openSUSE Security Update : libxml2 (openSUSE-2016-32)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

- security update: This update fixes the following
security issues :

- CVE-2015-1819 Enforce the reader to run in constant
memory [bnc#928193]

- CVE-2015-7941 Fix out of bound read with crafted xml
input by stopping parsing on entities boundaries errors
[bnc#951734]

- CVE-2015-7942 Fix another variation of overflow in
Conditional sections [bnc#951735]

- CVE-2015-8241 Avoid extra processing of MarkupDecl when
EOF [bnc#956018]

- CVE-2015-8242 Buffer overead with HTML parser in push
mode [bnc#956021]

- CVE-2015-8317 Return if the encoding declaration is
broken or encoding conversion failed [bnc#956260]

- CVE-2015-5312 Fix another entity expansion issue
[bnc#957105]

- CVE-2015-7497 Avoid an heap buffer overflow in
xmlDictComputeFastQKey [bnc#957106]

- CVE-2015-7498 Processes entities after encoding
conversion failures [bnc#957107]

- CVE-2015-7499 Add xmlHaltParser() to stop the parser /
Detect incoherency on GROW [bnc#957109]

- CVE-2015-8317 Multiple out-of-bound read could lead to
denial of service [bnc#956260]

- CVE-2015-8035 DoS when parsing specially crafted XML
document if XZ support is enabled [bnc#954429]

- CVE-2015-7500 Fix memory access error due to incorrect
entities boundaries [bnc#957110] This update was
imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=928193
https://bugzilla.opensuse.org/show_bug.cgi?id=951734
https://bugzilla.opensuse.org/show_bug.cgi?id=951735
https://bugzilla.opensuse.org/show_bug.cgi?id=954429
https://bugzilla.opensuse.org/show_bug.cgi?id=956018
https://bugzilla.opensuse.org/show_bug.cgi?id=956021
https://bugzilla.opensuse.org/show_bug.cgi?id=956260
https://bugzilla.opensuse.org/show_bug.cgi?id=957105
https://bugzilla.opensuse.org/show_bug.cgi?id=957106
https://bugzilla.opensuse.org/show_bug.cgi?id=957107
https://bugzilla.opensuse.org/show_bug.cgi?id=957109
https://bugzilla.opensuse.org/show_bug.cgi?id=957110

Solution :

Update the affected libxml2 packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now