Debian DSA-4042-1 : libxml-libxml-perl - security update

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Debian host is missing a security-related update.

Description :

A use-after-free vulnerability was discovered in XML::LibXML, a Perl
interface to the libxml2 library, allowing an attacker to execute
arbitrary code by controlling the arguments to a replaceChild() call.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866676
https://security-tracker.debian.org/tracker/libxml-libxml-perl
https://packages.debian.org/source/jessie/libxml-libxml-perl
https://packages.debian.org/source/stretch/libxml-libxml-perl
http://www.debian.org/security/2017/dsa-4042

Solution :

Upgrade the libxml-libxml-perl packages.

For the oldstable distribution (jessie), this problem has been fixed
in version 2.0116+dfsg-1+deb8u2.

For the stable distribution (stretch), this problem has been fixed in
version 2.0128+dfsg-1+deb9u1.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Debian Local Security Checks

Nessus Plugin ID: 104686 ()

Bugtraq ID:

CVE ID: CVE-2017-10672

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now