Test ID:	1.3.6.1.4.1.25623.1.1.10.2016.0187
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2016-0187)
Summary:	The remote host is missing an update for the 'libxml2' package(s) announced via the MGASA-2016-0187 advisory.
Description:	Summary: The remote host is missing an update for the 'libxml2' package(s) announced via the MGASA-2016-0187 advisory. Vulnerability Insight: When running in recovery mode, certain invalid XML documents would trigger an infinite recursion in libxml2 that ran until all stack space was exhausted. This vulnerability could have been used to facilitate a denial-of-sevice attack (CVE-2016-3627). libxml2 limits the number of recursions an XML document can contain so to protect against the 'Billion Laughs' denial-of-service attack. Unfortunately, the underlying counter was not incremented properly in all necessary locations. Therefore, specially crafted XML documents could exhaust all available stack space and crash the XML parser without running into the recursion limit (CVE-2016-3705). Affected Software/OS: 'libxml2' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3627 BugTraq ID: 84992 http://www.securityfocus.com/bid/84992 Debian Security Information: DSA-3593 (Google Search) https://www.debian.org/security/2016/dsa-3593 http://seclists.org/fulldisclosure/2016/May/10 https://security.gentoo.org/glsa/201701-37 http://www.openwall.com/lists/oss-security/2016/03/21/2 http://www.openwall.com/lists/oss-security/2016/03/21/3 RedHat Security Advisories: RHSA-2016:1292 https://access.redhat.com/errata/RHSA-2016:1292 RedHat Security Advisories: RHSA-2016:2957 http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.securitytracker.com/id/1035335 SuSE Security Announcement: openSUSE-SU-2016:1298 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html SuSE Security Announcement: openSUSE-SU-2016:1446 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html http://www.ubuntu.com/usn/USN-2994-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-3705 20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser) 89854 http://www.securityfocus.com/bid/89854 DSA-3593 GLSA-201701-37 RHSA-2016:1292 RHSA-2016:2957 USN-2994-1 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html https://bugzilla.gnome.org/show_bug.cgi?id=765207 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239 https://kc.mcafee.com/corporate/index?page=content&id=SB10170 https://www.tenable.com/security/tns-2016-18 openSUSE-SU-2016:1298 openSUSE-SU-2016:1446
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.