Test ID:	1.3.6.1.4.1.25623.1.1.4.2016.0030.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2016:0030-1)
Summary:	The remote host is missing an update for the 'libxml2' package(s) announced via the SUSE-SU-2016:0030-1 advisory.
Description:	Summary: The remote host is missing an update for the 'libxml2' package(s) announced via the SUSE-SU-2016:0030-1 advisory. Vulnerability Insight: This update fixes the following security issues: * CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193] * CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734] * CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735] * CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018] * CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021] * CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260] * CVE-2015-5312 Fix another entity expansion issue [bnc#957105] * CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106] * CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107] * CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109] * CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110] Affected Software/OS: 'libxml2' package(s) on SUSE Linux Enterprise Desktop 11-SP3, SUSE Linux Enterprise Desktop 11-SP4, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server for SAP Applications 11-SP3, SUSE Linux Enterprise Server for SAP Applications 11-SP4. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1819 1034243 http://www.securitytracker.com/id/1034243 75570 http://www.securityfocus.com/bid/75570 APPLE-SA-2016-03-21-1 http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html APPLE-SA-2016-03-21-2 http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html APPLE-SA-2016-03-21-3 http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html APPLE-SA-2016-03-21-5 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html DSA-3430 http://www.debian.org/security/2015/dsa-3430 FEDORA-2015-037f844d3e http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html FEDORA-2015-c24af963a2 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html GLSA-201507-08 https://security.gentoo.org/glsa/201507-08 GLSA-201701-37 https://security.gentoo.org/glsa/201701-37 RHSA-2015:1419 http://rhn.redhat.com/errata/RHSA-2015-1419.html RHSA-2015:2550 http://rhn.redhat.com/errata/RHSA-2015-2550.html USN-2812-1 http://www.ubuntu.com/usn/USN-2812-1 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://xmlsoft.org/news.html https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9 https://support.apple.com/HT206166 https://support.apple.com/HT206167 https://support.apple.com/HT206168 https://support.apple.com/HT206169 openSUSE-SU-2015:2372 http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html openSUSE-SU-2016:0106 http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html Common Vulnerability Exposure (CVE) ID: CVE-2015-5312 79536 http://www.securityfocus.com/bid/79536 HPSBGN03537 http://marc.info/?l=bugtraq&m=145382616617563&w=2 RHSA-2015:2549 http://rhn.redhat.com/errata/RHSA-2015-2549.html RHSA-2016:1089 http://rhn.redhat.com/errata/RHSA-2016-1089.html USN-2834-1 http://www.ubuntu.com/usn/USN-2834-1 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html https://bugzilla.redhat.com/show_bug.cgi?id=1276693 https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172 Common Vulnerability Exposure (CVE) ID: CVE-2015-7497 79508 http://www.securityfocus.com/bid/79508 https://bugzilla.redhat.com/show_bug.cgi?id=1281862 https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9 Common Vulnerability Exposure (CVE) ID: CVE-2015-7498 79548 http://www.securityfocus.com/bid/79548 https://bugzilla.redhat.com/show_bug.cgi?id=1281879 https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43 Common Vulnerability Exposure (CVE) ID: CVE-2015-7499 79509 http://www.securityfocus.com/bid/79509 https://bugzilla.redhat.com/show_bug.cgi?id=1281925 https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da Common Vulnerability Exposure (CVE) ID: CVE-2015-7500 79562 http://www.securityfocus.com/bid/79562 https://bugzilla.redhat.com/show_bug.cgi?id=1281943 https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f Common Vulnerability Exposure (CVE) ID: CVE-2015-7941 BugTraq ID: 74241 http://www.securityfocus.com/bid/74241 Debian Security Information: DSA-3430 (Google Search) http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html HPdes Security Advisory: HPSBGN03537 http://www.openwall.com/lists/oss-security/2015/10/22/5 http://www.openwall.com/lists/oss-security/2015/10/22/8 RedHat Security Advisories: RHSA-2015:2549 RedHat Security Advisories: RHSA-2015:2550 RedHat Security Advisories: RHSA-2016:1089 SuSE Security Announcement: openSUSE-SU-2015:2372 (Google Search) SuSE Security Announcement: openSUSE-SU-2016:0106 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2015-7942 BugTraq ID: 79507 http://www.securityfocus.com/bid/79507 Common Vulnerability Exposure (CVE) ID: CVE-2015-8241 BugTraq ID: 77621 http://www.securityfocus.com/bid/77621 http://www.openwall.com/lists/oss-security/2015/11/17/5 http://www.openwall.com/lists/oss-security/2015/11/18/23 Common Vulnerability Exposure (CVE) ID: CVE-2015-8242 BugTraq ID: 77681 http://www.securityfocus.com/bid/77681 Common Vulnerability Exposure (CVE) ID: CVE-2015-8317 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html BugTraq ID: 91826 http://www.securityfocus.com/bid/91826 https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html http://www.openwall.com/lists/oss-security/2015/11/21/1 http://www.openwall.com/lists/oss-security/2015/11/22/3
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.