Detections
Analytics
FreeBSD : libxml2 -- multiple vulnerabilities (e5423caf-8fb8-11e5-918c-bcaec565249c)
high Nessus Plugin ID 87000
Language:
Synopsis
The remote FreeBSD host is missing a security-related update.Description
reports :CVE-2015-5312 Another entity expansion issue (David Drysdale).
CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey (David Drysdale).
CVE-2015-7498 Avoid processing entities after encoding conversion failures (Daniel Veillard).
CVE-2015-7499 (1) Add xmlHaltParser() to stop the parser (Daniel Veillard).
CVE-2015-7499 (2) Detect incoherency on GROW (Daniel Veillard).
CVE-2015-7500 Fix memory access error due to incorrect entities boundaries (Daniel Veillard).
CVE-2015-7941 (1) Stop parsing on entities boundaries errors (Daniel Veillard).
CVE-2015-7941 (2) Cleanup conditional section error handling (Daniel Veillard).
CVE-2015-7942 Another variation of overflow in Conditional sections (Daniel Veillard).
CVE-2015-7942 (2) Fix an error in previous Conditional section patch (Daniel Veillard).
CVE-2015-8035 Fix XZ compression support loop (Daniel Veillard).
CVE-2015-8242 Buffer overead with HTML parser in push mode (Hugh Davenport)
Solution
Update the affected package.See Also
Plugin Details
Severity: High
ID: 87000
File Name: freebsd_pkg_e5423caf8fb811e5918cbcaec565249c.nasl
Version: 2.9
Type: local
Family: FreeBSD Local Security Checks
Published: 11/23/2015
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:libxml2, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Patch Publication Date: 11/20/2015
Vulnerability Publication Date: 11/20/2015
Reference Information
CVE: CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8035, CVE-2015-8241, CVE-2015-8242