EulerOS Virtualization 2.5.0 : libxml2 (EulerOS-SA-2018-1258)
High Nessus Plugin ID 117567
SynopsisThe remote EulerOS Virtualization host is missing multiple security updates.
DescriptionAccording to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :
- A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android.
Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.(CVE-2017-0663)
- parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.(CVE-2017-16931)
- parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.(CVE-2017-16932)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected libxml2 packages.