English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.131140
Category:Mageia Linux Local Security Checks
Title:Mageia: Security Advisory (MGASA-2015-0457)
Summary:The remote host is missing an update for the 'libxml2' package(s) announced via the MGASA-2015-0457 advisory.
Description:Summary:
The remote host is missing an update for the 'libxml2' package(s) announced via the MGASA-2015-0457 advisory.

Vulnerability Insight:
Updated libxml2 packages fix security vulnerabilities:

In libxml2 before 2.9.3, one case where when dealing with entities expansion,
it failed to exit, leading to a denial of service (CVE-2015-5312).

In libxml2 before 2.9.3, it was possible to hit a negative offset in the name
indexing used to randomize the dictionary key generation, causing a heap
buffer overflow in xmlDictComputeFastQKey (CVE-2015-7497).

In libxml2 before 2.9.3, after encoding conversion failures, the parser was
continuing to process to extract more errors, which can potentially lead to
unexpected behaviour (CVE-2015-7498).

In libxml2 before 2.9.3, the parser failed to detect a case where the current
pointer to the input was out of range, leaving it in an incoherent state
(CVE-2015-7499).

In libxml2 before 2.9.3, a memory access error could happen while processing
a start tag due to incorrect entities boundaries (CVE-2015-7500).

In libxml2 before 2.9.3, a buffer overread in xmlNextChar due to extra
processing of MarkupDecl after EOF has been reached (CVE-2015-8241).

In libxml2 before 2.9.3, stack-basedb uffer overead with HTML parser in push
mode (CVE-2015-8242).

In libxml2 before 2.9.3, out of bounds heap reads could happen due to failure
processing the encoding declaration of the XMLDecl in xmlParseEncodingDecl
(CVE-2015-8317).

In libxml2 before 2.9.3, out of bounds memory access via unclosed html
comment (CVE-2015-8710).

Affected Software/OS:
'libxml2' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-5312
1034243
http://www.securitytracker.com/id/1034243
79536
http://www.securityfocus.com/bid/79536
APPLE-SA-2016-03-21-1
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
APPLE-SA-2016-03-21-2
http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
APPLE-SA-2016-03-21-3
http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
APPLE-SA-2016-03-21-5
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
DSA-3430
http://www.debian.org/security/2015/dsa-3430
GLSA-201701-37
https://security.gentoo.org/glsa/201701-37
HPSBGN03537
http://marc.info/?l=bugtraq&m=145382616617563&w=2
RHSA-2015:2549
http://rhn.redhat.com/errata/RHSA-2015-2549.html
RHSA-2015:2550
http://rhn.redhat.com/errata/RHSA-2015-2550.html
RHSA-2016:1089
http://rhn.redhat.com/errata/RHSA-2016-1089.html
USN-2834-1
http://www.ubuntu.com/usn/USN-2834-1
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://xmlsoft.org/news.html
https://bugzilla.redhat.com/show_bug.cgi?id=1276693
https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172
https://support.apple.com/HT206166
https://support.apple.com/HT206167
https://support.apple.com/HT206168
https://support.apple.com/HT206169
openSUSE-SU-2015:2372
http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
openSUSE-SU-2016:0106
http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-7497
79508
http://www.securityfocus.com/bid/79508
https://bugzilla.redhat.com/show_bug.cgi?id=1281862
https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9
Common Vulnerability Exposure (CVE) ID: CVE-2015-7498
79548
http://www.securityfocus.com/bid/79548
https://bugzilla.redhat.com/show_bug.cgi?id=1281879
https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43
Common Vulnerability Exposure (CVE) ID: CVE-2015-7499
79509
http://www.securityfocus.com/bid/79509
https://bugzilla.redhat.com/show_bug.cgi?id=1281925
https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc
https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da
Common Vulnerability Exposure (CVE) ID: CVE-2015-7500
79562
http://www.securityfocus.com/bid/79562
https://bugzilla.redhat.com/show_bug.cgi?id=1281943
https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f
Common Vulnerability Exposure (CVE) ID: CVE-2015-8241
BugTraq ID: 77621
http://www.securityfocus.com/bid/77621
Debian Security Information: DSA-3430 (Google Search)
HPdes Security Advisory: HPSBGN03537
http://www.openwall.com/lists/oss-security/2015/11/17/5
http://www.openwall.com/lists/oss-security/2015/11/18/23
RedHat Security Advisories: RHSA-2015:2549
RedHat Security Advisories: RHSA-2015:2550
RedHat Security Advisories: RHSA-2016:1089
SuSE Security Announcement: openSUSE-SU-2015:2372 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0106 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-8242
BugTraq ID: 77681
http://www.securityfocus.com/bid/77681
Common Vulnerability Exposure (CVE) ID: CVE-2015-8317
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html
BugTraq ID: 91826
http://www.securityfocus.com/bid/91826
https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html
http://www.openwall.com/lists/oss-security/2015/11/21/1
http://www.openwall.com/lists/oss-security/2015/11/22/3
Common Vulnerability Exposure (CVE) ID: CVE-2015-8710
BugTraq ID: 79811
http://www.securityfocus.com/bid/79811
https://hackerone.com/reports/57125#activity-384861
http://www.openwall.com/lists/oss-security/2015/04/19/4
http://www.openwall.com/lists/oss-security/2015/09/13/1
http://www.openwall.com/lists/oss-security/2015/12/31/7
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.