ID de Prueba:	1.3.6.1.4.1.25623.1.0.883387
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for libxml2 (CESA-2020:3996)
Resumen:	The remote host is missing an update for the 'libxml2'; package(s) announced via the CESA-2020:3996 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libxml2' package(s) announced via the CESA-2020:3996 advisory. Vulnerability Insight: The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956) * libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388) * libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. Affected Software/OS: 'libxml2' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-19956 https://security.netapp.com/advisory/ntap-20200114-0002/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/ https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549 https://www.oracle.com/security-alerts/cpujul2020.html https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html SuSE Security Announcement: openSUSE-SU-2020:0681 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html SuSE Security Announcement: openSUSE-SU-2020:0781 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html https://usn.ubuntu.com/4274-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-20388 https://security.netapp.com/advisory/ntap-20200702-0005/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/ https://security.gentoo.org/glsa/202010-04 https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://www.oracle.com/security-alerts/cpuoct2021.html Common Vulnerability Exposure (CVE) ID: CVE-2020-7595 https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08 https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.