Test ID:	1.3.6.1.4.1.25623.1.1.2.2019.2063
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2019-2063)
Summary:	The remote host is missing an update for the Huawei EulerOS 'expat' package(s) announced via the EulerOS-SA-2019-2063 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'expat' package(s) announced via the EulerOS-SA-2019-2063 advisory. Vulnerability Insight: In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).(CVE-2018-20843) ( Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.(CVE-2015-1283) The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472) The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.(CVE-2016-5300) Affected Software/OS: 'expat' package(s) on Huawei EulerOS V2.0SP3. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1283 BugTraq ID: 75973 http://www.securityfocus.com/bid/75973 Debian Security Information: DSA-3315 (Google Search) http://www.debian.org/security/2015/dsa-3315 Debian Security Information: DSA-3318 (Google Search) http://www.debian.org/security/2015/dsa-3318 https://security.gentoo.org/glsa/201603-09 https://security.gentoo.org/glsa/201701-21 RedHat Security Advisories: RHSA-2015:1499 http://rhn.redhat.com/errata/RHSA-2015-1499.html http://www.securitytracker.com/id/1033031 SuSE Security Announcement: SUSE-SU-2016:1508 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html SuSE Security Announcement: SUSE-SU-2016:1512 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html SuSE Security Announcement: openSUSE-SU-2015:1287 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html SuSE Security Announcement: openSUSE-SU-2016:1441 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html SuSE Security Announcement: openSUSE-SU-2016:1523 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html http://www.ubuntu.com/usn/USN-2726-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-4472 91528 http://www.securityfocus.com/bid/91528 GLSA-201701-21 USN-3013-1 http://www.ubuntu.com/usn/USN-3013-1 https://bugzilla.redhat.com/show_bug.cgi?id=1344251 https://kc.mcafee.com/corporate/index?page=content&id=SB10365 https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde https://www.tenable.com/security/tns-2016-20 Common Vulnerability Exposure (CVE) ID: CVE-2016-5300 BugTraq ID: 91159 http://www.securityfocus.com/bid/91159 Debian Security Information: DSA-3597 (Google Search) http://www.debian.org/security/2016/dsa-3597 https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E http://www.openwall.com/lists/oss-security/2016/06/04/4 http://www.openwall.com/lists/oss-security/2016/06/04/5 http://www.ubuntu.com/usn/USN-3010-1 Common Vulnerability Exposure (CVE) ID: CVE-2018-20843 Bugtraq: 20190628 [SECURITY] [DSA 4472-1] expat security update (Google Search) https://seclists.org/bugtraq/2019/Jun/39 https://security.netapp.com/advisory/ntap-20190703-0001/ https://support.f5.com/csp/article/K51011533 https://www.tenable.com/security/tns-2021-11 Debian Security Information: DSA-4472 (Google Search) https://www.debian.org/security/2019/dsa-4472 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/ https://security.gentoo.org/glsa/201911-08 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226 https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes https://github.com/libexpat/libexpat/issues/186 https://github.com/libexpat/libexpat/pull/262 https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/security-alerts/cpuoct2021.html https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html SuSE Security Announcement: openSUSE-SU-2019:1777 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html https://usn.ubuntu.com/4040-1/ https://usn.ubuntu.com/4040-2/
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.