http://bugzilla.gnome.org/show_bug.cgi?id=783026

101482

RHSA-2017:2997

https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html

https://crbug.com/722079

https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed

[debian-lts-announce] 20171123 [SECURITY] [DLA 1188-1] libxml2 security update

GLSA-201710-24

https://security.netapp.com/advisory/ntap-20190719-0001/

The version of Oracle HTTP Server installed on the remote host is affected by the following vulnerabilities as referenced in the April 2020 CPU advisory:

  - An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Oracle HTTP Server's Web Listener     component, allows a remote attacker to potentially exploit heap corruption via a crafted XML file.
    (CVE-2017-5130)

  - An easily exploitable vulnerability in Oracle HTTP Server's Web Listener component affecting the supported     version 11.1.1.9.0. An unauthenticated, remote attacker with network access via HTTP can exploit this to     compromise Oracle HTTP Server, resulting in unauthorized update, insert or delete access to some of Oracle     HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server     accessible data. (CVE-2020-2952)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Apple iOS running on the mobile device is prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities as described in the HT208143 security advisory.

According to the version of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :

  - An integer overflow in xmlmemory.c in libxml2 before     2.9.5, as used in Google Chrome prior to 62.0.3202.62     and other products, allowed a remote attacker to     potentially exploit heap corruption via a crafted XML     file.(CVE-2017-5130)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - An integer overflow in xmlmemory.c in libxml2 before     2.9.5, as used in Google Chrome prior to 62.0.3202.62     and other products, allowed a remote attacker to     potentially exploit heap corruption via a crafted XML     file.(CVE-2017-5130)

  - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a     heap-based buffer over-read in the     xmlDictComputeFastKey function in dict.c. This     vulnerability causes programs that use libxml2, such as     PHP, to crash. (CVE-2017-9049)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - An integer overflow in xmlmemory.c in libxml2 before     2.9.5, as used in Google Chrome prior to 62.0.3202.62     and other products, allowed a remote attacker to     potentially exploit heap corruption via a crafted XML     file.(CVE-2017-5130)

  - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a     heap-based buffer over-read in the     xmlDictComputeFastKey function in dict.c. This     vulnerability causes programs that use libxml2, such as     PHP, to crash. (CVE-2017-9049)

  - A flaw in libxml2 allows remote XML entity inclusion     with default parser flags (i.e., when the caller did     not request entity substitution, DTD validation,     external DTD subset loading, or default DTD     attributes). Depending on the context, this may expose     a higher-risk attack surface in libxml2 not usually     reachable with default parser flags, and expose content     from local files, HTTP, or FTP servers (which might be     otherwise unreachable).(CVE-2017-7375)

  - Buffer overflow in libxml2 allows remote attackers to     execute arbitrary code by leveraging an incorrect limit     for port values when handling redirects.(CVE-2017-7376)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libxml2 fixes three security issues :

  - CVE-2017-15412: Prevent use after free when calling     XPath extension functions that allowed remote attackers     to cause DoS or potentially RCE (bsc#1077993)

  - CVE-2016-5131: Use-after-free vulnerability in libxml2     allowed remote attackers to cause a denial of service or     possibly have unspecified other impact via vectors     related to the XPointer range-to function. (bsc#1078813)

  - CVE-2017-5130: Fixed a potential remote buffer overflow     in function xmlMemoryStrdup() (bsc#1078806)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for libxml2 fixes one issue. This security issue was fixed :

  - CVE-2017-15412: Prevent use after free when calling     XPath extension functions that allowed remote attackers     to cause DoS or potentially RCE (bsc#1077993)

  - CVE-2016-5131: Use-after-free vulnerability in libxml2     allowed remote attackers to cause a denial of service or     possibly have unspecified other impact via vectors     related to the XPointer range-to function. (bsc#1078813)

  - CVE-2017-5130: Fixed a potential remote buffer overflow     in function xmlMemoryStrdup() (bsc#1078806)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libxml2 fixes several issues. Theses security issues were fixed :

  - CVE-2017-16932: Fixed infinite recursion could lead to     an infinite loop or memory exhaustion when expanding a     parameter entity in a DTD (bsc#1069689).

  - CVE-2017-15412: Prevent use after free when calling     XPath extension functions that allowed remote attackers     to cause DoS or potentially RCE (bsc#1077993)

  - CVE-2016-5131: Use-after-free vulnerability in libxml2     allowed remote attackers to cause a denial of service or     possibly have unspecified other impact via vectors     related to the XPointer range-to function. (bsc#1078813)

  - CVE-2017-5130: Fixed a potential remote buffer overflow     in function xmlMemoryStrdup() (bsc#1078806)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Security fix for CVE-2017-15398, CVE-2017-15399

----

Security fix for CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127.

Build switched to use gtk3.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Security fix for CVE-2017-15412 CVE-2017-15422 CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 CVE-2017-15429

----

Security fix for CVE-2017-15398, CVE-2017-15399

----

Security fix for CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127.

Build switched to use gtk3.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Pranjal Jumde (@pjumde) reported an heap overflow in memory debug code of libxml2.

For Debian 7 'Wheezy', these problems have been fixed in version 2.8.0+dfsg1-7+wheezy10.

We recommend that you upgrade your libxml2 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components :

  - 802.1X
  - apache
  - AppleScript
  - ATS
  - Audio
  - CFString
  - CoreText
  - curl
  - Dictionary Widget
  - file
  - Fonts
  - fsck_msdos
  - HFS
  - Heimdal
  - HelpViewer
  - ImageIO
  - Kernel
  - libarchive
  - Open Scripting Architecture
  - PCRE
  - Postfix
  - Quick Look
  - QuickTime
  - Remote Management
  - Sandbox
  - StreamingZip
  - tcpdump
  - Wi-Fi

This update to Chromium 62.0.3202.75 fixes the following security issues :

  - CVE-2017-5124: UXSS with MHTML

  - CVE-2017-5125: Heap overflow in Skia

  - CVE-2017-5126: Use after free in PDFium 

  - CVE-2017-5127: Use after free in PDFium

  - CVE-2017-5128: Heap overflow in WebGL

  - CVE-2017-5129: Use after free in WebAudio 

  - CVE-2017-5132: Incorrect stack manipulation in     WebAssembly.

  - CVE-2017-5130: Heap overflow in libxml2

  - CVE-2017-5131: Out of bounds write in Skia 

  - CVE-2017-5133: Out of bounds write in Skia 

  - CVE-2017-15386: UI spoofing in Blink

  - CVE-2017-15387: Content security bypass

  - CVE-2017-15388: Out of bounds read in Skia

  - CVE-2017-15389: URL spoofing in OmniBox

  - CVE-2017-15390: URL spoofing in OmniBox 

  - CVE-2017-15391: Extension limitation bypass in     Extensions.

  - CVE-2017-15392: Incorrect registry key handling in     PlatformIntegration

  - CVE-2017-15393: Referrer leak in Devtools

  - CVE-2017-15394: URL spoofing in extensions UI

  - CVE-2017-15395: NULL pointer dereference in ImageCapture

  - CVE-2017-15396: Stack overflow in V8

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Chromium is an open source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 62.0.3202.62.

Security Fix(es) :

* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5124, CVE-2017-5125, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5130, CVE-2017-5132, CVE-2017-5131, CVE-2017-5133, CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15389, CVE-2017-15390, CVE-2017-15391, CVE-2017-15392, CVE-2017-15393, CVE-2017-15394, CVE-2017-15395)

The remote host is affected by the vulnerability described in GLSA-201710-24 (Chromium, Google Chrome: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and Google       Chrome. Please review the referenced CVE identifiers and Google Chrome       Releases for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process, cause a Denial of Service condition, bypass       content security controls, or conduct URL spoofing.
  Workaround :

    There is no known workaround at this time.

Google Chrome Releases reports :

35 security fixes in this release, including :

- [762930] High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07

- [749147] High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26

- [760455] High CVE-2017-5126: Use after free in PDFium. Reported by Luat Nguyen on KeenLab, Tencent on 2017-08-30

- [765384] High CVE-2017-5127: Use after free in PDFium. Reported by Luat Nguyen on KeenLab, Tencent on 2017-09-14

- [765469] High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14

- [765495] High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15

- [718858] High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan of Adobe Systems India Pvt. Ltd.
on 2017-05-05

- [722079] High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde on 2017-05-14

- [744109] Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16

- [762106] Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05

- [752003] Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03

- [756040] Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu on 2017-08-16

- [756563] Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17

- [739621] Medium CVE-2017-15389: URL spoofing in Omnibox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06

- [750239] Medium CVE-2017-15390: URL spoofing in Omnibox. Reported by Haosheng Wang on 2017-07-28

- [598265] Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by Joao Lucas Melo Brasio on 2016-03-28

- [714401] Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu on 2017-04-22

- [732751] Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13

- [745580] Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam on 2017-07-18

- [759457] Low CVE-2017-15395: NULL pointer dereference in ImageCapture. Reported by Johannes Bergman on 2017-08-28

- [775550] Various fixes from internal audits, fuzzing and other initiatives

The version of Google Chrome installed on the remote macOS or Mac OS X host is prior to 62.0.32. It is, therefore, affected by multiple vulnerabilities as noted in Chrome stable channel update release notes for October 17th 2017. Please refer to the release notes for additional information.

The version of Google Chrome installed on the remote Windows host is prior to 62.0.3202.62. It is, therefore, affected by multiple vulnerabilities as noted in Chrome stable channel update release notes.
Please refer to the release notes for additional information.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

The version of Apple iOS running on the mobile device is prior to 11. It is, therefore, affected by multiple vulnerabilities as described in the HT208112 security advisory.

ID	Name	Product	Family	Severity
135677	Oracle Fusion Middleware Oracle HTTP Server (Apr 2020 CPU)	Nessus	Web Servers	medium
700542	Apple iOS < 11.0.1 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
117564	EulerOS Virtualization 2.5.0 : libxml2 (EulerOS-SA-2018-1255)	Nessus	Huawei Local Security Checks	medium
108475	EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2018-1071)	Nessus	Huawei Local Security Checks	medium
108474	EulerOS 2.0 SP1 : libxml2 (EulerOS-SA-2018-1070)	Nessus	Huawei Local Security Checks	critical
106741	openSUSE Security Update : libxml2 (openSUSE-2018-154)	Nessus	SuSE Local Security Checks	medium
106708	SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2018:0401-1)	Nessus	SuSE Local Security Checks	medium
106707	SUSE SLES11 Security Update : libxml2 (SUSE-SU-2018:0395-1)	Nessus	SuSE Local Security Checks	medium
106002	Fedora 27 : chromium (2017-f2f3fa09e3)	Nessus	Fedora Local Security Checks	high
105501	Fedora 26 : chromium (2017-ea44f172e3)	Nessus	Fedora Local Security Checks	high
104747	Debian DLA-1188-1 : libxml2 security update	Nessus	Debian Local Security Checks	medium
104379	macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)	Nessus	MacOS X Local Security Checks	critical
104244	openSUSE Security Update : chromium (openSUSE-2017-1221)	Nessus	SuSE Local Security Checks	medium
104091	RHEL 6 : chromium-browser (RHSA-2017:2997)	Nessus	Red Hat Local Security Checks	medium
104067	GLSA-201710-24 : Chromium, Google Chrome: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
104063	FreeBSD : chromium -- multiple vulnerabilities (a692bffe-b6ad-11e7-a1c2-e8e0b747a45a)	Nessus	FreeBSD Local Security Checks	medium
103934	Google Chrome < 62.0.3202.62 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	medium
103933	Google Chrome < 62.0.3202.62 Multiple Vulnerabilities	Nessus	Windows	medium
103420	Apple iOS < 11 Multiple Vulnerabilities	Nessus	Mobile Devices	critical

CVE-2017-5130

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins