Test ID:	1.3.6.1.4.1.25623.1.0.851340
Category:	SuSE Local Security Checks
Title:	openSUSE: Security Advisory for libxml2 (openSUSE-SU-2016:1594-1)
Summary:	The remote host is missing an update for the 'libxml2'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'libxml2' package(s) announced via the referenced advisory. Vulnerability Insight: This update brings libxml2 to version 2.9.4. These security issues were fixed: - CVE-2016-3627: The xmlStringGetNodeList function in tree.c, when used in recovery mode, allowed context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document (bsc#972335). - CVE-2016-1833: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840 (bsc#981108). - CVE-2016-1835: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document (bsc#981109). - CVE-2016-1837: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840 (bsc#981111). - CVE-2016-1836: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, and CVE-2016-1840 (bsc#981110). - CVE-2016-1839: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1840 (bsc#981114). - CVE-2016-1838: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1839, and CVE-2016-1840 (bsc#981112). - CVE-2016-1840: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, and CVE-2016-1839 (bsc#981115). - CVE-2016-4483: out-of-bounds read parsing an XML using recover mode (bnc#978395). - CVE-2016-1834: libxml2 allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2016-1833, CVE-2016-1836, ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: libxml2 on openSUSE 13.2 Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1762 http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html BugTraq ID: 85059 http://www.securityfocus.com/bid/85059 Debian Security Information: DSA-3593 (Google Search) https://www.debian.org/security/2016/dsa-3593 RedHat Security Advisories: RHSA-2016:1292 https://access.redhat.com/errata/RHSA-2016:1292 RedHat Security Advisories: RHSA-2016:2957 http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.securitytracker.com/id/1035353 http://www.ubuntu.com/usn/USN-2994-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-1833 http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html BugTraq ID: 90691 http://www.securityfocus.com/bid/90691 https://bugs.chromium.org/p/project-zero/issues/detail?id=636 http://www.securitytracker.com/id/1035890 Common Vulnerability Exposure (CVE) ID: CVE-2016-1834 Common Vulnerability Exposure (CVE) ID: CVE-2016-1835 BugTraq ID: 90696 http://www.securityfocus.com/bid/90696 Common Vulnerability Exposure (CVE) ID: CVE-2016-1836 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html https://security.gentoo.org/glsa/201701-37 Common Vulnerability Exposure (CVE) ID: CVE-2016-1837 Common Vulnerability Exposure (CVE) ID: CVE-2016-1838 https://bugs.chromium.org/p/project-zero/issues/detail?id=639 Common Vulnerability Exposure (CVE) ID: CVE-2016-1839 http://www.securitytracker.com/id/1038623 Common Vulnerability Exposure (CVE) ID: CVE-2016-1840 Common Vulnerability Exposure (CVE) ID: CVE-2016-3627 BugTraq ID: 84992 http://www.securityfocus.com/bid/84992 http://seclists.org/fulldisclosure/2016/May/10 http://www.openwall.com/lists/oss-security/2016/03/21/2 http://www.openwall.com/lists/oss-security/2016/03/21/3 http://www.securitytracker.com/id/1035335 SuSE Security Announcement: openSUSE-SU-2016:1298 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html SuSE Security Announcement: openSUSE-SU-2016:1446 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html Common Vulnerability Exposure (CVE) ID: CVE-2016-3705 20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser) 89854 http://www.securityfocus.com/bid/89854 DSA-3593 GLSA-201701-37 RHSA-2016:1292 RHSA-2016:2957 USN-2994-1 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html https://bugzilla.gnome.org/show_bug.cgi?id=765207 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239 https://kc.mcafee.com/corporate/index?page=content&id=SB10170 https://www.tenable.com/security/tns-2016-18 openSUSE-SU-2016:1298 openSUSE-SU-2016:1446 Common Vulnerability Exposure (CVE) ID: CVE-2016-4483 BugTraq ID: 90013 http://www.securityfocus.com/bid/90013 http://www.debian.org/security/2016/dsa-3593 https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E http://www.openwall.com/lists/oss-security/2016/05/03/8 http://www.openwall.com/lists/oss-security/2016/05/04/7 http://www.openwall.com/lists/oss-security/2016/06/07/4 http://www.openwall.com/lists/oss-security/2016/06/07/5 http://www.securitytracker.com/id/1036348
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.