Test ID:	1.3.6.1.4.1.25623.1.0.845372
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-5422-1)
Summary:	The remote host is missing an update for the 'libxml2' package(s) announced via the USN-5422-1 advisory.
Description:	Summary: The remote host is missing an update for the 'libxml2' package(s) announced via the USN-5422-1 advisory. Vulnerability Insight: Shinji Sato discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. (CVE-2022-23308) It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-29824) Affected Software/OS: 'libxml2' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 21.10, Ubuntu 22.04. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-23308 https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e https://security.netapp.com/advisory/ntap-20220331-0008/ https://support.apple.com/kb/HT213253 https://support.apple.com/kb/HT213254 https://support.apple.com/kb/HT213255 https://support.apple.com/kb/HT213256 https://support.apple.com/kb/HT213257 https://support.apple.com/kb/HT213258 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/ http://seclists.org/fulldisclosure/2022/May/34 http://seclists.org/fulldisclosure/2022/May/38 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/36 http://seclists.org/fulldisclosure/2022/May/37 https://security.gentoo.org/glsa/202210-03 https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS https://www.oracle.com/security-alerts/cpujul2022.html https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html Common Vulnerability Exposure (CVE) ID: CVE-2022-29824 https://security.netapp.com/advisory/ntap-20220715-0006/ Debian Security Information: DSA-5142 (Google Search) https://www.debian.org/security/2022/dsa-5142 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/ http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14 https://gitlab.gnome.org/GNOME/libxslt/-/tags https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.