openSUSE Security Update : libxml2 (openSUSE-2016-733)
critical Nessus Plugin ID 91639
Language:
New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.
VPR Score: 6.7
Synopsis
The remote openSUSE host is missing a security update.Description
This update for libxml2 fixes the following security issues :- CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114].
- CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc#978395].
- CVE-2016-1762: Fixed a heap-based buffer overread in xmlNextChar [bsc#981040].
- CVE-2016-1834: Fixed a heap-buffer-overflow in xmlStrncat [bsc#981041].
- CVE-2016-1833: Fixed a heap-based buffer overread in htmlCurrentChar [bsc#981108].
- CVE-2016-1835: Fixed a heap use-after-free in xmlSAX2AttributeNs [bsc#981109].
- CVE-2016-1837: Fixed a heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral [bsc#981111].
- CVE-2016-1838: Fixed a heap-based buffer overread in xmlParserPrintFileContextInternal [bsc#981112].
- CVE-2016-1840: Fixed a heap-buffer-overflow in xmlFAParsePosCharGroup [bsc#981115].
- CVE-2016-4447: Fixed a heap-based buffer-underreads due to xmlParseName [bsc#981548].
- CVE-2016-4448: Fixed some format string warnings with possible format string vulnerability [bsc#981549],
- CVE-2016-4449: Fixed inappropriate fetch of entities content [bsc#981550].
- CVE-2016-3705: Fixed missing increment of recursion counter.
This update was imported from the SUSE:SLE-12:Update update project.
Solution
Update the affected libxml2 packages.See Also
https://bugzilla.opensuse.org/show_bug.cgi?id=963963
https://bugzilla.opensuse.org/show_bug.cgi?id=965283
https://bugzilla.opensuse.org/show_bug.cgi?id=978395
https://bugzilla.opensuse.org/show_bug.cgi?id=981040
https://bugzilla.opensuse.org/show_bug.cgi?id=981041
https://bugzilla.opensuse.org/show_bug.cgi?id=981108
https://bugzilla.opensuse.org/show_bug.cgi?id=981109
https://bugzilla.opensuse.org/show_bug.cgi?id=981111
https://bugzilla.opensuse.org/show_bug.cgi?id=981112
https://bugzilla.opensuse.org/show_bug.cgi?id=981114
https://bugzilla.opensuse.org/show_bug.cgi?id=981115
https://bugzilla.opensuse.org/show_bug.cgi?id=981548
Plugin Details
Severity: Critical
ID: 91639
File Name: openSUSE-2016-733.nasl
Version: 2.5
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 6/17/2016
Updated: 1/19/2021
Dependencies: 12634
Risk Information
Risk Factor: Critical
VPR Score: 6.7
CVSS v2.0
Base Score: 10
Temporal Score: 7.8
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal Vector: E:POC/RL:OF/RC:C
CVSS v3.0
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:libxml2-2, p-cpe:/a:novell:opensuse:libxml2-2-32bit, p-cpe:/a:novell:opensuse:libxml2-2-debuginfo, p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit, p-cpe:/a:novell:opensuse:libxml2-debugsource, p-cpe:/a:novell:opensuse:libxml2-devel, p-cpe:/a:novell:opensuse:libxml2-devel-32bit, p-cpe:/a:novell:opensuse:libxml2-tools, p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo, p-cpe:/a:novell:opensuse:python-libxml2, p-cpe:/a:novell:opensuse:python-libxml2-debuginfo, p-cpe:/a:novell:opensuse:python-libxml2-debugsource, cpe:/o:novell:opensuse:42.1
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/16/2016
Reference Information
CVE: CVE-2015-8806, CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-2073, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483