FreeBSD : libxml2 -- multiple vulnerabilities (e5423caf-8fb8-11e5-918c-bcaec565249c)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

reports :

CVE-2015-5312 Another entity expansion issue (David Drysdale).

CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey
(David Drysdale).

CVE-2015-7498 Avoid processing entities after encoding conversion
failures (Daniel Veillard).

CVE-2015-7499 (1) Add xmlHaltParser() to stop the parser (Daniel
Veillard).

CVE-2015-7499 (2) Detect incoherency on GROW (Daniel Veillard).

CVE-2015-7500 Fix memory access error due to incorrect entities
boundaries (Daniel Veillard).

CVE-2015-7941 (1) Stop parsing on entities boundaries errors (Daniel
Veillard).

CVE-2015-7941 (2) Cleanup conditional section error handling (Daniel
Veillard).

CVE-2015-7942 Another variation of overflow in Conditional sections
(Daniel Veillard).

CVE-2015-7942 (2) Fix an error in previous Conditional section patch
(Daniel Veillard).

CVE-2015-8035 Fix XZ compression support loop (Daniel Veillard).

CVE-2015-8242 Buffer overead with HTML parser in push mode (Hugh
Davenport)

See also :

http://xmlsoft.org/news.html
http://www.openwall.com/lists/oss-security/2015/11/18/23
http://www.nessus.org/u?e1dda4d9

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 87000 ()

Bugtraq ID:

CVE ID: CVE-2015-5312
CVE-2015-7497
CVE-2015-7498
CVE-2015-7499
CVE-2015-7500
CVE-2015-7941
CVE-2015-7942
CVE-2015-8035
CVE-2015-8241
CVE-2015-8242

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now