Test ID:	1.3.6.1.4.1.25623.1.0.840868
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1334-1)
Summary:	The remote host is missing an update for the 'libxml2' package(s) announced via the USN-1334-1 advisory.
Description:	Summary: The remote host is missing an update for the 'libxml2' package(s) announced via the USN-1334-1 advisory. Vulnerability Insight: It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-0216) It was discovered that libxml2 is vulnerable to double-free conditions when parsing certain XML documents. This could allow a remote attacker to cause a denial of service. (CVE-2011-2821, CVE-2011-2834) It was discovered that libxml2 did not properly detect end of file when parsing certain XML documents. An attacker could exploit this to crash applications linked against libxml2. (CVE-2011-3905) It was discovered that libxml2 did not properly decode entity references with long names. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-3919) Affected Software/OS: 'libxml2' package(s) on Ubuntu 8.04, Ubuntu 10.04, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0216 http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html Debian Security Information: DSA-2394 (Google Search) http://www.debian.org/security/2012/dsa-2394 http://www.mandriva.com/security/advisories?name=MDVSA-2011:188 http://www.redhat.com/support/errata/RHSA-2011-1749.html RedHat Security Advisories: RHSA-2013:0217 http://rhn.redhat.com/errata/RHSA-2013-0217.html Common Vulnerability Exposure (CVE) ID: CVE-2011-2821 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html HPdes Security Advisory: HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 HPdes Security Advisory: SSRT100877 http://www.mandriva.com/security/advisories?name=MDVSA-2011:145 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13840 Common Vulnerability Exposure (CVE) ID: CVE-2011-2834 http://osvdb.org/75560 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14410 XForce ISS Database: chrome-libxml-code-execution(69885) https://exchange.xforce.ibmcloud.com/vulnerabilities/69885 Common Vulnerability Exposure (CVE) ID: CVE-2011-3905 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14761 Common Vulnerability Exposure (CVE) ID: CVE-2011-3919 BugTraq ID: 51300 http://www.securityfocus.com/bid/51300 http://www.mandriva.com/security/advisories?name=MDVSA-2012:005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14504 http://www.securitytracker.com/id?1026487 http://secunia.com/advisories/47449 http://secunia.com/advisories/55568 SuSE Security Announcement: SUSE-SU-2013:1627 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.