Junos OS: Multiple vulnerabilities in libxml2 (JSA10916)
Critical Nessus Plugin ID 121070
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number, the remote Juniper Junos device is affected by a Multiple vulnerabilities in libxml2:
- Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.(CVE-2016-4448)
- The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. (CVE-2016-3627)
SolutionApply the relevant Junos software release referenced in Juniper advisory JSA10916.