Mandriva Linux Security Advisory : libxml2 (MDVSA-2008:192)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

A heap-based buffer overflow was found in how libxml2 handled long XML
entity names. If an application linked against libxml2 processed
untrusted malformed XML content, it could cause the application to
crash or possibly execute arbitrary code (CVE-2008-3529).

The updated packages have been patched to prevent this issue. As well,
the patch to fix CVE-2008-3281 has been updated to remove the
hard-coded entity limit that was set to 5M, instead using XML entity
density heuristics. Many thanks to Daniel Veillard of Red Hat for his
hard work in tracking down and dealing with the edge cases discovered
with the initial fix to this issue.

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 38013 (mandriva_MDVSA-2008-192.nasl)

Bugtraq ID: 30783
31126

CVE ID: CVE-2008-3281
CVE-2008-3529

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now