EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2017-1070)
Medium Nessus Plugin ID 99936
SynopsisThe remote EulerOS host is missing a security update.
DescriptionAccording to the version of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :
- libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.(CVE-2016-9318)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected libxml2 package.