This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
A heap-based buffer overflow was found in how libxml2 handled long XML
entity names. If an application linked against libxml2 processed
untrusted malformed XML content, it could cause the application to
crash or possibly execute arbitrary code (CVE-2008-3529).
The updated packages have been patched to prevent this issue. As well,
the patch to fix CVE-2008-3281 has been updated to remove the
hard-coded entity limit that was set to 5M, instead using XML entity
density heuristics. Many thanks to Daniel Veillard of Red Hat for his
hard work in tracking down and dealing with the edge cases discovered
with the initial fix to this issue.
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true