SynopsisThe remote CentOS host is missing one or more security updates.
DescriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1190 advisory.
- libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)
- libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)
- libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)
- libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)
- libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)
- libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpdate the affected libxml2 packages.