Test ID:	1.3.6.1.4.1.25623.1.0.882149
Category:	CentOS Local Security Checks
Title:	CentOS Update for libxml2 CESA-2015:0749 centos7
Summary:	Check the version of libxml2
Description:	Summary: Check the version of libxml2 Vulnerability Insight: The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. Affected Software/OS: libxml2 on CentOS 7 Solution: Please install the updated packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0191 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html BugTraq ID: 67233 http://www.securityfocus.com/bid/67233 RedHat Security Advisories: RHSA-2015:0749 http://rhn.redhat.com/errata/RHSA-2015-0749.html SuSE Security Announcement: openSUSE-SU-2015:2372 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html XForce ISS Database: libxml2-cve20140191-dos(93092) https://exchange.xforce.ibmcloud.com/vulnerabilities/93092
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.