Test ID:	1.3.6.1.4.1.25623.1.0.61524
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2008:0886
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2008:0886. The libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and write XML and HTML files. A heap-based buffer overflow flaw was found in the way libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-3529) A denial of service flaw was found in the way libxml2 processed certain content. If an application linked against libxml2 processed malformed XML content, it could cause the application to use an excessive amount of CPU time and memory, and stop responding. (CVE-2003-1564) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0886.html http://www.redhat.com/security/updates/classification/#important Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-1564 http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2 http://xmlsoft.org/news.html http://www.stylusstudio.com/xmldev/200302/post20020.html http://mail.gnome.org/archives/xml/2008-August/msg00034.html http://www.redhat.com/support/errata/RHSA-2008-0886.html http://secunia.com/advisories/31868 Common Vulnerability Exposure (CVE) ID: CVE-2008-3529 1020855 http://securitytracker.com/id?1020855 247346 http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1 261688 http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1 265329 http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1 31126 http://www.securityfocus.com/bid/31126 31558 http://secunia.com/advisories/31558 31855 http://secunia.com/advisories/31855 31860 http://secunia.com/advisories/31860 31868 31982 http://secunia.com/advisories/31982 32265 http://secunia.com/advisories/32265 32280 http://secunia.com/advisories/32280 32807 http://secunia.com/advisories/32807 32974 http://secunia.com/advisories/32974 33715 http://secunia.com/advisories/33715 33722 http://secunia.com/advisories/33722 35056 http://secunia.com/advisories/35056 35074 http://secunia.com/advisories/35074 35379 http://secunia.com/advisories/35379 36173 http://secunia.com/advisories/36173 36235 http://secunia.com/advisories/36235 8798 https://www.exploit-db.com/exploits/8798 ADV-2008-2822 http://www.vupen.com/english/advisories/2008/2822 ADV-2009-1297 http://www.vupen.com/english/advisories/2009/1297 ADV-2009-1298 http://www.vupen.com/english/advisories/2009/1298 ADV-2009-1522 http://www.vupen.com/english/advisories/2009/1522 ADV-2009-1621 http://www.vupen.com/english/advisories/2009/1621 APPLE-SA-2009-05-12 http://lists.apple.com/archives/security-announce/2009/May/msg00000.html APPLE-SA-2009-06-08-1 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html APPLE-SA-2009-06-17-1 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html DSA-1654 http://www.debian.org/security/2008/dsa-1654 GLSA-200812-06 http://security.gentoo.org/glsa/glsa-200812-06.xml MDVSA-2008:192 http://www.mandriva.com/security/advisories?name=MDVSA-2008:192 RHSA-2008:0884 http://www.redhat.com/support/errata/RHSA-2008-0884.html RHSA-2008:0886 SUSE-SR:2008:018 http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html USN-644-1 https://usn.ubuntu.com/644-1/ USN-815-1 http://www.ubuntu.com/usn/USN-815-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1 http://support.apple.com/kb/HT3549 http://support.apple.com/kb/HT3550 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm http://wiki.rpath.com/Advisories:rPSA-2008-0325 https://bugzilla.redhat.com/show_bug.cgi?id=461015 libxml2-entitynames-bo(45085) https://exchange.xforce.ibmcloud.com/vulnerabilities/45085 oval:org.mitre.oval:def:11760 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760 oval:org.mitre.oval:def:6103 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.