OracleVM 2.1 : libxml2 (OVMSA-2009-0018)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Add bug347316.patch to backport fix for bug#347316 from
upstream version

- Add libxml2-enterprise.patch and update logos in tarball

- Fix a couple of crash (CVE-2009-2414, CVE-2009-2416)

- Resolves: rhbz#515236

- two patches for size overflows problems (CVE-2008-4225,
CVE-2008-4226)

- Resolves: rhbz#470474

- Patch to fix an entity name copy buffer overflow
(CVE-2008-3529)

- Resolves: rhbz#461023

- Better fix for (CVE-2008-3281)

- Resolves: rhbz#458095

- change the patch for CVE-2008-3281 due to ABI issues

- Resolves: rhbz#458095

- Patch to fix recursive entities handling (CVE-2008-3281)

- Resolves: rhbz#458095

- Patch to fix UTF-8 decoding problem (CVE-2007-6284)

- Resolves: rhbz#425933

See also :

http://www.nessus.org/u?4b1b9935
http://www.nessus.org/u?9315a626

Solution :

Update the affected libxml2 / libxml2-python packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 79462 ()

Bugtraq ID: 27248
30783
31126
32326
32331
36010

CVE ID: CVE-2007-6284
CVE-2008-3281
CVE-2008-3529
CVE-2008-4225
CVE-2008-4226
CVE-2009-2414
CVE-2009-2416

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now