Test ID:	1.3.6.1.4.1.25623.1.1.4.2013.1625.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2013:1625-1)
Summary:	The remote host is missing an update for the 'libxml2' package(s) announced via the SUSE-SU-2013:1625-1 advisory.
Description:	Summary: The remote host is missing an update for the 'libxml2' package(s) announced via the SUSE-SU-2013:1625-1 advisory. Vulnerability Insight: This is a LTSS rollup update for the libxml2 library that fixes various security issues. * CVE-2013-2877: parser.c in libxml2 allowed remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. * CVE-2013-0338: libxml2 allowed context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka 'internal entity expansion' with linear complexity. * CVE-2012-5134: Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. * CVE-2012-2807: Multiple integer overflows in libxml2 on 64-bit Linux platforms allowed remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. * CVE-2011-3102: Off-by-one error in libxml2 allowed remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. * CVE-2012-0841: libxml2 computed hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. * CVE-2011-3919: A heap-based buffer overflow during decoding of entity references with overly long names has been fixed. Security Issue references: * CVE-2013-0338 > * CVE-2013-0339 > * CVE-2012-5134 > * CVE-2012-2807 > * CVE-2011-3102 > * CVE-2012-0841 > * CVE-2011-3919 > * CVE-2013-2877 > Affected Software/OS: 'libxml2' package(s) on SUSE Linux Enterprise Server 10-SP3. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3102 http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html BugTraq ID: 53540 http://www.securityfocus.com/bid/53540 Debian Security Information: DSA-2479 (Google Search) http://www.debian.org/security/2012/dsa-2479 http://www.mandriva.com/security/advisories?name=MDVSA-2012:098 http://www.mandriva.com/security/advisories?name=MDVSA-2013:056 RedHat Security Advisories: RHSA-2013:0217 http://rhn.redhat.com/errata/RHSA-2013-0217.html http://www.securitytracker.com/id?1027067 http://secunia.com/advisories/49243 http://secunia.com/advisories/50658 http://secunia.com/advisories/54886 http://secunia.com/advisories/55568 SuSE Security Announcement: SUSE-SU-2013:1627 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html SuSE Security Announcement: openSUSE-SU-2012:0656 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html SuSE Security Announcement: openSUSE-SU-2012:0731 (Google Search) https://lists.opensuse.org/opensuse-updates/2012-06/msg00011.html XForce ISS Database: google-chrome-libxml-code-exec(75607) https://exchange.xforce.ibmcloud.com/vulnerabilities/75607 Common Vulnerability Exposure (CVE) ID: CVE-2011-3919 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html BugTraq ID: 51300 http://www.securityfocus.com/bid/51300 Debian Security Information: DSA-2394 (Google Search) http://www.debian.org/security/2012/dsa-2394 http://www.mandriva.com/security/advisories?name=MDVSA-2012:005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14504 http://www.securitytracker.com/id?1026487 http://secunia.com/advisories/47449 Common Vulnerability Exposure (CVE) ID: CVE-2012-0841 1026723 http://securitytracker.com/id?1026723 52107 http://www.securityfocus.com/bid/52107 54886 55568 APPLE-SA-2013-09-18-2 APPLE-SA-2013-10-22-8 DSA-2417 http://www.debian.org/security/2012/dsa-2417 MDVSA-2013:150 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 RHSA-2012:0324 http://rhn.redhat.com/errata/RHSA-2012-0324.html RHSA-2013:0217 SUSE-SU-2013:1627 [oss-security] 20120222 libxml2: hash table collisions CPU usage DoS http://www.openwall.com/lists/oss-security/2012/02/22/1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846 http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a http://support.apple.com/kb/HT5934 http://support.apple.com/kb/HT6001 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf http://xmlsoft.org/news.html https://blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_of Common Vulnerability Exposure (CVE) ID: CVE-2012-2807 BugTraq ID: 54718 http://www.securityfocus.com/bid/54718 Debian Security Information: DSA-2521 (Google Search) http://www.debian.org/security/2012/dsa-2521 http://www.mandriva.com/security/advisories?name=MDVSA-2012:126 http://secunia.com/advisories/50800 SuSE Security Announcement: openSUSE-SU-2012:0813 (Google Search) https://hermes.opensuse.org/messages/15075728 SuSE Security Announcement: openSUSE-SU-2012:0975 (Google Search) https://hermes.opensuse.org/messages/15375990 http://www.ubuntu.com/usn/USN-1587-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-5134 BugTraq ID: 56684 http://www.securityfocus.com/bid/56684 Debian Security Information: DSA-2580 (Google Search) http://www.debian.org/security/2012/dsa-2580 RedHat Security Advisories: RHSA-2012:1512 http://rhn.redhat.com/errata/RHSA-2012-1512.html http://www.securitytracker.com/id?1027815 http://secunia.com/advisories/51448 SuSE Security Announcement: openSUSE-SU-2012:1637 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html SuSE Security Announcement: openSUSE-SU-2013:0178 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00023.html http://www.ubuntu.com/usn/USN-1656-1 XForce ISS Database: google-libxml-buffer-underflow(80294) https://exchange.xforce.ibmcloud.com/vulnerabilities/80294 Common Vulnerability Exposure (CVE) ID: CVE-2013-0338 52662 http://secunia.com/advisories/52662 DSA-2652 http://www.debian.org/security/2013/dsa-2652 HPSBGN03302 http://marc.info/?l=bugtraq&m=142798889927587&w=2 MDVSA-2013:056 SSRT101996 USN-1782-1 http://www.ubuntu.com/usn/USN-1782-1 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html https://bugzilla.redhat.com/show_bug.cgi?id=912400 https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab openSUSE-SU-2013:0552 http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html openSUSE-SU-2013:0555 http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html Common Vulnerability Exposure (CVE) ID: CVE-2013-0339 54172 http://secunia.com/advisories/54172 USN-1904-1 http://www.ubuntu.com/usn/USN-1904-1 USN-1904-2 http://www.ubuntu.com/usn/USN-1904-2 [oss-security] 20130221 CVE Guidance for Libraries and Resource-Consumption DoS http://openwall.com/lists/oss-security/2013/02/21/24 [oss-security] 20130221 CVEs for libxml2 and expat internal and external XML entity expansion http://openwall.com/lists/oss-security/2013/02/22/3 [oss-security] 20130412 Re-evaluating expat/libxml2 CVE assignments http://www.openwall.com/lists/oss-security/2013/04/12/6 [oss-security] 20131028 Re: CVE Request: libxml2 external parsed entities issue http://seclists.org/oss-sec/2013/q4/182 [oss-security] 20131029 Re: CVE Request: libxml2 external parsed entities issue http://seclists.org/oss-sec/2013/q4/184 http://seclists.org/oss-sec/2013/q4/188 https://bugzilla.redhat.com/show_bug.cgi?id=915149 https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f Common Vulnerability Exposure (CVE) ID: CVE-2013-2877 BugTraq ID: 61050 http://www.securityfocus.com/bid/61050 Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/534161/100/0/threaded Debian Security Information: DSA-2724 (Google Search) http://www.debian.org/security/2013/dsa-2724 Debian Security Information: DSA-2779 (Google Search) http://www.debian.org/security/2013/dsa-2779 http://seclists.org/fulldisclosure/2014/Dec/23 SuSE Security Announcement: openSUSE-SU-2013:1221 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-07/msg00063.html SuSE Security Announcement: openSUSE-SU-2013:1246 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-07/msg00077.html
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.