 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.123687 |
| Category: | Oracle Linux Local Security Checks |
| Title: | Oracle: Security Advisory (ELSA-2013-0581) |
| Summary: | The remote host is missing an update for the 'libxml2' package(s) announced via the ELSA-2013-0581 advisory. |
| Description: | Summary: The remote host is missing an update for the 'libxml2' package(s) announced via the ELSA-2013-0581 advisory. Vulnerability Insight: [2.7.6-12.0.1.el6_4.1] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.7.6-12.el6_4.1] -detect and stop excessive entities expansion upon replacement (rhbz#912574) [2.7.6-12.el6] - fix out of range heap access (CVE-2012-5134) [2.7.6-11.el6] - Change the XPath code to percolate allocation error (CVE-2011-1944) [2.7.6-10.el6] - Fix an off by one pointer access (CVE-2011-3102) [2.7.6-9.el6] - Fix a failure to report xmlreader parsing failures - Fix parser local buffers size problems (rhbz#843742) - Fix entities local buffers size problems (rhbz#843742) - Fix an error in previous commit (rhbz#843742) - Do not fetch external parsed entities - Impose a reasonable limit on attribute size (rhbz#843742) - Impose a reasonable limit on comment size (rhbz#843742) - Impose a reasonable limit on PI size (rhbz#843742) - Cleanups and new limit APIs for dictionaries (rhbz#843742) - Introduce some default parser limits (rhbz#843742) - Implement some default limits in the XPath module - Fixup limits parser (rhbz#843742) - Enforce XML_PARSER_EOF state handling through the parser - Avoid quadratic behaviour in some push parsing cases (rhbz#843742) - More avoid quadratic behaviour (rhbz#843742) - Strengthen behaviour of the push parser in problematic situations (rhbz#843742) - More fixups on the push parser behaviour (rhbz#843742) - Fix a segfault on XSD validation on pattern error - Fix an unimplemented part in RNG value validation Affected Software/OS: 'libxml2' package(s) on Oracle Linux 5, Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-0338 52662 http://secunia.com/advisories/52662 55568 http://secunia.com/advisories/55568 DSA-2652 http://www.debian.org/security/2013/dsa-2652 HPSBGN03302 http://marc.info/?l=bugtraq&m=142798889927587&w=2 MDVSA-2013:056 http://www.mandriva.com/security/advisories?name=MDVSA-2013:056 SSRT101996 SUSE-SU-2013:1627 http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html USN-1782-1 http://www.ubuntu.com/usn/USN-1782-1 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html https://bugzilla.redhat.com/show_bug.cgi?id=912400 https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab openSUSE-SU-2013:0552 http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html openSUSE-SU-2013:0555 http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |