openSUSE Security Update : libxml2 (openSUSE-2016-733)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for libxml2 fixes the following security issues :

- CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A
Heap-buffer overread was fixed in libxml2/dict.c
[bsc#963963, bsc#965283, bsc#981114].

- CVE-2016-4483: Code was added to avoid an out of bound
access when serializing malformed strings [bsc#978395].

- CVE-2016-1762: Fixed a heap-based buffer overread in
xmlNextChar [bsc#981040].

- CVE-2016-1834: Fixed a heap-buffer-overflow in
xmlStrncat [bsc#981041].

- CVE-2016-1833: Fixed a heap-based buffer overread in
htmlCurrentChar [bsc#981108].

- CVE-2016-1835: Fixed a heap use-after-free in
xmlSAX2AttributeNs [bsc#981109].

- CVE-2016-1837: Fixed a heap use-after-free in
htmlParsePubidLiteral and htmlParseSystemiteral
[bsc#981111].

- CVE-2016-1838: Fixed a heap-based buffer overread in
xmlParserPrintFileContextInternal [bsc#981112].

- CVE-2016-1840: Fixed a heap-buffer-overflow in
xmlFAParsePosCharGroup [bsc#981115].

- CVE-2016-4447: Fixed a heap-based buffer-underreads due
to xmlParseName [bsc#981548].

- CVE-2016-4448: Fixed some format string warnings with
possible format string vulnerability [bsc#981549],

- CVE-2016-4449: Fixed inappropriate fetch of entities
content [bsc#981550].

- CVE-2016-3705: Fixed missing increment of recursion
counter.

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=963963
https://bugzilla.opensuse.org/show_bug.cgi?id=965283
https://bugzilla.opensuse.org/show_bug.cgi?id=978395
https://bugzilla.opensuse.org/show_bug.cgi?id=981040
https://bugzilla.opensuse.org/show_bug.cgi?id=981041
https://bugzilla.opensuse.org/show_bug.cgi?id=981108
https://bugzilla.opensuse.org/show_bug.cgi?id=981109
https://bugzilla.opensuse.org/show_bug.cgi?id=981111
https://bugzilla.opensuse.org/show_bug.cgi?id=981112
https://bugzilla.opensuse.org/show_bug.cgi?id=981114
https://bugzilla.opensuse.org/show_bug.cgi?id=981115
https://bugzilla.opensuse.org/show_bug.cgi?id=981548
https://bugzilla.opensuse.org/show_bug.cgi?id=981549
https://bugzilla.opensuse.org/show_bug.cgi?id=981550

Solution :

Update the affected libxml2 packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now