from version 7.79.1 to version 8.1.2.
  - libbzip2 from version 1.0.6 to version 1.0.8.
  - libpcre from version 8.42 to version 8.44.
  - libxml2 from version 2.7.7 to version 2.11.1.
  - libxslt from version 1.1.26 to version 1.1.37.
  - libxmlsec from version 1.2.18 to version 1.2.37.
  - sqlite from version 3.27.2 to version 3.40.1.
  - jQuery Cookie from version 1.3.1 to version 1.4.1.
  - jQuery UI from version 1.13.0 to version 1.13.2.
  - OpenSSL from version 3.0.8 to version 3.0.9.

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - The xmlBufAttrSerializeTxtContent function in xmlsave.c     in libxml2 allows context-dependent attackers to cause     a denial of service (out-of-bounds read and application     crash) via a non-UTF-8 attribute value, related to     serialization. NOTE: this vulnerability may be a     duplicate of CVE-2016-3627.(CVE-2016-4483)

  - xmlParseBalancedChunkMemoryRecover in parser.c in     libxml2 before 2.9.10 has a memory leak related to     newDoc->oldNs.(CVE-2019-19956)

  - dict.c in libxml2 allows remote attackers to cause a     denial of service (heap-based buffer over-read and     application crash) via an unexpected character     immediately after the '<!DOCTYPE html' substring in a     crafted HTML document.(CVE-2015-8806)

  - ** DISPUTED ** libxml2 2.9.4, when used in recover     mode, allows remote attackers to cause a denial of     service (NULL pointer dereference) via a crafted XML     document. NOTE: The maintainer states 'I would disagree     of a CVE with the Recover parsing option which should     only be used for manual recovery at least for XML     parser.'(CVE-2017-5969)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the libxml2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :

  - The xmlBufAttrSerializeTxtContent function in xmlsave.c     in libxml2 allows context-dependent attackers to cause     a denial of service (out-of-bounds read and application     crash) via a non-UTF-8 attribute value, related to     serialization. NOTE: this vulnerability may be a     duplicate of CVE-2016-3627.(CVE-2016-4483)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - libxml2 in Apple iOS before 10, OS X before 10.12, tvOS     before 10, and watchOS before 3 allows remote attackers     to execute arbitrary code or cause a denial of service     (memory corruption) via a crafted XML     document.(CVE-2016-4658)

  - The xmlBufAttrSerializeTxtContent function in xmlsave.c     in libxml2 allows context-dependent attackers to cause     a denial of service (out-of-bounds read and application     crash) via a non-UTF-8 attribute value, related to     serialization. NOTE: this vulnerability may be a     duplicate of CVE-2016-3627.(CVE-2016-4483)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - The xmlBufAttrSerializeTxtContent function in xmlsave.c     in libxml2 allows context-dependent attackers to cause     a denial of service (out-of-bounds read and application     crash) via a non-UTF-8 attribute value, related to     serialization. NOTE: this vulnerability may be a     duplicate of CVE-2016-3627.(CVE-2016-4483)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Symantec Content Analysis running on the   remote host is prior to version 2.3.1.1. It is, therefore,   affected by a vulnerability in the xmlBufAttrSerializeTxtContent   function in xmlsave.c in libxml2 allows context-dependent   attackers to cause a denial of service (out-of-bounds read and   application crash) via a non-UTF-8 attribute value, related   to serialization.

The version of Tenable Log Correlation Engine (LCE) installed on the remote host is prior to 4.8.1. It is, therefore, affected by the following vulnerabilities :

  - Multiple cross-site scripting (XSS) vulnerabilities     exist in the Handlebars library in the     lib/handlebars/utils.js script due to a failure to     properly escape input passed as unquoted attributes to     templates. An unauthenticated, remote attacker can     exploit these vulnerabilities, via a specially crafted     request, to execute arbitrary script code in a user's     browser session. (CVE-2015-8861, CVE-2015-8862)

  - A heap-based buffer overflow condition exists in the     Perl-Compatible Regular Expressions (PCRE) component     that is triggered when processing nested back references     in a duplicate named group. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition or the execution of arbitrary code.
    (CVE-2016-1283)

  - An out-of-bounds read error exists in the libxml2     component in parserInternals.c due to improper parsing     of characters in an XML file. An unauthenticated, remote     attacker can exploit this to disclose sensitive     information or cause a denial of service condition.
    (CVE-2016-1833)

  - An overflow condition exists in the libxml2 component in     xmlstring.c due to improper validation of user-supplied     input when handling a string with NULL. An     unauthenticated, remote attacker can exploit this, via a     specially crafted file, to cause a denial of service     condition or the execution of arbitrary code.
    (CVE-2016-1834)

  - Multiple use-after-free errors exist in the libxml2     component in parser.c that is triggered when parsing     complex names. An unauthenticated, remote attacker can     exploit these issues, via a specially crafted file, to     dereference already freed memory and potentially execute     arbitrary code. (CVE-2016-1835, CVE-2016-1836)

  - Multiple heap-based buffer overflow conditions exist in     the libxml2 component in HTMLparser.c and xmlregexp.c     due to improper validation of user-supplied input when     parsing characters in a range. An unauthenticated,     remote attacker can exploit these issues, via a     specially crafted file, to cause a denial of service     condition or the execution of arbitrary code.
    (CVE-2016-1837, CVE-2016-1839, CVE-2016-1840)

  - Multiple out-of-bounds read errors exist in the libxml2     component in parser.c. An unauthenticated, remote     attacker can exploit these issues to disclose sensitive     information or cause a denial of service condition.
    (CVE-2016-1838, CVE-2016-4447)

  - A heap buffer overflow condition exists in the OpenSSL     component in the EVP_EncodeUpdate() function within file     crypto/evp/encode.c that is triggered when handling a     large amount of input data. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition. (CVE-2016-2105)

  - A heap buffer overflow condition exists in the OpenSSL     component in the EVP_EncryptUpdate() function within     file crypto/evp/evp_enc.c that is triggered when     handling a large amount of input data after a previous     call occurs to the same function with a partial block.
    An unauthenticated, remote attacker can exploit this to     cause a denial of service condition. (CVE-2016-2106)

  - Flaws exist in the aesni_cbc_hmac_sha1_cipher()     function in file crypto/evp/e_aes_cbc_hmac_sha1.c and     the aesni_cbc_hmac_sha256_cipher() function in file     crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered     when the connection uses an AES-CBC cipher and AES-NI     is supported by the server. A man-in-the-middle attacker     can exploit these to conduct a padding oracle attack,     resulting in the ability to decrypt the network traffic.
    (CVE-2016-2107)

  - A remote code execution vulnerability exists in the     OpenSSL component in the ASN.1 encoder due to an     underflow condition that occurs when attempting to     encode the value zero represented as a negative integer.
    An unauthenticated, remote attacker can exploit this to     corrupt memory, resulting in the execution of arbitrary     code. (CVE-2016-2108)

  - Multiple unspecified flaws exist in the d2i BIO     functions when reading ASN.1 data from a BIO due to     invalid encoding causing a large allocation of memory.
    An unauthenticated, remote attacker can exploit these to     cause a denial of service condition through resource     exhaustion. (CVE-2016-2109)

  - An out-of-bounds read error exists in the     X509_NAME_oneline() function within file     crypto/x509/x509_obj.c when handling very long ASN1     strings. An unauthenticated, remote attacker can exploit     this to disclose the contents of stack memory.
    (CVE-2016-2176)

  - An overflow condition exists in the Perl-Compatible     Regular Expressions (PCRE) component due to improper     validation of user-supplied input when handling the     (*ACCEPT) verb. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2016-3191)

  - A flaw exists in the libxml2 component in parser.c that     occurs when handling XML content in recovery mode. An     unauthenticated, remote attacker can exploit this to     cause a stack exhaustion, resulting in a denial of     service condition. (CVE-2016-3627)

  - A flaw exists in the libxml2 component in parser.c due     to improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit this to     cause a stack exhaustion, resulting in a denial of     service condition. (CVE-2016-3705)

  - A format string flaw exists in the libxml2 component due     to improper use of string format specifiers (e.g. %s and     %x). An unauthenticated, remote attacker can exploit     this to cause a denial of service condition or the     execution of arbitrary code. (CVE-2016-4448)

  - An XML external entity injection vulnerability exists in     parser.c due to improper parsing of XML data. An     unauthenticated, remote attacker can exploit this, via     specially crafted XML data, to disclose arbitrary files     or cause a denial of service condition. (CVE-2016-4449)

  - An out-of-bounds read error exists in the libxml2     component in xmlsave.c that occurs when handling XML     content in recovery mode. An unauthenticated, remote     attacker can exploit this to disclose sensitive     information or cause a denial of service condition.
    (CVE-2016-4483)

  - A security bypass vulnerability exists in the libcurl     component due to the program attempting to resume TLS     sessions even if the client certificate fails. An     unauthenticated, remote attacker can exploit this to     bypass validation mechanisms. (CVE-2016-5419)

  - An information disclosure vulnerability exists in the     libcurl component due to the program reusing TLS     connections with different client certificates. An     unauthenticated, remote attacker can exploit this to     disclose sensitive cross-realm information.
    (CVE-2016-5420)

  - A use-after-free error exists in the libcurl component     that is triggered as connection pointers are not     properly cleared for easy handles. An unauthenticated,     remote attacker can exploit this to dereference already     freed memory, potentially resulting in the execution of     arbitrary code. (CVE-2016-5421)

  - Multiple stored cross-site scripting (XSS)   	vulnerabilities exist due to improper validation of   	user-supplied input. An authenticated, remote attacker   	can exploit these, via a specially crafted request, to   	execute arbitrary script code in a user's browsers   	session. (CVE-2016-9261)

The remote host is affected by the vulnerability described in GLSA-201701-37 (libxml2: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in libxml2. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user or automated system to process a       specially crafted XML document, possibly resulting in execution of       arbitrary code with the privileges of the process or a Denial of Service       condition.
  Workaround :

    There is no known workaround at this time.

This update for libxml2 fixes the following security issues :

  - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A     Heap-buffer overread was fixed in libxml2/dict.c     [bsc#963963, bsc#965283, bsc#981114].

  - CVE-2016-4483: Code was added to avoid an out of bound     access when serializing malformed strings [bsc#978395].

  - CVE-2016-1762: Fixed a heap-based buffer overread in     xmlNextChar [bsc#981040].

  - CVE-2016-1834: Fixed a heap-buffer-overflow in     xmlStrncat [bsc#981041].

  - CVE-2016-1833: Fixed a heap-based buffer overread in     htmlCurrentChar [bsc#981108].

  - CVE-2016-1835: Fixed a heap use-after-free in     xmlSAX2AttributeNs [bsc#981109].

  - CVE-2016-1837: Fixed a heap use-after-free in     htmlParsePubidLiteral and htmlParseSystemiteral     [bsc#981111].

  - CVE-2016-1838: Fixed a heap-based buffer overread in     xmlParserPrintFileContextInternal [bsc#981112].

  - CVE-2016-1840: Fixed a heap-buffer-overflow in     xmlFAParsePosCharGroup [bsc#981115].

  - CVE-2016-4447: Fixed a heap-based buffer-underreads due     to xmlParseName [bsc#981548].

  - CVE-2016-4448: Fixed some format string warnings with     possible format string vulnerability [bsc#981549],

  - CVE-2016-4449: Fixed inappropriate fetch of entities     content [bsc#981550].

  - CVE-2016-3705: Fixed missing increment of recursion     counter.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Daniel Veillard reports :

More format string warnings with possible format string vulnerability (David Kilzer)

Avoid building recursive entities (Daniel Veillard)

Heap-based buffer overread in htmlCurrentChar (Pranjal Jumde)

Heap-based buffer-underreads due to xmlParseName (David Kilzer)

Heap use-after-free in xmlSAX2AttributeNs (Pranjal Jumde)

Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (Pranjal Jumde)

Fix some format string warnings with possible format string vulnerability (David Kilzer)

Detect change of encoding when parsing HTML names (Hugh Davenport)

Fix inappropriate fetch of entities content (Daniel Veillard)

Bug 759398: Heap use-after-free in xmlDictComputeFastKey (Pranjal Jumde)

Bug 758605: Heap-based buffer overread in xmlDictAddString (Pranjal Jumde)

Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal (David Kilzer)

Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup (Pranjal Jumde)

Add missing increments of recursion depth counter to XML parser.
(Peter Simons)

Fix NULL pointer deref in XPointer range-to

The remote host is running a version of Mac OS X that is 10.9.5 or 10.10.5 and is missing Security Update 2016-004. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache_mod_php (affects 10.10.5 only)
  - CoreGraphics
  - ImageIO
  - libxml2
  - libxslt

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.6. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache_mod_php
  - Audio
  - bsdiff
  - CFNetwork
  - CoreGraphics
  - FaceTime
  - Graphics Drivers
  - ImageIO
  - Intel Graphics Driver
  - IOHIDFamily
  - IOKit
  - IOSurface
  - Kernel
  - libc++abi
  - libexpat
  - LibreSSL
  - libxml2
  - libxslt
  - Login Window
  - OpenSSL
  - QuickTime
  - Safari Login AutoFill
  - Sandbox Profiles

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

According to its banner, the version of the remote Apple TV device is prior to 9.2.2. It is, therefore, affected by multiple vulnerabilities in the following components :

  - CoreGraphics
  - ImageIO
  - IOAcceleratorFamily
  - IOHIDFamily
  - Kernel
  - libxml2
  - libxslt
  - Sandbox Profiles
  - WebKit
  - WebKit Page Loading

Note that only 4th generation models are affected by the vulnerabilities.

The version of Apple iTunes running on the remote Windows host is prior to 12.4.2. It is, therefore, affected by multiple vulnerabilities :

  - Multiple memory corruption issues exist in the libxslt     component due to improper validation of user-supplied     input. An unauthenticated, remote attacker can exploit     this to cause a denial of service condition or the     execution of arbitrary code. (CVE-2016-1684,     CVE-2016-4607, CVE-2016-4608, CVE-2016-4609,     CVE-2016-4610, CVE-2016-4612)

  - Multiple memory corruption issues exist in the libxml2     component that allow a remote attacker to cause a denial     of service condition or the execution of arbitrary code.
    (CVE-2016-1836, CVE-2016-4447, CVE-2016-4448,     CVE-2016-4483, CVE-2016-4614, CVE-2016-4615,     CVE-2016-4616, CVE-2016-4619)

  - An XXE (Xml eXternal Entity) injection vulnerability     exists in the libxml2 component due to an incorrectly     configured XML parser accepting XML external entities     from an untrusted source. A remote attacker can exploit     this, via a specially crafted XML file, to disclose     arbitrary files and user information. (CVE-2016-4449)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Apple iTunes installed on the remote Windows host is prior to 12.4.2. It is, therefore, affected by multiple vulnerabilities :

  - Multiple memory corruption issues exist in the libxslt     component due to improper validation of user-supplied     input. An unauthenticated, remote attacker can exploit     this to cause a denial of service condition or the     execution of arbitrary code. (CVE-2016-1684,     CVE-2016-4607, CVE-2016-4608, CVE-2016-4609,     CVE-2016-4610, CVE-2016-4612)

  - Multiple memory corruption issues exist in the libxml2     component that allow a remote attacker to cause a denial     of service condition or the execution of arbitrary code.
    (CVE-2016-1836, CVE-2016-4447, CVE-2016-4448,     CVE-2016-4483, CVE-2016-4614, CVE-2016-4615,     CVE-2016-4616, CVE-2016-4619)

  - An XXE (Xml eXternal Entity) injection vulnerability     exists in the libxml2 component due to an incorrectly     configured XML parser accepting XML external entities     from an untrusted source. A remote attacker can exploit     this, via a specially crafted XML file, to disclose     arbitrary files and user information. (CVE-2016-4449)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of iOS running on the mobile device is prior to 9.3.3. It is, therefore, affected by multiple vulnerabilities, the most serious of which can result in remote code execution, in the following components :

  - Calendar
  - CoreGraphics
  - FaceTime
  - ImageIO
  - IOAcceleratorFamily
  - IOHIDFamily
  - Kernel
  - libxml2
  - libxslt
  - Safari
  - Sandbox Profiles
  - Siri Contacts
  - Web Media
  - WebKit
  - WebKit JavaScript Bindings
  - WebKit Page Loading

This update brings libxml2 to version 2.9.4.

These security issues were fixed :

  - CVE-2016-3627: The xmlStringGetNodeList function in     tree.c, when used in recovery mode, allowed     context-dependent attackers to cause a denial of service     (infinite recursion, stack consumption, and application     crash) via a crafted XML document (bsc#972335).

  - CVE-2016-1833: libxml2 allowed remote attackers to     execute arbitrary code or cause a denial of service     (memory corruption) via a crafted XML document, a     different vulnerability than CVE-2016-1834,     CVE-2016-1836, CVE-2016-1837, CVE-2016-1838,     CVE-2016-1839, and CVE-2016-1840 (bsc#981108).

  - CVE-2016-1835: libxml2 allowed remote attackers to     execute arbitrary code or cause a denial of service     (memory corruption) via a crafted XML document     (bsc#981109).

  - CVE-2016-1837: libxml2 allowed remote attackers to     execute arbitrary code or cause a denial of service     (memory corruption) via a crafted XML document, a     different vulnerability than CVE-2016-1833,     CVE-2016-1834, CVE-2016-1836, CVE-2016-1838,     CVE-2016-1839, and CVE-2016-1840 (bsc#981111).

  - CVE-2016-1836: libxml2 allowed remote attackers to     execute arbitrary code or cause a denial of service     (memory corruption) via a crafted XML document, a     different vulnerability than CVE-2016-1833,     CVE-2016-1834, CVE-2016-1837, CVE-2016-1838,     CVE-2016-1839, and CVE-2016-1840 (bsc#981110).

  - CVE-2016-1839: libxml2 allowed remote attackers to     execute arbitrary code or cause a denial of service     (memory corruption) via a crafted XML document, a     different vulnerability than CVE-2016-1833,     CVE-2016-1834, CVE-2016-1836, CVE-2016-1837,     CVE-2016-1838, and CVE-2016-1840 (bsc#981114).

  - CVE-2016-1838: libxml2 allowed remote attackers to     execute arbitrary code or cause a denial of service     (memory corruption) via a crafted XML document, a     different vulnerability than CVE-2016-1833,     CVE-2016-1834, CVE-2016-1836, CVE-2016-1837,     CVE-2016-1839, and CVE-2016-1840 (bsc#981112).

  - CVE-2016-1840: libxml2 allowed remote attackers to     execute arbitrary code or cause a denial of service     (memory corruption) via a crafted XML document, a     different vulnerability than CVE-2016-1833,     CVE-2016-1834, CVE-2016-1836, CVE-2016-1837,     CVE-2016-1838, and CVE-2016-1839 (bsc#981115).

  - CVE-2016-4483: out-of-bounds read parsing an XML using     recover mode (bnc#978395).

  - CVE-2016-1834: libxml2 allowed remote attackers to     execute arbitrary code or cause a denial of service     (memory corruption) via a crafted XML document, a     different vulnerability than CVE-2016-1833,     CVE-2016-1836, CVE-2016-1837, CVE-2016-1838,     CVE-2016-1839, and CVE-2016-1840 (bsc#981041).

  - CVE-2016-3705: The (1) xmlParserEntityCheck and (2)     xmlParseAttValueComplex functions in parser.c in libxml2     did not properly keep track of the recursion depth,     which allowed context-dependent attackers to cause a     denial of service (stack consumption and application     crash) via a crafted XML document containing a large     number of nested entity references (bsc#975947).

  - CVE-2016-1762: libxml2 allowed remote attackers to     execute arbitrary code or cause a denial of service     (memory corruption) via a crafted XML document     (bsc#981040).

This non-security issue was fixed :

  - bnc#983288: Fix attribute decoding during XML schema     validation

This update for libxml2 fixes the following security issues :

  - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A     Heap-buffer overread was fixed in libxml2/dict.c     [bsc#963963, bsc#965283, bsc#981114].

  - CVE-2016-4483: Code was added to avoid an out of bound     access when serializing malformed strings [bsc#978395].

  - CVE-2016-1762: Fixed a heap-based buffer overread in     xmlNextChar [bsc#981040].

  - CVE-2016-1834: Fixed a heap-buffer-overflow in     xmlStrncat [bsc#981041].

  - CVE-2016-1833: Fixed a heap-based buffer overread in     htmlCurrentChar [bsc#981108].

  - CVE-2016-1835: Fixed a heap use-after-free in     xmlSAX2AttributeNs [bsc#981109].

  - CVE-2016-1837: Fixed a heap use-after-free in     htmlParsePubidLiteral and htmlParseSystemiteral     [bsc#981111].

  - CVE-2016-1838: Fixed a heap-based buffer overread in     xmlParserPrintFileContextInternal [bsc#981112].

  - CVE-2016-1840: Fixed a heap-buffer-overflow in     xmlFAParsePosCharGroup [bsc#981115].

  - CVE-2016-4447: Fixed a heap-based buffer-underreads due     to xmlParseName [bsc#981548].

  - CVE-2016-4448: Fixed some format string warnings with     possible format string vulnerability [bsc#981549],

  - CVE-2016-4449: Fixed inappropriate fetch of entities     content [bsc#981550].

  - CVE-2016-3705: Fixed missing increment of recursion     counter.

This update was imported from the SUSE:SLE-12:Update update project.

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2994-1 advisory.

    It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated     system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to     crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705,     CVE-2016-4447)

    It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated     system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash,     resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1762, CVE-2016-1834)

    Mateusz Jurczyk discovered that libxml2 incorrectly handled certain malformed documents. If a user or     automated system were tricked into opening a specially crafted document, an attacker could cause libxml2     to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1833,     CVE-2016-1838, CVE-2016-1839)

    Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. If a user or     automated system were tricked into opening a specially crafted document, an attacker could cause libxml2     to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1835,     CVE-2016-1837)

    Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain malformed documents. If a user or     automated system were tricked into opening a specially crafted document, an attacker could cause libxml2     to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to     Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-1836)

    Kostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. If a user or     automated system were tricked into opening a specially crafted document, an attacker could cause libxml2     to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1840)

    It was discovered that libxml2 would load certain XML external entities. If a user or automated system     were tricked into opening a specially crafted document, an attacker could possibly obtain access to     arbitrary files or cause resource consumption. (CVE-2016-4449)

    Gustavo Grieco discovered that libxml2 incorrectly handled certain malformed documents. If a user or     automated system were tricked into opening a specially crafted document, an attacker could possibly cause     libxml2 to crash, resulting in a denial of service. (CVE-2016-4483)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial of service against the application, or potentially the execution of arbitrary code with the privileges of the user running the application.

For Debian 7 'Wheezy', these problems have been fixed in version 2.8.0+dfsg1-7+wheezy6.

We recommend that you upgrade your libxml2 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the application, or potentially the execution of arbitrary code with the privileges of the user running the application.

ID	Name	Product	Family	Severity
219519	Linux Distros Unpatched Vulnerability : CVE-2016-4483	Nessus	Misc.	high
177842	Nessus Network Monitor < 6.2.2 Multiple Vulnerabilities (TNS-2023-23)	Nessus	Misc.	critical
135636	EulerOS Virtualization 3.0.2.2 : libxml2 (EulerOS-SA-2020-1474)	Nessus	Huawei Local Security Checks	high
134497	EulerOS Virtualization for ARM 64 3.0.2.0 : libxml2 (EulerOS-SA-2020-1208)	Nessus	Huawei Local Security Checks	high
129206	EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2019-2013)	Nessus	Huawei Local Security Checks	critical
128910	EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2019-1858)	Nessus	Huawei Local Security Checks	critical
128090	EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2019-1798)	Nessus	Huawei Local Security Checks	high
125636	Symantec Content Analysis 2.3 < 2.3.1.1 affected by Multiple Vulnerabilities (SYMSA1377)	Nessus	Misc.	high
97893	Tenable Log Correlation Engine (LCE) < 4.8.1 Multiple Vulnerabilities	Nessus	Misc.	critical
96541	GLSA-201701-37 : libxml2: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
93154	SUSE SLES11 Security Update : libxml2 (SUSE-SU-2016:1604-1)	Nessus	SuSE Local Security Checks	critical
93145	FreeBSD : libxml2 -- multiple vulnerabilities (e195679d-045b-4953-bb33-be0073ba2ac6)	Nessus	FreeBSD Local Security Checks	high
92497	Mac OS X 10.9.5 and 10.10.5 Multiple Vulnerabilities (Security Update 2016-004)	Nessus	MacOS X Local Security Checks	critical
92496	Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
92494	Apple TV < 9.2.2 Multiple Vulnerabilities	Nessus	Misc.	critical
92411	Apple iTunes < 12.4.2 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	critical
92410	Apple iTunes < 12.4.2 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	critical
92359	Apple iOS < 9.3.3 Multiple Vulnerabilities	Nessus	Mobile Devices	critical
91656	SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2016:1538-1)	Nessus	SuSE Local Security Checks	critical
91640	openSUSE Security Update : libxml2 (openSUSE-2016-734)	Nessus	SuSE Local Security Checks	high
91639	openSUSE Security Update : libxml2 (openSUSE-2016-733)	Nessus	SuSE Local Security Checks	critical
91499	Ubuntu 14.04 LTS / 16.04 LTS : libxml2 vulnerabilities (USN-2994-1)	Nessus	Ubuntu Local Security Checks	high
91472	Debian DLA-503-1 : libxml2 security update	Nessus	Debian Local Security Checks	high
91447	Debian DSA-3593-1 : libxml2 - security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2016-4483

high

Tenable Plugins

high

critical

high

high

critical

critical

high

high

critical

critical

critical

high

critical

critical

critical

critical

critical

critical

critical

high

critical

high

high

high