Vulnerabilities > CVE-2011-2821 - Double Free vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_10_7_4.NASL description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.4. The newer version contains numerous security-related fixes for the following components : - Login Window - Bluetooth - curl - HFS - Kernel - libarchive - libsecurity - libxml - LoginUIFramework - PHP - Quartz Composer - QuickTime - Ruby - Security Framework - Time Machine - X11 Note that this update addresses the recent FileVault password vulnerability, in which user passwords are stored in plaintext to a system-wide debug log if the legacy version of FileVault is used to encrypt user directories after a system upgrade to Lion. Since the patch only limits further exposure, though, we recommend that all users on the system change their passwords if user folders were encrypted using the legacy version of FileVault prior to and after an upgrade to OS X 10.7. last seen 2020-06-01 modified 2020-06-02 plugin id 59066 published 2012-05-10 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59066 title Mac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); # Avoid problems with large number of xrefs. include("compat.inc"); if (description) { script_id(59066); script_version("1.27"); script_cvs_date("Date: 2018/07/16 12:48:31"); script_cve_id( "CVE-2011-1004", "CVE-2011-1005", "CVE-2011-1777", "CVE-2011-1778", "CVE-2011-1944", "CVE-2011-2821", "CVE-2011-2834", "CVE-2011-2895", "CVE-2011-3212", "CVE-2011-3389", "CVE-2011-3919", "CVE-2011-4566", "CVE-2011-4815", "CVE-2011-4885", "CVE-2012-0036", "CVE-2012-0642", "CVE-2012-0649", "CVE-2012-0652", "CVE-2012-0654", "CVE-2012-0655", "CVE-2012-0656", "CVE-2012-0657", "CVE-2012-0658", "CVE-2012-0659", "CVE-2012-0660", "CVE-2012-0661", "CVE-2012-0662", "CVE-2012-0675", "CVE-2012-0830" ); script_bugtraq_id( 46458, 46460, 47737, 48056, 49124, 49279, 49658, 49778, 50907, 51193, 51198, 51300, 51665, 51830, 52364, 53456, 53457, 53459, 53462, 53465, 53466, 53467, 53468, 53469, 53470, 53471, 53473 ); script_xref(name:"TRA", value:"TRA-2012-02"); script_xref(name:"CERT", value:"864643"); script_xref(name:"ZDI", value:"ZDI-12-135"); script_name(english:"Mac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST)"); script_summary(english:"Check the version of Mac OS X."); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes several security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.4. The newer version contains numerous security-related fixes for the following components : - Login Window - Bluetooth - curl - HFS - Kernel - libarchive - libsecurity - libxml - LoginUIFramework - PHP - Quartz Composer - QuickTime - Ruby - Security Framework - Time Machine - X11 Note that this update addresses the recent FileVault password vulnerability, in which user passwords are stored in plaintext to a system-wide debug log if the legacy version of FileVault is used to encrypt user directories after a system upgrade to Lion. Since the patch only limits further exposure, though, we recommend that all users on the system change their passwords if user folders were encrypted using the legacy version of FileVault prior to and after an upgrade to OS X 10.7." ); script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2012-02"); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT5281"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"); script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-12-135"); script_set_attribute(attribute:"see_also", value:"http://seclists.org/fulldisclosure/2012/Aug/64"); script_set_attribute(attribute:"see_also", value:"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/~bodo/tls-cbc.txt"); script_set_attribute( attribute:"solution", value:"Upgrade to Mac OS X 10.7.4 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/18"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/10"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_set_attribute(attribute:"in_the_news", value:"true"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item("Host/OS"); if (isnull(os)) exit(0, "The 'Host/OS' KB item is missing."); if ("Mac OS X" >!< os) exit(0, "The host does not appear to be running Mac OS X."); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); } if (!os) exit(0, "The host does not appear to be running Mac OS X."); if (ereg(pattern:"Mac OS X 10\.7($|\.[0-3]([^0-9]|$))", string:os)) security_hole(0); else exit(0, "The host is not affected as it is running "+os+".");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1749.NASL description Updated libxml2 packages that fix several security issues and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) Multiple flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. This update also fixes the following bugs : * A number of patches have been applied to harden the XPath processing code in libxml2, such as fixing memory leaks, rounding errors, XPath numbers evaluations, and a potential error in encoding conversion. (BZ#732335) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 57022 published 2011-12-06 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57022 title RHEL 6 : libxml2 (RHSA-2011:1749) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2011:1749. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(57022); script_version ("1.23"); script_cvs_date("Date: 2019/10/25 13:36:16"); script_cve_id("CVE-2010-4008", "CVE-2010-4494", "CVE-2011-0216", "CVE-2011-1944", "CVE-2011-2821", "CVE-2011-2834"); script_bugtraq_id(44779, 45617, 48056, 48832, 49279, 49658); script_xref(name:"RHSA", value:"2011:1749"); script_name(english:"RHEL 6 : libxml2 (RHSA-2011:1749)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated libxml2 packages that fix several security issues and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) Multiple flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. This update also fixes the following bugs : * A number of patches have been applied to harden the XPath processing code in libxml2, such as fixing memory leaks, rounding errors, XPath numbers evaluations, and a potential error in encoding conversion. (BZ#732335) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-4008" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-4494" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-0216" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1944" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2821" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2834" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2011:1749" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/16"); script_set_attribute(attribute:"patch_publication_date", value:"2011/12/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2011:1749"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"libxml2-2.7.6-4.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"libxml2-debuginfo-2.7.6-4.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"libxml2-devel-2.7.6-4.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libxml2-python-2.7.6-4.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libxml2-python-2.7.6-4.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libxml2-python-2.7.6-4.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libxml2-static-2.7.6-4.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libxml2-static-2.7.6-4.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libxml2-static-2.7.6-4.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc"); } }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0217.NASL description Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 64391 published 2013-02-01 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64391 title RHEL 6 : mingw32-libxml2 (RHSA-2013:0217) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0217. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(64391); script_version("1.27"); script_cvs_date("Date: 2019/10/24 15:35:36"); script_cve_id("CVE-2010-4008", "CVE-2010-4494", "CVE-2011-0216", "CVE-2011-1944", "CVE-2011-2821", "CVE-2011-2834", "CVE-2011-3102", "CVE-2011-3905", "CVE-2011-3919", "CVE-2012-0841", "CVE-2012-5134"); script_xref(name:"RHSA", value:"2013:0217"); script_name(english:"RHEL 6 : mingw32-libxml2 (RHSA-2013:0217)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat's discretion and these packages may be removed in a future minor release. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of mingw32-libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:0217" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-0216" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-4008" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1944" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2834" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2821" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-4494" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-3919" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-3905" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0841" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-3102" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-5134" ); script_set_attribute( attribute:"solution", value: "Update the affected mingw32-libxml2, mingw32-libxml2-debuginfo and / or mingw32-libxml2-static packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mingw32-libxml2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mingw32-libxml2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mingw32-libxml2-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:0217"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"mingw32-libxml2-2.7.6-6.el6_3")) flag++; if (rpm_check(release:"RHEL6", reference:"mingw32-libxml2-debuginfo-2.7.6-6.el6_3")) flag++; if (rpm_check(release:"RHEL6", reference:"mingw32-libxml2-static-2.7.6-6.el6_3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw32-libxml2 / mingw32-libxml2-debuginfo / etc"); } }
NASL family SuSE Local Security Checks NASL id SUSE_11_3_LIBXML2-111201.NASL description Specially crafted XPath expressions could allow attackers to cause a denial of service or possibly have unspecified other impact (CVE-2011-2821,CVE-2011-2834). last seen 2020-06-01 modified 2020-06-02 plugin id 75635 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75635 title openSUSE Security Update : libxml2 (openSUSE-SU-2012:0073-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libxml2-5488. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75635); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:41"); script_cve_id("CVE-2011-2821", "CVE-2011-2834"); script_name(english:"openSUSE Security Update : libxml2 (openSUSE-SU-2012:0073-1)"); script_summary(english:"Check for the libxml2-5488 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Specially crafted XPath expressions could allow attackers to cause a denial of service or possibly have unspecified other impact (CVE-2011-2821,CVE-2011-2834)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=732787" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-01/msg00026.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libxml2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-devel-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3"); script_set_attribute(attribute:"patch_publication_date", value:"2011/12/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.3", reference:"libxml2-2.7.7-4.9.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"libxml2-devel-2.7.7-4.9.1") ) flag++; if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"libxml2-32bit-2.7.7-4.9.1") ) flag++; if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"libxml2-devel-32bit-2.7.7-4.9.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2 / libxml2-32bit / libxml2-devel / libxml2-devel-32bit"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20130131_MINGW32_LIBXML2_ON_SL6_X.NASL description IMPORTANT NOTE: The mingw32 packages in Scientific Linux 6 will no longer be updated proactively and will be deprecated with the release of Scientific Linux 6.4. These packages were provided to support other capabilities in Scientific Linux and were not intended for direct use. You are advised to not use these packages with immediate effect. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) last seen 2020-03-18 modified 2013-02-04 plugin id 64425 published 2013-02-04 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64425 title Scientific Linux Security Update : mingw32-libxml2 on SL6.x (x86_64) (20130131) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(64425); script_version("1.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27"); script_cve_id("CVE-2010-4008", "CVE-2010-4494", "CVE-2011-0216", "CVE-2011-1944", "CVE-2011-2821", "CVE-2011-2834", "CVE-2011-3102", "CVE-2011-3905", "CVE-2011-3919", "CVE-2012-0841", "CVE-2012-5134"); script_name(english:"Scientific Linux Security Update : mingw32-libxml2 on SL6.x (x86_64) (20130131)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "IMPORTANT NOTE: The mingw32 packages in Scientific Linux 6 will no longer be updated proactively and will be deprecated with the release of Scientific Linux 6.4. These packages were provided to support other capabilities in Scientific Linux and were not intended for direct use. You are advised to not use these packages with immediate effect. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1302&L=scientific-linux-errata&T=0&P=333 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bf695f37" ); script_set_attribute( attribute:"solution", value: "Update the affected mingw32-libxml2, mingw32-libxml2-debuginfo and / or mingw32-libxml2-static packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mingw32-libxml2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mingw32-libxml2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mingw32-libxml2-static"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/17"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"SL6", cpu:"x86_64", reference:"mingw32-libxml2-2.7.6-6.el6_3")) flag++; if (rpm_check(release:"SL6", cpu:"x86_64", reference:"mingw32-libxml2-debuginfo-2.7.6-6.el6_3")) flag++; if (rpm_check(release:"SL6", cpu:"x86_64", reference:"mingw32-libxml2-static-2.7.6-6.el6_3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw32-libxml2 / mingw32-libxml2-debuginfo / etc"); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6887828F022911E0B84D00262D5ED8EE.NASL description Google Chrome Releases reports : Fixed in 15.0.874.121 : [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler. Fixed in 15.0.874.120 : [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG. [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community. [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG. [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken last seen 2020-06-01 modified 2020-06-02 plugin id 51069 published 2010-12-08 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51069 title FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2015 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(51069); script_version("1.33"); script_cvs_date("Date: 2019/10/16 10:34:21"); script_cve_id("CVE-2011-1290", "CVE-2011-1291", "CVE-2011-1292", "CVE-2011-1293", "CVE-2011-1294", "CVE-2011-1295", "CVE-2011-1296", "CVE-2011-1301", "CVE-2011-1302", "CVE-2011-1303", "CVE-2011-1304", "CVE-2011-1305", "CVE-2011-1434", "CVE-2011-1435", "CVE-2011-1436", "CVE-2011-1437", "CVE-2011-1438", "CVE-2011-1439", "CVE-2011-1440", "CVE-2011-1441", "CVE-2011-1442", "CVE-2011-1443", "CVE-2011-1444", "CVE-2011-1445", "CVE-2011-1446", "CVE-2011-1447", "CVE-2011-1448", "CVE-2011-1449", "CVE-2011-1450", "CVE-2011-1451", "CVE-2011-1452", "CVE-2011-1454", "CVE-2011-1455", "CVE-2011-1456", "CVE-2011-1799", "CVE-2011-1800", "CVE-2011-1801", "CVE-2011-1804", "CVE-2011-1806", "CVE-2011-1807", "CVE-2011-1808", "CVE-2011-1809", "CVE-2011-1810", "CVE-2011-1811", "CVE-2011-1812", "CVE-2011-1813", "CVE-2011-1814", "CVE-2011-1815", "CVE-2011-1816", "CVE-2011-1817", "CVE-2011-1818", "CVE-2011-1819", "CVE-2011-2332", "CVE-2011-2342", "CVE-2011-2345", "CVE-2011-2346", "CVE-2011-2347", "CVE-2011-2348", "CVE-2011-2349", "CVE-2011-2350", "CVE-2011-2351", "CVE-2011-2358", "CVE-2011-2359", "CVE-2011-2360", "CVE-2011-2361", "CVE-2011-2782", "CVE-2011-2783", "CVE-2011-2784", "CVE-2011-2785", "CVE-2011-2786", "CVE-2011-2787", "CVE-2011-2788", "CVE-2011-2789", "CVE-2011-2790", "CVE-2011-2791", "CVE-2011-2792", "CVE-2011-2793", "CVE-2011-2794", "CVE-2011-2795", "CVE-2011-2796", "CVE-2011-2797", "CVE-2011-2798", "CVE-2011-2799", "CVE-2011-2800", "CVE-2011-2801", "CVE-2011-2802", "CVE-2011-2803", "CVE-2011-2804", "CVE-2011-2805", "CVE-2011-2818", "CVE-2011-2819", "CVE-2011-2821", "CVE-2011-2823", "CVE-2011-2824", "CVE-2011-2825", "CVE-2011-2826", "CVE-2011-2827", "CVE-2011-2828", "CVE-2011-2829", "CVE-2011-2834", "CVE-2011-2835", "CVE-2011-2836", "CVE-2011-2837", "CVE-2011-2838", "CVE-2011-2839", "CVE-2011-2840", "CVE-2011-2841", "CVE-2011-2842", "CVE-2011-2843", "CVE-2011-2844", "CVE-2011-2845", "CVE-2011-2846", "CVE-2011-2847", "CVE-2011-2848", "CVE-2011-2849", "CVE-2011-2850", "CVE-2011-2851", "CVE-2011-2852", "CVE-2011-2853", "CVE-2011-2854", "CVE-2011-2855", "CVE-2011-2856", "CVE-2011-2857", "CVE-2011-2858", "CVE-2011-2859", "CVE-2011-2860", "CVE-2011-2861", "CVE-2011-2862", "CVE-2011-2864", "CVE-2011-2874", "CVE-2011-2875", "CVE-2011-2876", "CVE-2011-2877", "CVE-2011-2878", "CVE-2011-2879", "CVE-2011-2880", "CVE-2011-2881", "CVE-2011-3234", "CVE-2011-3873", "CVE-2011-3875", "CVE-2011-3876", "CVE-2011-3877", "CVE-2011-3878", "CVE-2011-3879", "CVE-2011-3880", "CVE-2011-3881", "CVE-2011-3882", "CVE-2011-3883", "CVE-2011-3884", "CVE-2011-3885", "CVE-2011-3886", "CVE-2011-3887", "CVE-2011-3888", "CVE-2011-3889", "CVE-2011-3890", "CVE-2011-3891", "CVE-2011-3892", "CVE-2011-3893", "CVE-2011-3894", "CVE-2011-3895", "CVE-2011-3896", "CVE-2011-3897", "CVE-2011-3898", "CVE-2011-3900"); script_name(english:"FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Google Chrome Releases reports : Fixed in 15.0.874.121 : [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler. Fixed in 15.0.874.120 : [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG. [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community. [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG. [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken 'strcpy' Russell of the Chromium development community. [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt reported through ZDI (ZDI-CAN-1416). [102461] Low CVE-2011-3898: Failure to ask for permission to run applets in JRE7. Credit to Google Chrome Security Team (Chris Evans). Fixed in 15.0.874.102 : [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to Jordi Chancel. [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit to Jordi Chancel. [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames. Credit to Marc Novak. [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to Google Chrome Security Team (Tom Sepez) plus independent discovery by Juho Nurminen. [94487] Medium CVE-2011-3878: Race condition in worker process initialization. Credit to miaubiz. [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to Masato Kinugawa. [95992] Low CVE-2011-3880: Don't permit as a HTTP header delimiter. Credit to Vladimir Vorontsov, ONsec company. [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881 : Cross-origin policy violations. Credit to Sergey Glazunov. [96292] High CVE-2011-3882: Use-after-free in media buffer handling. Credit to Google Chrome Security Team (Inferno). [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to miaubiz. [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to Brian Ryner of the Chromium development community. [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885 : Stale style bugs leading to use-after-free. Credit to miaubiz. [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to Christian Holler. [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to Sergey Glazunov. [99138] High CVE-2011-3888: Use-after-free with plug-in and editing. Credit to miaubiz. [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz. [99553] High CVE-2011-3890: Use-after-free in video source handling. Credit to Ami Fischman of the Chromium development community. [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to Steven Keuchel of the Chromium development community plus independent discovery by Daniel Divricean. Fixed in 14.0.835.202 : [93788] High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz. [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz. [95671] High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov. [96150] High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno). [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov. [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov. [98089] Critical CVE-2011-3873: Memory corruption in shader translator. Credit to Zhenyao Mo of the Chromium development community. Fixed in 14.0.835.163 : [49377] High CVE-2011-2835: Race condition in the certificate cache. Credit to Ryan Sleevi of the Chromium development community. [51464] Low CVE-2011-2836: Infobar the Windows Media Player plug-in to avoid click-free access to the system Flash. Credit to electronixtar. [Linux only] [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to wbrana. [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when loading plug-ins. Credit to Michal Zalewski of the Google Security Team. [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit to Kostya Serebryany of the Chromium development community. [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual user interaction. Credit to kuzzcc. [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to Mario Gomes. [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers. Credit to Kostya Serebryany of the Chromium development community. [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit to Mario Gomes. [89219] High CVE-2011-2846: Use-after-free in unload event handling. Credit to Arthur Gerkis. [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to miaubiz. [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit to Jordi Chancel. [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets. Credit to Arthur Gerkis. [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit to miaubiz. [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters. Credit to miaubiz. [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling. Credit to Google Chrome Security Team (Inferno). [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler. [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit to Google Chrome Security Team (SkyLined). [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style handing. Credit to Slawomir Blazek, and independent later discoveries by miaubiz and Google Chrome Security Team (Inferno). [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to Arthur Gerkis. [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel Divricean. [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit to miaubiz. [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. [93497] Medium CVE-2011-2859: Incorrect permissions assigned to non-gallery pages. Credit to Bernhard 'Bruhns' Brehm of Recurity Labs. [93587] High CVE-2011-2860: Use-after-free in table style handling. Credit to miaubiz. [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki Helin of OUSPG. [93906] High CVE-2011-2862: Unintended access to v8 built-in objects. Credit to Sergey Glazunov. [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan characters. Credit to Google Chrome Security Team (Inferno). [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays. Credit to Google Chrome Security Team (Inferno). [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a session. Credit to Nishant Yadant of VMware and Craig Chamberlain (@randomuserid). High CVE-2011-2875: Type confusion in v8 object sealing. Credit to Christian Holler. Fixed in 13.0.782.215 : [89402] High CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. [82552] High CVE-2011-2823: Use-after-free in line box handling. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by miaubiz. [88216] High CVE-2011-2824: Use-after-free with counter nodes. Credit to miaubiz. [88670] High CVE-2011-2825: Use-after-free with custom fonts. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent later discovery by miaubiz. [87453] High CVE-2011-2826: Cross-origin violation with empty origins. Credit to Sergey Glazunov. [90668] High CVE-2011-2827: Use-after-free in text searching. Credit to miaubiz. [91517] High CVE-2011-2828: Out-of-bounds write in v8. Credit to Google Chrome Security Team (SkyLined). [32-bit only] [91598] High CVE-2011-2829: Integer overflow in uniform arrays. Credit to Sergey Glazunov. [Linux only] [91665] High CVE-2011-2839: Buggy memset() in PDF. Credit to Aki Helin of OUSPG. Fixed in 13.0.782.107 : [75821] Medium CVE-2011-2358: Always confirm an extension install via a browser dialog. Credit to Sergey Glazunov. [78841] High CVE-2011-2359: Stale pointer due to bad line box tracking in rendering. Credit to miaubiz and Martin Barbella. [79266] Low CVE-2011-2360: Potential bypass of dangerous file prompt. Credit to kuzzcc. [79426] Low CVE-2011-2361: Improve designation of strings in the basic auth dialog. Credit to kuzzcc. [Linux only] [81307] Medium CVE-2011-2782: File permissions error with drag and drop. Credit to Evan Martin of the Chromium development community. [83273] Medium CVE-2011-2783: Always confirm a developer mode NPAPI extension install via a browser dialog. Credit to Sergey Glazunov. [83841] Low CVE-2011-2784: Local file path disclosure via GL program log. Credit to kuzzcc. [84402] Low CVE-2011-2785: Sanitize the homepage URL in extensions. Credit to kuzzcc. [84600] Low CVE-2011-2786: Make sure the speech input bubble is always on-screen. Credit to Olli Pettay of Mozilla. [84805] Medium CVE-2011-2787: Browser crash due to GPU lock re-entrancy issue. Credit to kuzzcc. [85559] Low CVE-2011-2788: Buffer overflow in inspector serialization. Credit to Mikolaj Malecki. [85808] Medium CVE-2011-2789: Use after free in Pepper plug-in instantiation. Credit to Mario Gomes and kuzzcc. [86502] High CVE-2011-2790: Use-after-free with floating styles. Credit to miaubiz. [86900] High CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. [87148] High CVE-2011-2792: Use-after-free with float removal. Credit to miaubiz. [87227] High CVE-2011-2793: Use-after-free in media selectors. Credit to miaubiz. [87298] Medium CVE-2011-2794: Out-of-bounds read in text iteration. Credit to miaubiz. [87339] Medium CVE-2011-2795: Cross-frame function leak. Credit to Shih Wei-Long. [87548] High CVE-2011-2796: Use-after-free in Skia. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community. [87729] High CVE-2011-2797: Use-after-free in resource caching. Credit to miaubiz. [87815] Low CVE-2011-2798: Prevent a couple of internal schemes from being web accessible. Credit to sirdarckcat of the Google Security Team. [87925] High CVE-2011-2799: Use-after-free in HTML range handling. Credit to miaubiz. [88337] Medium CVE-2011-2800: Leak of client-side redirect target. Credit to Juho Nurminen. [88591] High CVE-2011-2802: v8 crash with const lookups. Credit to Christian Holler. [88827] Medium CVE-2011-2803: Out-of-bounds read in Skia paths. Credit to Google Chrome Security Team (Inferno). [88846] High CVE-2011-2801: Use-after-free in frame loader. Credit to miaubiz. [88889] High CVE-2011-2818: Use-after-free in display box rendering. Credit to Martin Barbella. [89142] High CVE-2011-2804: PDF crash with nested functions. Credit to Aki Helin of OUSPG. [89520] High CVE-2011-2805: Cross-origin script injection. Credit to Sergey Glazunov. [90222] High CVE-2011-2819: Cross-origin violation in base URI handling. Credit to Sergey Glazunov. Fixed in 12.0.742.112 : [77493] Medium CVE-2011-2345: Out-of-bounds read in NPAPI string handling. Credit to Philippe Arteau. [84355] High CVE-2011-2346: Use-after-free in SVG font handling. Credit to miaubiz. [85003] High CVE-2011-2347: Memory corruption in CSS parsing. Credit to miaubiz. [85102] High CVE-2011-2350: Lifetime and re-entrancy issues in the HTML parser. Credit to miaubiz. [85177] High CVE-2011-2348: Bad bounds check in v8. Credit to Aki Helin of OUSPG. [85211] High CVE-2011-2351: Use-after-free with SVG use element. Credit to miaubiz. [85418] High CVE-2011-2349: Use-after-free in text selection. Credit to miaubiz. Fixed in 12.0.742.91 : [73962] [79746] High CVE-2011-1808: Use-after-free due to integer issues in float handling. Credit to miaubiz. [75496] Medium CVE-2011-1809: Use-after-free in accessibility support. Credit to Google Chrome Security Team (SkyLined). [75643] Low CVE-2011-1810: Visit history information leak in CSS. Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability Research (MSVR). [76034] Low CVE-2011-1811: Browser crash with lots of form submissions. Credit to 'DimitrisV22'. [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit to kuzzcc. [78516] High CVE-2011-1813: Stale pointer in extension framework. Credit to Google Chrome Security Team (Inferno). [79362] Medium CVE-2011-1814: Read from uninitialized pointer. Credit to Eric Roman of the Chromium development community. [79862] Low CVE-2011-1815: Extension script injection into new tab page. Credit to kuzzcc. [80358] Medium CVE-2011-1816: Use-after-free in developer tools. Credit to kuzzcc. [81916] Medium CVE-2011-1817: Browser memory corruption in history deletion. Credit to Collin Payne. [81949] High CVE-2011-1818: Use-after-free in image loader. Credit to miaubiz. [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages. Credit to Vladislavas Jarmalis, plus subsequent independent discovery by Sergey Glazunov. [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey Glazunov. [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey Glazunov. Fixed in 11.0.696.71 : [72189] Low CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De Silva. [82546] High CVE-2011-1804: Stale pointer in floats rendering. Credit to Martin Barbella. [82873] Critical CVE-2011-1806: Memory corruption in GPU command buffer. Credit to Google Chrome Security Team (Cris Neckar). [82903] Critical CVE-2011-1807: Out-of-bounds write in blob handling. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community. Fixed in 11.0.696.68 : [64046] High CVE-2011-1799: Bad casts in Chromium WebKit glue. Credit to Google Chrome Security Team (SkyLined). [80608] High CVE-2011-1800: Integer overflows in SVG filters. Credit to Google Chrome Security Team (Cris Neckar). Fixed in 11.0.696.57 : [61502] High CVE-2011-1303: Stale pointer in floating object handling. Credit to Scott Hess of the Chromium development community and Martin Barbella. [70538] Low CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to Chamal De Silva. [Linux / Mac only] [70589] Medium CVE-2011-1305: Linked-list race in database handling. Credit to Kostya Serebryany of the Chromium development community. [71586] Medium CVE-2011-1434: Lack of thread safety in MIME handling. Credit to Aki Helin. [72523] Medium CVE-2011-1435: Bad extension with 'tabs' permission can capture local files. Credit to Cole Snodgrass. [Linux only] [72910] Low CVE-2011-1436: Possible browser crash due to bad interaction with X. Credit to miaubiz. [73526] High CVE-2011-1437: Integer overflows in float rendering. Credit to miaubiz. [74653] High CVE-2011-1438: Same origin policy violation with blobs. Credit to kuzzcc. [Linux only] [74763] High CVE-2011-1439: Prevent interference between renderer processes. Credit to Julien Tinnes of the Google Security Team. [75186] High CVE-2011-1440: Use-after-free with <ruby> tag and CSS. Credit to Jose A. Vazquez. [75347] High CVE-2011-1441: Bad cast with floating select lists. Credit to Michael Griffiths. [75801] High CVE-2011-1442: Corrupt node trees with mutation events. Credit to Sergey Glazunov and wushi of team 509. [76001] High CVE-2011-1443: Stale pointers in layering code. Credit to Martin Barbella. [Linux only] [76542] High CVE-2011-1444: Race condition in sandbox launcher. Credit to Dan Rosenberg. Medium CVE-2011-1445: Out-of-bounds read in SVG. Credit to wushi of team509. [76666] [77507] [78031] High CVE-2011-1446: Possible URL bar spoofs with navigation errors and interrupted loads. Credit to kuzzcc. [76966] High CVE-2011-1447: Stale pointer in drop-down list handling. Credit to miaubiz. [77130] High CVE-2011-1448: Stale pointer in height calculations. Credit to wushi of team509. [77346] High CVE-2011-1449: Use-after-free in WebSockets. Credit to Marek Majkowski. Low CVE-2011-1450: Dangling pointers in file dialogs. Credit to kuzzcc. [77463] High CVE-2011-1451: Dangling pointers in DOM id map. Credit to Sergey Glazunov. [77786] Medium CVE-2011-1452: URL bar spoof with redirect and manual reload. Credit to Jordi Chancel. [79199] High CVE-2011-1454: Use-after-free in DOM id handling. Credit to Sergey Glazunov. [79361] Medium CVE-2011-1455: Out-of-bounds read with multipart-encoded PDF. Credit to Eric Roman of the Chromium development community. [79364] High CVE-2011-1456: Stale pointers with PDF forms. Credit to Eric Roman of the Chromium development community. Fixed in 10.0.648.205 : [75629] Critical CVE-2011-1301: Use-after-free in the GPU process. Credit to Google Chrome Security Team (Inferno). [78524] Critical CVE-2011-1302: Heap overflow in the GPU process. Credit to Christoph Diehl. Fixed in 10.0.648.204 : [72517] High CVE-2011-1291: Buffer error in base string handling. Credit to Alex Turpin. [73216] High CVE-2011-1292: Use-after-free in the frame loader. Credit to Slawomir Blazek. [73595] High CVE-2011-1293: Use-after-free in HTMLCollection. Credit to Sergey Glazunov. [74562] High CVE-2011-1294: Stale pointer in CSS handling. Credit to Sergey Glazunov. [74991] High CVE-2011-1295: DOM tree corruption with broken node parentage. Credit to Sergey Glazunov. [75170] High CVE-2011-1296: Stale pointer in SVG text handling. Credit to Sergey Glazunov. Fixed in 10.0.648.133 : [75712] High Memory corruption in style handling. Credit to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers reported through ZDI. Fixed in 10.0.648.127 : [42765] Low Possible to navigate or close the top location in a sandboxed frame. Credit to sirdarckcat of the Google Security Team. [Linux only] [49747] Low Work around an X server bug and crash with long messages. Credit to Louis Lang. [Linux only] [66962] Low Possible browser crash with parallel print()s. Credit to Aki Helin of OUSPG. [69187] Medium Cross-origin error message leak. Credit to Daniel Divricean. [69628] High Memory corruption with counter nodes. Credit to Martin Barbella. [70027] High Stale node in box layout. Credit to Martin Barbella. [70336] Medium Cross-origin error message leak with workers. Credit to Daniel Divricean. [70442] High Use after free with DOM URL handling. Credit to Sergey Glazunov. [Linux only] [70779] Medium Out of bounds read handling unicode ranges. Credit to miaubiz. [70877] High Same origin policy bypass in v8. Credit to Daniel Divricean. [70885] [71167] Low Pop-up blocker bypasses. Credit to Chamal de Silva. [71763] High Use-after-free in document script lifetime handling. Credit to miaubiz. [71788] High Out-of-bounds write in the OGG container. Credit to Google Chrome Security Team (SkyLined); plus subsequent independent discovery by David Weston of Microsoft and MSVR. [72028] High Stale pointer in table painting. Credit to Martin Barbella. [73026] High Use of corrupt out-of-bounds structure in video code. Credit to Tavis Ormandy of the Google Security Team. [73066] High Crash with the DataView object. Credit to Sergey Glazunov. [73134] High Bad cast in text rendering. Credit to miaubiz. [73196] High Stale pointer in WebKit context code. Credit to Sergey Glazunov. [73716] Low Leak of heap address in XSLT. Credit to Google Chrome Security Team (Chris Evans). [73746] High Stale pointer with SVG cursors. Credit to Sergey Glazunov. [74030] High DOM tree corruption with attribute handling. Credit to Sergey Glazunov. [74662] High Corruption via re-entrancy of RegExp code. Credit to Christian Holler. [74675] High Invalid memory access in v8. Credit to Christian Holler. Fixed in 9.0.597.107 : [54262] High URL bar spoof. Credit to Jordi Chancel. [63732] High Crash with JavaScript dialogs. Credit to Sergey Radchenko. [68263] High Stylesheet node stale pointer. Credit to Sergey Glazunov. [68741] High Stale pointer with key frame rule. Credit to Sergey Glazunov. [70078] High Crash with forms controls. Credit to Stefan van Zanden. [70244] High Crash in SVG rendering. Credit to Slawomir Blazek. [64-bit Linux only] [70376] Medium Out-of-bounds read in pickle deserialization. Credit to Evgeniy Stepanov of the Chromium development community. [71114] High Stale node in table handling. Credit to Martin Barbella. [71115] High Stale pointer in table rendering. Credit to Martin Barbella. [71296] High Stale pointer in SVG animations. Credit to miaubiz. [71386] High Stale nodes in XHTML. Credit to wushi of team509. [71388] High Crash in textarea handling. Credit to wushi of team509. [71595] High Stale pointer in device orientation. Credit to Sergey Glazunov. [71717] Medium Out-of-bounds read in WebGL. Credit to miaubiz. [71855] High Integer overflow in textarea handling. Credit to miaubiz. [71960] Medium Out-of-bounds read in WebGL. Credit to Google Chrome Security Team (Inferno). [72214] High Accidental exposure of internal extension functions. Credit to Tavis Ormandy of the Google Security Team. [72437] High Use-after-free with blocked plug-ins. Credit to Chamal de Silva. [73235] High Stale pointer in layout. Credit to Martin Barbella. Fixed in 9.0.597.94 : [67234] High Stale pointer in animation event handling. Credit to Rik Cabanier. [68120] High Use-after-free in SVG font faces. Credit to miaubiz. [69556] High Stale pointer with anonymous block handling. Credit to Martin Barbella. [69970] Medium Out-of-bounds read in plug-in handling. Credit to Bill Budge of Google. [70456] Medium Possible failure to terminate process on out-of-memory condition. Credit to David Warren of CERT/CC. Fixed in 9.0.597.84 : [Mac only] [42989] Low Minor sandbox leak via stat(). Credit to Daniel Cheng of the Chromium development community. [55831] High Use-after-free in image loading. Credit to Aki Helin of OUSPG. [59081] Low Apply some restrictions to cross-origin drag + drop. Credit to Google Chrome Security Team (SkyLined) and the Google Security Team (Michal Zalewski, David Bloom). [62791] Low Browser crash with extension with missing key. Credit to Brian Kirchoff. [64051] High Crashing when printing in PDF event handler. Credit to Aki Helin of OUSPG. [65669] Low Handle merging of autofill profiles more gracefully. Credit to Google Chrome Security Team (Inferno). [Mac only] [66931] Low Work around a crash in the Mac OS 10.5 SSL libraries. Credit to Dan Morrison. [68244] Low Browser crash with bad volume setting. Credit to Matthew Heidermann. [69195] Critical Race condition in audio handling. Credit to the gamers of Reddit! Fixed in 8.0.552.237 : [58053] Medium Browser crash in extensions notification handling. Credit to Eric Roman of the Chromium development community. [65764] High Bad pointer handling in node iteration. Credit to Sergey Glazunov. [66334] High Crashes when printing multi-page PDFs. Credit to Google Chrome Security Team (Chris Evans). [66560] High Stale pointer with CSS + canvas. Credit to Sergey Glazunov. [66748] High Stale pointer with CSS + cursors. Credit to Jan Tosovsk. [67100] High Use after free in PDF page handling. Credit to Google Chrome Security Team (Chris Evans). [67208] High Stack corruption after PDF out-of-memory condition. Credit to Jared Allar of CERT. [67303] High Bad memory access with mismatched video frame sizes. Credit to Aki Helin of OUSPG; plus independent discovery by Google Chrome Security Team (SkyLined) and David Warren of CERT. [67363] High Stale pointer with SVG use element. Credited anonymously; plus indepdent discovery by miaubiz. [67393] Medium Uninitialized pointer in the browser triggered by rogue extension. Credit to kuzzcc. [68115] High Vorbis decoder buffer overflows. Credit to David Warren of CERT. [68170] High Buffer overflow in PDF shading. Credit to Aki Helin of OUSPG. [68178] High Bad cast in anchor handling. Credit to Sergey Glazunov. [68181] High Bad cast in video handling. Credit to Sergey Glazunov. [68439] High Stale rendering node after DOM node removal. Credit to Martin Barbella; plus independent discovery by Google Chrome Security Team (SkyLined). [68666] Critical Stale pointer in speech handling. Credit to Sergey Glazunov. Fixed in 8.0.552.224 : [64-bit Linux only] [56449] High Bad validation for message deserialization on 64-bit builds. Credit to Lei Zhang of the Chromium development community. [60761] Medium Bad extension can cause browser crash in tab handling. Credit to kuzzcc. [63529] Low Browser crash with NULL pointer in web worker handling. Credit to Nathan Weizenbaum of Google. [63866] Medium Out-of-bounds read in CSS parsing. Credit to Chris Rohlf. [64959] High Stale pointers in cursor handling. Credit to Slawomir Blazek and Sergey Glazunov. Fixed in 8.0.552.215 : [17655] Low Possible pop-up blocker bypass. Credit to Google Chrome Security Team (SkyLined). [55745] Medium Cross-origin video theft with canvas. Credit to Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR). [56237] Low Browser crash with HTML5 databases. Credit to Google Chrome Security Team (Inferno). [58319] Low Prevent excessive file dialogs, possibly leading to browser crash. Credit to Cezary Tomczak (gosu.pl). [59554] High Use after free in history handling. Credit to Stefan Troger. [Linux / Mac] [59817] Medium Make sure the 'dangerous file types' list is uptodate with the Windows platforms. Credit to Billy Rios of the Google Security Team. [61701] Low Browser crash with HTTP proxy authentication. Credit to Mohammed Bouhlel. [61653] Medium Out-of-bounds read regression in WebM video support. Credit to Google Chrome Security Team (Chris Evans), based on earlier testcases from Mozilla and Microsoft (MSVR). [62127] High Crash due to bad indexing with malformed video. Credit to miaubiz. [62168] Medium Possible browser memory corruption via malicious privileged extension. Credit to kuzzcc. [62401] High Use after free with SVG animations. Credit to Slawomir Blazek. [63051] Medium Use after free in mouse dragging event handling. Credit to kuzzcc. [63444] High Double free in XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. Fixed in 7.0.517.44 : [51602] High Use-after-free in text editing. Credit to David Bloom of the Google Security Team, Google Chrome Security Team (Inferno) and Google Chrome Security Team (Cris Neckar). [55257] High Memory corruption with enormous text area. Credit to wushi of team509. [58657] High Bad cast with the SVG use element. Credit to the kuzzcc. [58731] High Invalid memory read in XPath handling. Credit to Bui Quang Minh from Bkis (www.bkis.com). [58741] High Use-after-free in text control selections. Credit to 'vkouchna'. [Linux only] [59320] High Integer overflows in font handling. Credit to Aki Helin of OUSPG. [60055] High Memory corruption in libvpx. Credit to Christoph Diehl. [60238] High Bad use of destroyed frame object. Credit to various developers, including 'gundlach'. [60327] [60769] [61255] High Type confusions with event objects. Credit to 'fam.lam' and Google Chrome Security Team (Inferno). [60688] High Out-of-bounds array access in SVG handling. Credit to wushi of team509. Fixed in 7.0.517.43 : [48225] [51727] Medium Possible autofill / autocomplete profile spamming. Credit to Google Chrome Security Team (Inferno). [48857] High Crash with forms. Credit to the Chromium development community. [50428] Critical Browser crash with form autofill. Credit to the Chromium development community. [51680] High Possible URL spoofing on page unload. Credit to kuzzcc; plus independent discovery by Jordi Chancel. [53002] Low Pop-up block bypass. Credit to kuzzcc. [53985] Medium Crash on shutdown with Web Sockets. Credit to the Chromium development community. [Linux only] [54132] Low Bad construction of PATH variable. Credit to Dan Rosenberg, Virtual Security Research. [54500] High Possible memory corruption with animated GIF. Credit to Simon Schaak. [Linux only] [54794] High Failure to sandbox worker processes on Linux. Credit to Google Chrome Security Team (Chris Evans). [56451] High Stale elements in an element map. Credit to Michal Zalewski of the Google Security Team." ); # http://googlechromereleases.blogspot.com/search/label/Stable%20updates script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?29fa020e" ); # http://www.freebsd.org/ports/portaudit/6887828f-0229-11e0-b84d-00262d5ed8ee.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?68c666ce" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:chromium"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/10/19"); script_set_attribute(attribute:"patch_publication_date", value:"2010/12/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"chromium<15.0.874.121")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Scientific Linux Local Security Checks NASL id SL_20111206_LIBXML2_ON_SL6_X.NASL description The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) Multiple flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Note: Scientific Linux generally does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. This update also fixes the following bugs : - A number of patches have been applied to harden the XPath processing code in libxml2, such as fixing memory leaks, rounding errors, XPath numbers evaluations, and a potential error in encoding conversion. All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 61192 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61192 title Scientific Linux Security Update : libxml2 on SL6.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(61192); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2010-4008", "CVE-2010-4494", "CVE-2011-0216", "CVE-2011-1944", "CVE-2011-2821", "CVE-2011-2834"); script_name(english:"Scientific Linux Security Update : libxml2 on SL6.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) Multiple flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Note: Scientific Linux generally does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. This update also fixes the following bugs : - A number of patches have been applied to harden the XPath processing code in libxml2, such as fixing memory leaks, rounding errors, XPath numbers evaluations, and a potential error in encoding conversion. All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-errata&T=0&P=1201 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0e42d834" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/12/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"libxml2-2.7.6-4.el6")) flag++; if (rpm_check(release:"SL6", reference:"libxml2-debuginfo-2.7.6-4.el6")) flag++; if (rpm_check(release:"SL6", reference:"libxml2-devel-2.7.6-4.el6")) flag++; if (rpm_check(release:"SL6", reference:"libxml2-python-2.7.6-4.el6")) flag++; if (rpm_check(release:"SL6", reference:"libxml2-static-2.7.6-4.el6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2012-13824.NASL description lot of security bug fixes Lots of security patches Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-09-27 plugin id 62324 published 2012-09-27 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62324 title Fedora 16 : libxml2-2.7.8-8.fc16 (2012-13824) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-13824. # include("compat.inc"); if (description) { script_id(62324); script_version("1.19"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2011-0216", "CVE-2011-1944", "CVE-2011-2821", "CVE-2011-2834", "CVE-2011-3102", "CVE-2011-3905", "CVE-2011-3919", "CVE-2012-0841", "CVE-2012-2807"); script_bugtraq_id(48056, 48832, 49279, 49658, 51084, 51300, 52107, 53540, 54718); script_xref(name:"FEDORA", value:"2012-13824"); script_name(english:"Fedora 16 : libxml2-2.7.8-8.fc16 (2012-13824)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "lot of security bug fixes Lots of security patches Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=709750" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=735715" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=755813" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=772122" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=795698" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=822171" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=843743" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-September/088388.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?454537c5" ); script_set_attribute( attribute:"solution", value:"Update the affected libxml2 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libxml2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"libxml2-2.7.8-8.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_4_LIBXML2-111201.NASL description Specially crafted XPath expressions could allow attackers to cause a denial of service or possibly have unspecified other impact (CVE-2011-2821,CVE-2011-2834). last seen 2020-06-01 modified 2020-06-02 plugin id 75936 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75936 title openSUSE Security Update : libxml2 (openSUSE-SU-2012:0073-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libxml2-5488. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75936); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:42"); script_cve_id("CVE-2011-2821", "CVE-2011-2834"); script_name(english:"openSUSE Security Update : libxml2 (openSUSE-SU-2012:0073-1)"); script_summary(english:"Check for the libxml2-5488 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Specially crafted XPath expressions could allow attackers to cause a denial of service or possibly have unspecified other impact (CVE-2011-2821,CVE-2011-2834)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=732787" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-01/msg00026.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libxml2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-devel-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4"); script_set_attribute(attribute:"patch_publication_date", value:"2011/12/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.4", reference:"libxml2-2.7.8-16.19.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libxml2-debuginfo-2.7.8-16.19.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libxml2-debugsource-2.7.8-16.19.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libxml2-devel-2.7.8-16.19.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libxml2-32bit-2.7.8-16.19.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libxml2-debuginfo-32bit-2.7.8-16.19.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libxml2-devel-32bit-2.7.8-16.19.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2 / libxml2-32bit / libxml2-devel / libxml2-devel-32bit / etc"); }
NASL family Solaris Local Security Checks NASL id SOLARIS11_LIBXML2_20121120.NASL description The remote Solaris system is missing necessary patches to address security updates : - Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site. (CVE-2011-0216) - Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. (CVE-2011-2821) - Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. (CVE-2011-2834) - Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. (CVE-2011-3102) - libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2011-3905) - Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. (CVE-2011-3919) - libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. (CVE-2012-0841) last seen 2020-06-01 modified 2020-06-02 plugin id 80688 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80688 title Oracle Solaris Third-Party Patch Update : libxml2 (cve_2011_0216_denial_of) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80688); script_version("1.5"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2011-0216", "CVE-2011-2821", "CVE-2011-2834", "CVE-2011-3102", "CVE-2011-3905", "CVE-2011-3919", "CVE-2012-0841"); script_name(english:"Oracle Solaris Third-Party Patch Update : libxml2 (cve_2011_0216_denial_of)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site. (CVE-2011-0216) - Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. (CVE-2011-2821) - Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. (CVE-2011-2834) - Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. (CVE-2011-3102) - libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2011-3905) - Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. (CVE-2011-3919) - libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. (CVE-2012-0841)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); script_set_attribute( attribute:"see_also", value:"https://blogs.oracle.com/sunsecurity/cve-2011-0216-denial-of-service-dos-vulnerability-in-libxml2" ); # https://blogs.oracle.com/sunsecurity/cve-2011-3102-numeric-errors-vulnerability-in-libxml2 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?22b5c925" ); script_set_attribute( attribute:"see_also", value:"https://blogs.oracle.com/sunsecurity/cve-2012-0841-denial-of-service-dos-vulnerability-in-libxml2" ); # https://blogs.oracle.com/sunsecurity/multiple-denial-of-service-dos-vulnerabilities-in-libxml2 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?54a8db0e" ); # https://blogs.oracle.com/sunsecurity/multiple-denial-of-service-dos-vulnerabilities-in-libxml2 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?54a8db0e" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11/11 SRU 10.5."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:libxml2"); script_set_attribute(attribute:"patch_publication_date", value:"2012/11/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^libxml2$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.0.10.0.5.0", sru:"SRU 10.5a") > 0) flag++; if (flag) { error_extra = 'Affected package : libxml2\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_hole(port:0, extra:error_extra); else security_hole(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "libxml2");
NASL family Web Servers NASL id HPSMH_7_1_1_1.NASL description According to the web server last seen 2020-06-01 modified 2020-06-02 plugin id 59851 published 2012-07-05 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59851 title HP System Management Homepage < 7.1.1 Multiple Vulnerabilities NASL family Gain a shell remotely NASL id APPLETV_5_1.NASL description According to its banner, the remote Apple TV 2nd generation or later device has a version of iOS that is prior to 5.1. It is, therefore, reportedly affected by several vulnerabilities : - An uninitialized memory access issue in the handling of Sorenson encoded movie files could lead to arbitrary code execution. (CVE-2012-3722) - Following the DNAv4 protocol, the device may broadcast MAC addresses of previously accessed networks when connecting to a Wi-Fi network. (CVE-2012-3725) - A buffer overflow in libtiff last seen 2020-06-01 modified 2020-06-02 plugin id 62357 published 2012-09-27 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62357 title Apple TV < 5.1 Multiple Vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2394.NASL description Many security problems have been fixed in libxml2, a popular library to handle XML data files. - CVE-2011-3919 : Juri Aedla discovered a heap-based buffer overflow that allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. - CVE-2011-0216 : An Off-by-one error have been discovered that allows remote attackers to execute arbitrary code or cause a denial of service. - CVE-2011-2821 : A memory corruption (double free) bug has been identified in libxml2 last seen 2020-03-17 modified 2012-01-27 plugin id 57702 published 2012-01-27 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57702 title Debian DSA-2394-1 : libxml2 - several vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1334-1.NASL description It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-0216) It was discovered that libxml2 is vulnerable to double-free conditions when parsing certain XML documents. This could allow a remote attacker to cause a denial of service. (CVE-2011-2821, CVE-2011-2834) It was discovered that libxml2 did not properly detect end of file when parsing certain XML documents. An attacker could exploit this to crash applications linked against libxml2. (CVE-2011-3905) It was discovered that libxml2 did not properly decode entity references with long names. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-3919). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57615 published 2012-01-20 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57615 title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : libxml2 vulnerabilities (USN-1334-1) NASL family Windows NASL id GOOGLE_CHROME_13_0_782_215.NASL description The version of Google Chrome installed on the remote host is earlier than 13.0.782.215 and is potentially affected by several vulnerabilities: - An unspecified error related to command line URL parsing exists. (Issue #72492) - Use-after-free errors related to line box handling, counter nodes, custom fonts, and text searching. (Issue #82552, #88216, #88670, #90668) - A double-free error related to libxml XPath handling exists. (Issue #89402) - An error related to empty origins exists that can allow cross-domain violation. (Issue #87453) - A memory corruption error exists related to vertex handling. (Issue #89836) - An out-of-bounds write error exists in the v8 JavaScript engine. (Issue #91517) - An integer overrun error exists in the handling of uniform arrays. (Issue #91598) last seen 2020-06-01 modified 2020-06-02 plugin id 55959 published 2011-08-23 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55959 title Google Chrome < 13.0.782.215 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2012-13820.NASL description Lot of security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-09-27 plugin id 62323 published 2012-09-27 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62323 title Fedora 17 : libxml2-2.7.8-9.fc17 (2012-13820) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-26.NASL description The remote host is affected by the vulnerability described in GLSA-201110-26 (libxml2: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact : A local or remote attacker may be able to execute arbitrary code with the privileges of the application or cause a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56660 published 2011-10-27 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56660 title GLSA-201110-26 : libxml2: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_LIBXML2-111201.NASL description Specially crafted XPath expressions could have allowed attackers to cause a denial of service or possibly have unspecified other impact (CVE-2011-2821 / CVE-2011-2834). This has been fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 57531 published 2012-01-13 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57531 title SuSE 11.1 Security Update : libxml2 (SAT Patch Number 5489) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-145.NASL description Double free vulnerabilities in libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression and via vectors related to XPath handling (CVE-2011-2821, CVE-2011-2834). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56429 published 2011-10-10 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56429 title Mandriva Linux Security Advisory : libxml2 (MDVSA-2011:145) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2012-002.NASL description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-002 applied. This update contains multiple security-related fixes for the following components : - curl - Directory Service - ImageIO - libarchive - libsecurity - libxml - Quartz Composer - QuickTime - Ruby - Samba - Security Framework last seen 2020-06-01 modified 2020-06-02 plugin id 59067 published 2012-05-10 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59067 title Mac OS X Multiple Vulnerabilities (Security Update 2012-002) (BEAST) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0217.NASL description From Red Hat Security Advisory 2013:0217 : Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 68721 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68721 title Oracle Linux 6 : mingw32-libxml2 (ELSA-2013-0217) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0217.NASL description Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 64384 published 2013-02-01 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64384 title CentOS 6 : mingw32-libxml2 (CESA-2013:0217) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2012-0012.NASL description a. ESXi update to third-party component libxml2 The libxml2 third-party library has been updated which addresses multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4008, CVE-2011-0216, CVE-2011-1944, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 and CVE-2012-0841 to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 59966 published 2012-07-13 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59966 title VMSA-2012-0012 : VMware ESXi update to third-party library
Oval
accepted | 2014-04-07T04:00:28.505-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
description | Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:13840 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2011-11-25T18:21:13.000-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
title | Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 52 |
Redhat
advisories |
| ||||||||
rpms |
|
References
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:145
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
- http://support.apple.com/kb/HT5503
- http://rhn.redhat.com/errata/RHSA-2013-0217.html
- http://www.redhat.com/support/errata/RHSA-2011-1749.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13840
- http://code.google.com/p/chromium/issues/detail?id=89402
- http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
- http://support.apple.com/kb/HT5281
- http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
- http://www.debian.org/security/2012/dsa-2394