Junos OS: Multiple vulnerabilities in libxml2 (JSA10916)
Critical Nessus Plugin ID 121070
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number, the remote Juniper
Junos device is affected by a Multiple vulnerabilities in libxml2:
- Format string vulnerability in libxml2 before 2.9.4 allows
attackers to have unspecified impact via format string
specifiers in unknown vectors.(CVE-2016-4448)
- The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and
earlier, when used in recovery mode, allows context-dependent
attackers to cause a denial of service (infinite recursion, stack
consumption, and application crash) via a crafted XML document.
SolutionApply the relevant Junos software release referenced in Juniper