Test ID:	1.3.6.1.4.1.25623.1.1.2.2023.1271
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1271)
Summary:	The remote host is missing an update for the Huawei EulerOS 'libxml2' package(s) announced via the EulerOS-SA-2023-1271 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'libxml2' package(s) announced via the EulerOS-SA-2023-1271 advisory. Vulnerability Insight: There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.(CVE-2021-3517) There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.(CVE-2021-3518) valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.(CVE-2022-23308) A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.(CVE-2021-3537) This library allows to manipulate XML files. It includes supportto read, modify and write XML and HTML files. There is DTDs supportthis includes parsing and validation even with complex DtDs, eitherat parse time or later once the document has been modified. The outputcan be a simple SAX stream or an(CVE-2021-3541) There's a flaw in libxml2's xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability(CVE-2021-3516) Affected Software/OS: 'libxml2' package(s) on Huawei EulerOS Virtualization 3.0.2.2. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-3516 https://security.netapp.com/advisory/ntap-20210716-0005/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/ https://security.gentoo.org/glsa/202107-05 https://bugzilla.redhat.com/show_bug.cgi?id=1954225 https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539 https://gitlab.gnome.org/GNOME/libxml2/-/issues/230 https://www.oracle.com/security-alerts/cpujan2022.html https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3517 https://security.netapp.com/advisory/ntap-20210625-0002/ https://security.netapp.com/advisory/ntap-20211022-0004/ https://bugzilla.redhat.com/show_bug.cgi?id=1954232 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2021-3518 https://support.apple.com/kb/HT212601 https://support.apple.com/kb/HT212602 https://support.apple.com/kb/HT212604 https://support.apple.com/kb/HT212605 http://seclists.org/fulldisclosure/2021/Jul/54 http://seclists.org/fulldisclosure/2021/Jul/55 http://seclists.org/fulldisclosure/2021/Jul/58 http://seclists.org/fulldisclosure/2021/Jul/59 https://bugzilla.redhat.com/show_bug.cgi?id=1954242 Common Vulnerability Exposure (CVE) ID: CVE-2021-3537 https://bugzilla.redhat.com/show_bug.cgi?id=1956522 Common Vulnerability Exposure (CVE) ID: CVE-2021-3541 https://security.netapp.com/advisory/ntap-20210805-0007/ https://bugzilla.redhat.com/show_bug.cgi?id=1950515 Common Vulnerability Exposure (CVE) ID: CVE-2022-23308 https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e https://security.netapp.com/advisory/ntap-20220331-0008/ https://support.apple.com/kb/HT213253 https://support.apple.com/kb/HT213254 https://support.apple.com/kb/HT213255 https://support.apple.com/kb/HT213256 https://support.apple.com/kb/HT213257 https://support.apple.com/kb/HT213258 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/ http://seclists.org/fulldisclosure/2022/May/34 http://seclists.org/fulldisclosure/2022/May/38 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/36 http://seclists.org/fulldisclosure/2022/May/37 https://security.gentoo.org/glsa/202210-03 https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.