94347

https://bugzilla.gnome.org/show_bug.cgi?id=772726

https://github.com/lsh123/xmlsec/issues/43

GLSA-201711-01

USN-3739-1

USN-3739-2

This update for libxml2 fixes the following issues :

Issue fixed :

Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :

  - libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and     earlier and other products, does not offer a flag     directly indicating that the current document may be     read but other files may not be opened, which makes it     easier for remote attackers to conduct XML External     Entity (XXE) attacks via a crafted     document.i1/4^CVE-2016-9318i1/4%0

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libxml2 fixes the following issues :

Security issue fixed :

CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046)

Other Issue fixed: Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the libxml2 package has been released.

An update of [openssh,linux,libxml2] packages for PhotonOS has been released.

The remote host is affected by the vulnerability described in GLSA-201711-01 (libxml2: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in libxml2. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker, by enticing a user to process a specially crafted XML       document, could remotely execute arbitrary code, conduct XML External       Entity (XXE) attacks, or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

This update for libxml2 fixes the following issues: Security issues fixed :

  - CVE-2017-9050: heap-based buffer overflow     (xmlDictAddString func) [bsc#1039069, bsc#1039661]

  - CVE-2017-9049: heap-based buffer overflow     (xmlDictComputeFastKey func) [bsc#1039066]

  - CVE-2017-9048: stack overflow vulnerability     (xmlSnprintfElementContent func) [bsc#1039063]

  - CVE-2017-9047: stack overflow vulnerability     (xmlSnprintfElementContent func) [bsc#1039064] A     clarification for the previously released update: For     CVE-2016-9318 we decided not to ship a fix since it can     break existing setups. Please take appropriate actions     if you parse untrusted XML files and use the new

-noxxe flag if possible (bnc#1010675, bnc#1013930).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libxml2 fixes the following issues :

  - Fix NULL dereference in xpointer.c when in recovery mode     [bsc#1014873]

  - CVE-2016-9597: An XML document with many opening tags     could have caused a overflow of the stack not detected     by the recursion limits, allowing for DoS (bsc#1017497)

  - CVE-2014-0191: External parameter entity loaded when     entity substitution is disabled could cause a DoS.
    (bsc#876652)

  - CVE-2016-9318: XML External Entity (XXE) could be abused     via crafted document. (bsc#1010675)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and     earlier and other products, does not offer a flag     directly indicating that the current document may be     read but other files may not be opened, which makes it     easier for remote attackers to conduct XML External     Entity (XXE) attacks via a crafted     documenti1/4Z(CVE-2016-9318)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to latest upstream release, includes several security related fixes.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libxml2 fixes the following issues :

  - CVE-2016-4658: use-after-free error could lead to crash     [bsc#1005544]

  - Fix NULL dereference in xpointer.c when in recovery mode     [bsc#1014873]

  - CVE-2016-9597: An XML document with many opening tags     could have caused a overflow of the stack not detected     by the recursion limits, allowing for DoS (bsc#1017497).

For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930).

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for libxml2 fixes the following issues :

  - CVE-2016-4658: use-after-free error could lead to crash     [bsc#1005544]

  - Fix NULL dereference in xpointer.c when in recovery mode     [bsc#1014873]

  - CVE-2016-9597: An XML document with many opening tags     could have caused a overflow of the stack not detected     by the recursion limits, allowing for DoS (bsc#1017497).
    For CVE-2016-9318 we decided not to ship a fix since it     can break existing setups. Please take appropriate     actions if you parse untrusted XML files and use the new
    -noxxe flag if possible (bnc#1010675, bnc#1013930).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libxml2 fixes the following issues :

  - CVE-2016-9318: libxml2 did not offer a flag directly     indicating that the current document may be read but     other files may not be opened, which made it easier for     remote attackers to conduct XML External Entity (XXE)     attacks via a crafted document (bsc#1010675).

  - Prevent NULL dereference in xpointer.c and     xmlDumpElementContent, and infinite recursion in     xmlParseConditionalSections when in recovery     mode(bnc#1014873)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
126814	SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2019:1896-1)	Nessus	SuSE Local Security Checks	medium
124731	EulerOS Virtualization 2.5.3 : libxml2 (EulerOS-SA-2019-1353)	Nessus	Huawei Local Security Checks	medium
123073	SUSE SLES11 Security Update : libxml2 (SUSE-SU-2019:13985-1)	Nessus	SuSE Local Security Checks	medium
121663	Photon OS 1.0: Libxml2 PHSA-2017-0001	Nessus	PhotonOS Local Security Checks	high
111850	Photon OS 1.0: Libxml2 / Linux / Openssh PHSA-2017-0001 (deprecated)	Nessus	PhotonOS Local Security Checks	high
104492	GLSA-201711-01 : libxml2: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
100780	SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:1557-1)	Nessus	SuSE Local Security Checks	medium
100352	SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1366-1)	Nessus	SuSE Local Security Checks	medium
99936	EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2017-1070)	Nessus	Huawei Local Security Checks	medium
99916	EulerOS 2.0 SP1 : libxml2 (EulerOS-SA-2017-1069)	Nessus	Huawei Local Security Checks	medium
99492	Fedora 24 : libxml2 (2017-be8574d593)	Nessus	Fedora Local Security Checks	critical
99491	Fedora 25 : libxml2 (2017-a3a47973eb)	Nessus	Fedora Local Security Checks	critical
97116	openSUSE Security Update : libxml2 (openSUSE-2017-244)	Nessus	SuSE Local Security Checks	critical
97015	SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:0380-1)	Nessus	SuSE Local Security Checks	critical
96566	SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:0164-1)	Nessus	SuSE Local Security Checks	medium

CVE-2016-9318

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins