OracleVM 3.3 : libxml2 (OVMSA-2015-0152)

high Nessus Plugin ID 87232


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- Update doc/redhat.gif in tarball

- Add libxml2-oracle-enterprise.patch and update logos in tarball

- Fix a series of CVEs (rhbz#1286495)

- CVE-2015-7941 Cleanup conditional section error handling

- CVE-2015-8317 Fail parsing early on if encoding conversion failed

- CVE-2015-7942 Another variation of overflow in Conditional sections

- CVE-2015-7942 Fix an error in previous Conditional section patch

- Fix parsing short unclosed comment uninitialized access

- CVE-2015-7498 Avoid processing entities after encoding conversion failures

- CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey

- CVE-2015-5312 Another entity expansion issue

- CVE-2015-7499 Add xmlHaltParser to stop the parser

- CVE-2015-7499 Detect incoherency on GROW

- CVE-2015-7500 Fix memory access error due to incorrect entities boundaries

- CVE-2015-8242 Buffer overead with HTML parser in push mode

- Libxml violates the zlib interface and crashes


Update the affected libxml2 / libxml2-python packages.

See Also

Plugin Details

Severity: High

ID: 87232

File Name: oraclevm_OVMSA-2015-0152.nasl

Version: 2.8

Type: local

Published: 12/8/2015

Updated: 1/4/2021

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:libxml2, p-cpe:/a:oracle:vm:libxml2-python, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/7/2015

Vulnerability Publication Date: 11/18/2015

Reference Information

CVE: CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8242, CVE-2015-8317