Vulnerabilities > CVE-2014-0191 - Unspecified vulnerability in Oracle Fusion Middleware 11.1.1.7.0/12.1.2.0.0/12.1.3.0.0

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
oracle
nessus

Summary

The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1366-1.NASL
    descriptionThis update for libxml2 fixes the following issues : - Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873] - CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497) - CVE-2014-0191: External parameter entity loaded when entity substitution is disabled could cause a DoS. (bsc#876652) - CVE-2016-9318: XML External Entity (XXE) could be abused via crafted document. (bsc#1010675) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100352
    published2017-05-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100352
    titleSUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1366-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:1366-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(100352);
      script_version("3.5");
      script_cvs_date("Date: 2019/09/11 11:22:15");
    
      script_cve_id("CVE-2014-0191", "CVE-2016-9318", "CVE-2016-9597");
      script_bugtraq_id(67233);
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1366-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libxml2 fixes the following issues :
    
      - Fix NULL dereference in xpointer.c when in recovery mode
        [bsc#1014873]
    
      - CVE-2016-9597: An XML document with many opening tags
        could have caused a overflow of the stack not detected
        by the recursion limits, allowing for DoS (bsc#1017497)
    
      - CVE-2014-0191: External parameter entity loaded when
        entity substitution is disabled could cause a DoS.
        (bsc#876652)
    
      - CVE-2016-9318: XML External Entity (XXE) could be abused
        via crafted document. (bsc#1010675)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1010675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1013930"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1014873"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1017497"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=876652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-0191/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9318/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9597/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20171366-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?928a1587"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
    patch SUSE-SLE-SDK-12-SP1-2017-833=1
    
    SUSE Linux Enterprise Server 12-SP1:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2017-833=1
    
    SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP1-2017-833=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-libxml2-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/05/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libxml2-2-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libxml2-2-debuginfo-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libxml2-debugsource-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libxml2-tools-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libxml2-tools-debuginfo-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"python-libxml2-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"python-libxml2-debuginfo-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"python-libxml2-debugsource-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libxml2-2-32bit-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libxml2-2-debuginfo-32bit-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libxml2-2-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libxml2-2-32bit-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libxml2-2-debuginfo-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libxml2-2-debuginfo-32bit-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libxml2-debugsource-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libxml2-tools-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libxml2-tools-debuginfo-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python-libxml2-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python-libxml2-debuginfo-2.9.1-26.12.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python-libxml2-debugsource-2.9.1-26.12.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-959.NASL
    description - update to 2.9.3 - full changelog: http://www.xmlsoft.org/news.html - fixed CVEs: CVE-2015-8242, CVE-2015-7500, CVE-2015-7499, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-8035, CVE-2015-7942, CVE-2015-1819, CVE-2015-7941, CVE-2014-3660, CVE-2014-0191, CVE-2015-8241, CVE-2015-8317 - fixed bugs: [bsc#928193], [bsc#951734], [bsc#951735], [bsc#954429], [bsc#956018], [bsc#956021], [bsc#956260], [bsc#957105], [bsc#957106], [bsc#957107], [bsc#957109], [bsc#957110]
    last seen2020-06-05
    modified2015-12-29
    plugin id87631
    published2015-12-29
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/87631
    titleopenSUSE Security Update : libxml2 (openSUSE-2015-959)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2015-959.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(87631);
      script_version("2.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-0191", "CVE-2014-3660", "CVE-2015-1819", "CVE-2015-5312", "CVE-2015-7497", "CVE-2015-7498", "CVE-2015-7499", "CVE-2015-7500", "CVE-2015-7941", "CVE-2015-7942", "CVE-2015-8035", "CVE-2015-8241", "CVE-2015-8242", "CVE-2015-8317");
    
      script_name(english:"openSUSE Security Update : libxml2 (openSUSE-2015-959)");
      script_summary(english:"Check for the openSUSE-2015-959 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - update to 2.9.3
    
      - full changelog: http://www.xmlsoft.org/news.html
    
      - fixed CVEs: CVE-2015-8242, CVE-2015-7500, CVE-2015-7499,
        CVE-2015-5312, CVE-2015-7497, CVE-2015-7498,
        CVE-2015-8035, CVE-2015-7942, CVE-2015-1819,
        CVE-2015-7941, CVE-2014-3660, CVE-2014-0191,
        CVE-2015-8241, CVE-2015-8317
    
      - fixed bugs: [bsc#928193], [bsc#951734], [bsc#951735],
        [bsc#954429], [bsc#956018], [bsc#956021], [bsc#956260],
        [bsc#957105], [bsc#957106], [bsc#957107], [bsc#957109],
        [bsc#957110]"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.xmlsoft.org/news.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=928193"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=951734"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=951735"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=954429"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=956018"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=956021"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=956260"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=957105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=957106"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=957107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=957109"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=957110"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libxml2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libxml2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libxml2-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/12/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"libxml2-2-2.9.3-2.19.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libxml2-2-debuginfo-2.9.3-2.19.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libxml2-debugsource-2.9.3-2.19.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libxml2-devel-2.9.3-2.19.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libxml2-tools-2.9.3-2.19.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libxml2-tools-debuginfo-2.9.3-2.19.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"python-libxml2-2.9.3-2.19.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"python-libxml2-debuginfo-2.9.3-2.19.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"python-libxml2-debugsource-2.9.3-2.19.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libxml2-2-32bit-2.9.3-2.19.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libxml2-2-debuginfo-32bit-2.9.3-2.19.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libxml2-devel-32bit-2.9.3-2.19.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libxml2-2-2.9.3-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libxml2-2-debuginfo-2.9.3-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libxml2-debugsource-2.9.3-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libxml2-devel-2.9.3-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libxml2-tools-2.9.3-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libxml2-tools-debuginfo-2.9.3-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"python-libxml2-2.9.3-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"python-libxml2-debuginfo-2.9.3-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"python-libxml2-debugsource-2.9.3-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libxml2-2-32bit-2.9.3-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libxml2-2-debuginfo-32bit-2.9.3-7.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libxml2-devel-32bit-2.9.3-7.4.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2-2 / libxml2-2-32bit / libxml2-2-debuginfo / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-363.NASL
    description - fix for CVE-2014-0191 (bnc#876652) - libxml2: external parameter entity loaded when entity substitution is disabled - added libxml2-CVE-2014-0191.patch
    last seen2020-06-05
    modified2014-06-13
    plugin id75358
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75358
    titleopenSUSE Security Update : libxml2 (openSUSE-SU-2014:0645-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2014-363.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75358);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-0191");
      script_bugtraq_id(67233);
    
      script_name(english:"openSUSE Security Update : libxml2 (openSUSE-SU-2014:0645-1)");
      script_summary(english:"Check for the openSUSE-2014-363 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - fix for CVE-2014-0191 (bnc#876652)
    
      - libxml2: external parameter entity loaded when entity
        substitution is disabled
    
      - added libxml2-CVE-2014-0191.patch"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=876652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2014-05/msg00043.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libxml2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libxml2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libxml2-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.3", reference:"libxml2-2-2.9.0-2.21.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libxml2-2-debuginfo-2.9.0-2.21.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libxml2-debugsource-2.9.0-2.21.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libxml2-devel-2.9.0-2.21.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libxml2-tools-2.9.0-2.21.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libxml2-tools-debuginfo-2.9.0-2.21.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"python-libxml2-2.9.0-2.21.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"python-libxml2-debuginfo-2.9.0-2.21.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"python-libxml2-debugsource-2.9.0-2.21.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libxml2-2-32bit-2.9.0-2.21.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libxml2-2-debuginfo-32bit-2.9.0-2.21.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libxml2-devel-32bit-2.9.0-2.21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libxml2-2-2.9.1-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libxml2-2-debuginfo-2.9.1-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libxml2-debugsource-2.9.1-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libxml2-devel-2.9.1-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libxml2-tools-2.9.1-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libxml2-tools-debuginfo-2.9.1-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"python-libxml2-2.9.1-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"python-libxml2-debuginfo-2.9.1-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"python-libxml2-debugsource-2.9.1-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libxml2-2-32bit-2.9.1-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libxml2-2-debuginfo-32bit-2.9.1-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libxml2-devel-32bit-2.9.1-2.4.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2-2 / libxml2-2-32bit / libxml2-2-debuginfo / etc");
    }
    
  • NASL familyMisc.
    NASL idAPPLETV_7_2_1.NASL
    descriptionAccording to its banner, the remote Apple TV device is a version prior to 7.2.1. It is, therefore, affected by multiple vulnerabilities in the following components : - bootp - CFPreferences - CloudKit - Code Signing - CoreMedia Playback - CoreText - DiskImages - FontParser - ImageIO - IOHIDFamily - IOKit - Kernel - Libc - Libinfo - libpthread - libxml2 - libxpc - libxslt - Location Framework - Office Viewer - QL Office - Sandbox_profiles - WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id90315
    published2016-04-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90315
    titleApple TV < 7.2.1 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90315);
      script_version("1.12");
      script_cvs_date("Date: 2019/11/19");
    
      script_cve_id(
        "CVE-2012-6685",
        "CVE-2014-0191",
        "CVE-2014-3660",
        "CVE-2015-3730",
        "CVE-2015-3731",
        "CVE-2015-3732",
        "CVE-2015-3733",
        "CVE-2015-3734",
        "CVE-2015-3735",
        "CVE-2015-3736",
        "CVE-2015-3737",
        "CVE-2015-3738",
        "CVE-2015-3739",
        "CVE-2015-3740",
        "CVE-2015-3741",
        "CVE-2015-3742",
        "CVE-2015-3743",
        "CVE-2015-3744",
        "CVE-2015-3745",
        "CVE-2015-3746",
        "CVE-2015-3747",
        "CVE-2015-3748",
        "CVE-2015-3749",
        "CVE-2015-3750",
        "CVE-2015-3751",
        "CVE-2015-3752",
        "CVE-2015-3753",
        "CVE-2015-3759",
        "CVE-2015-3766",
        "CVE-2015-3768",
        "CVE-2015-3776",
        "CVE-2015-3778",
        "CVE-2015-3782",
        "CVE-2015-3784",
        "CVE-2015-3793",
        "CVE-2015-3795",
        "CVE-2015-3796",
        "CVE-2015-3797",
        "CVE-2015-3798",
        "CVE-2015-3800",
        "CVE-2015-3802",
        "CVE-2015-3803",
        "CVE-2015-3804",
        "CVE-2015-3805",
        "CVE-2015-3806",
        "CVE-2015-3807",
        "CVE-2015-5749",
        "CVE-2015-5755",
        "CVE-2015-5756",
        "CVE-2015-5757",
        "CVE-2015-5758",
        "CVE-2015-5761",
        "CVE-2015-5773",
        "CVE-2015-5774",
        "CVE-2015-5775",
        "CVE-2015-5776",
        "CVE-2015-5777",
        "CVE-2015-5778",
        "CVE-2015-5781",
        "CVE-2015-5782",
        "CVE-2015-7995"
      );
      script_bugtraq_id(
        67233,
        70644,
        76337,
        76338,
        76341,
        76343,
        77325
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2016-02-25-1");
    
      script_name(english:"Apple TV < 7.2.1 Multiple Vulnerabilities");
      script_summary(english:"Checks the version in the banner.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote device is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the remote Apple TV device is a version prior
    to 7.2.1. It is, therefore, affected by multiple vulnerabilities in
    the following components :
    
      - bootp
      - CFPreferences
      - CloudKit
      - Code Signing
      - CoreMedia Playback
      - CoreText
      - DiskImages
      - FontParser
      - ImageIO
      - IOHIDFamily
      - IOKit
      - Kernel
      - Libc
      - Libinfo
      - libpthread
      - libxml2
      - libxpc
      - libxslt
      - Location Framework
      - Office Viewer
      - QL Office
      - Sandbox_profiles
      - WebKit");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT205795");
      # https://lists.apple.com/archives/security-announce/2016/Feb/msg00000.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d959a1e0");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple TV version 7.2.1 or later. Note that this update is
    only available for 3rd generation models.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-5757");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/02/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/04");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:apple_tv");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("appletv_version.nasl");
      script_require_keys("AppleTV/Version", "AppleTV/URL", "AppleTV/Port");
      script_require_ports("Services/www", 7000);
    
      exit(0);
    }
    
    include("audit.inc");
    include("appletv_func.inc");
    
    url = get_kb_item('AppleTV/URL');
    if (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');
    port = get_kb_item('AppleTV/Port');
    if (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');
    
    build = get_kb_item('AppleTV/Version');
    if (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');
    
    model = get_kb_item('AppleTV/Model');
    if (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');
    
    fixed_build = "12H523";
    tvos_ver = '7.2.1';
    gen = APPLETV_MODEL_GEN[model];
    
    appletv_check_version(
      build          : build,
      fix            : fixed_build,
      affected_gen   : 3,
      model          : model,
      gen            : gen,
      fix_tvos_ver   : tvos_ver,
      port           : port,
      url            : url,
      severity       : SECURITY_HOLE
    );
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-16.NASL
    descriptionDaniel P. Berrange discovered a denial of service vulnerability in libxml2 entity substitution. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-03-26
    plugin id82143
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82143
    titleDebian DLA-16-1 : libxml2 security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-16-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82143);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-0191");
      script_bugtraq_id(67233);
    
      script_name(english:"Debian DLA-16-1 : libxml2 security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Daniel P. Berrange discovered a denial of service vulnerability in
    libxml2 entity substitution.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2014/07/msg00005.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze-lts/libxml2"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxml2-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxml2-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxml2-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxml2-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-libxml2-dbg");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"libxml2", reference:"2.7.8.dfsg-2+squeeze9")) flag++;
    if (deb_check(release:"6.0", prefix:"libxml2-dbg", reference:"2.7.8.dfsg-2+squeeze9")) flag++;
    if (deb_check(release:"6.0", prefix:"libxml2-dev", reference:"2.7.8.dfsg-2+squeeze9")) flag++;
    if (deb_check(release:"6.0", prefix:"libxml2-doc", reference:"2.7.8.dfsg-2+squeeze9")) flag++;
    if (deb_check(release:"6.0", prefix:"libxml2-utils", reference:"2.7.8.dfsg-2+squeeze9")) flag++;
    if (deb_check(release:"6.0", prefix:"python-libxml2", reference:"2.7.8.dfsg-2+squeeze9")) flag++;
    if (deb_check(release:"6.0", prefix:"python-libxml2-dbg", reference:"2.7.8.dfsg-2+squeeze9")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-111.NASL
    descriptionUpdated libxml2 packages fix security vulnerabilities : It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors (CVE-2014-0191). A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior (CVE-2014-3660).
    last seen2020-06-01
    modified2020-06-02
    plugin id82364
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82364
    titleMandriva Linux Security Advisory : libxml2 (MDVSA-2015:111)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2015:111. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82364);
      script_version("1.3");
      script_cvs_date("Date: 2019/08/02 13:32:56");
    
      script_cve_id("CVE-2014-0191", "CVE-2014-3660");
      script_xref(name:"MDVSA", value:"2015:111");
    
      script_name(english:"Mandriva Linux Security Advisory : libxml2 (MDVSA-2015:111)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated libxml2 packages fix security vulnerabilities :
    
    It was discovered that libxml2, a library providing support to read,
    modify and write XML files, incorrectly performs entity substituton in
    the doctype prolog, even if the application using libxml2 disabled any
    entity substitution. A remote attacker could provide a specially
    crafted XML file that, when processed, would lead to the exhaustion of
    CPU and memory resources or file descriptors (CVE-2014-0191).
    
    A denial of service flaw was found in libxml2, a library providing
    support to read, modify and write XML and HTML files. A remote
    attacker could provide a specially crafted XML file that, when
    processed by an application using libxml2, would lead to excessive CPU
    consumption (denial of service) based on excessive entity
    substitutions, even if entity substitution was disabled, which is the
    parser default behavior (CVE-2014-3660)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2014-0214.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2014-0418.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xml2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xml2_2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxml2-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxml2-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/03/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64xml2-devel-2.9.1-3.1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64xml2_2-2.9.1-3.1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libxml2-python-2.9.1-3.1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libxml2-utils-2.9.1-3.1.mbs2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWeb Servers
    NASL idORACLE_HTTP_SERVER_CPU_OCT_2015.NASL
    descriptionThe version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities : - (CVE-2003-1418) - A denial of service vulnerability exists in libxml2, related to the xmlParserHandlePEReference() function in file parser.c, due to loading external parameter entities without regard to entity substitution or validation being enabled, as in the case of entity substitution in the doctype prolog. An unauthenticated, remote attacker can exploit this, via specially crafted XML content, to exhaust the system CPU, memory, or file descriptor resources. (CVE-2014-0191) - An unspecified vulnerability exists in the Web Listener component that allows an unauthenticated, remote attacker to impact availability. (CVE-2015-1829) - (CVE-2015-2808) - An unspecified vulnerability exists in the OSSL Module that allows an unauthenticated, remote attacker to impact confidentiality. (CVE-2015-4812) - An unspecified vulnerability exists in the Web Listener component that allows an authenticated, remote attacker to impact confidentiality. (CVE-2015-4914) - (CVE-2016-2183)
    last seen2020-03-18
    modified2015-10-23
    plugin id86569
    published2015-10-23
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86569
    titleOracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (October 2015 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(86569);
      script_version("1.19");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");
    
      script_cve_id(
        "CVE-2003-1418",
        "CVE-2014-0191",
        "CVE-2015-1829",
        "CVE-2015-2808",
        "CVE-2015-4812",
        "CVE-2015-4914",
        "CVE-2016-2183"
      );
      script_bugtraq_id(
        67233,
        73684,
        75164,
        77195,
        77201,
        92630
      );
    
      script_name(english:"Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (October 2015 CPU)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle HTTP Server installed on the remote host is
    affected by multiple vulnerabilities :
    
      - (CVE-2003-1418)
    
      - A denial of service vulnerability exists in libxml2,
        related to the xmlParserHandlePEReference() function in
        file parser.c, due to loading external parameter
        entities without regard to entity substitution or
        validation being enabled, as in the case of entity
        substitution in the doctype prolog. An unauthenticated,
        remote attacker can exploit this, via specially crafted
        XML content, to exhaust the system CPU, memory, or file
        descriptor resources. (CVE-2014-0191)
    
      - An unspecified vulnerability exists in the Web Listener
        component that allows an unauthenticated, remote
        attacker to impact availability. (CVE-2015-1829)
    
      -  (CVE-2015-2808)
    
      - An unspecified vulnerability exists in the OSSL Module
        that allows an unauthenticated, remote attacker to
        impact confidentiality. (CVE-2015-4812)
    
      - An unspecified vulnerability exists in the Web Listener
        component that allows an authenticated, remote attacker
        to impact confidentiality. (CVE-2015-4914)
    
      - (CVE-2016-2183)");
      # http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75a4a4fb");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the October 2015 Oracle Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-2183");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(200);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/10/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/23");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:http_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_http_server_installed.nbin");
      script_require_keys("Oracle/OHS/Installed");
    
      exit(0);
    }
    
    include('oracle_http_server_patch_func.inc');
    
    get_kb_item_or_exit('Oracle/OHS/Installed');
    install_list = get_kb_list_or_exit('Oracle/OHS/*/EffectiveVersion');
    
    install = branch(install_list, key:TRUE, value:TRUE);
    
    patches = make_array();
    patches['10.1.3.5'] = make_array('fix_ver', '10.1.3.5.151020', 'patch', '21845960');
    patches['11.1.1.7'] = make_array('fix_ver', '11.1.1.7.151020', 'patch', '21640624');
    patches['11.1.1.9'] = make_array('fix_ver', '11.1.1.9.151020', 'patch', '21663064');
    patches['12.1.2.0'] = make_array('fix_ver', '12.1.2.0.151120', 'patch', '21768251');
    patches['12.1.3.0'] = make_array('fix_ver', '12.1.3.0.160130', 'patch', '21640673');
    
    oracle_http_server_check_vuln(
      install : install,
      min_patches : patches,
      severity : SECURITY_WARNING
    );
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0513.NASL
    descriptionFrom Red Hat Security Advisory 2014:0513 : Updated libxml2 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) An out-of-bounds read flaw was found in the way libxml2 detected the end of an XML file. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to crash. (CVE-2013-2877) The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat. All libxml2 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id74100
    published2014-05-20
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74100
    titleOracle Linux 6 : libxml2 (ELSA-2014-0513)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_EFDD0EDCDA3D11E39ECB2C4138874F7D.NASL
    descriptionStefan Cornelius reports : It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors. This issue was discovered by Daniel Berrange of Red Hat.
    last seen2020-06-01
    modified2020-06-02
    plugin id73975
    published2014-05-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73975
    titleFreeBSD : libxml2 -- entity substitution DoS (efdd0edc-da3d-11e3-9ecb-2c4138874f7d)
  • NASL familyAIX Local Security Checks
    NASL idAIX_U861276.NASL
    descriptionThe remote host is missing AIX PTF U861276, which is related to the security of the package bos.rte.control. Libxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the xmlParserHandlePEReference().
    last seen2020-06-01
    modified2020-06-02
    plugin id79062
    published2014-11-10
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79062
    titleAIX 6.1 TL 9 : bos.rte.control (U861276)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-409.NASL
    descriptionRemoved fix for CVE-2014-0191. This fix breaks existing applications and there
    last seen2020-06-05
    modified2014-06-13
    plugin id75381
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75381
    titleopenSUSE Security Update : libxml2 / python-libxml2 (openSUSE-SU-2014:0753-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-17609.NASL
    descriptionUpdate to libxml2 2.9.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-01-02
    plugin id80327
    published2015-01-02
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80327
    titleFedora 21 : mingw-libxml2-2.9.2-1.fc21 (2014-17609)
  • NASL familyWeb Servers
    NASL idORACLE_HTTP_SERVER_CPU_JAN_2015.NASL
    descriptionThe version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities in the Web Listener subcomponent : - An integer overflow condition exists in libxml2 within file xpath.c, related to XPath expressions when adding a new namespace note. An unauthenticated, remote attacker can exploit this, via a crafted XML file, to cause a denial of service condition or the execution of arbitary code. (CVE-2011-1944) - An integer overflow condition exists in the HTTP server, specifically in the ap_pregsub() function within file server/util.c, when the mod_setenvif module is enabled. A local attacker can exploit this to gain elevated privileges by using an .htaccess file with a crafted combination of SetEnvIf directives and HTTP request headers. (CVE-2011-3607) - A flaw exists in libxml2, known as the
    last seen2020-03-18
    modified2015-01-27
    plugin id81002
    published2015-01-27
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81002
    titleOracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2015 CPU)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0513.NASL
    descriptionUpdated libxml2 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) An out-of-bounds read flaw was found in the way libxml2 detected the end of an XML file. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to crash. (CVE-2013-2877) The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat. All libxml2 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id74094
    published2014-05-20
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74094
    titleCentOS 6 : libxml2 (CESA-2014:0513)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IV62447.NASL
    descriptionLibxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the xmlParserHandlePEReference().
    last seen2020-06-01
    modified2020-06-02
    plugin id77257
    published2014-08-20
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77257
    titleAIX 6.1 TL 8 : libxml2 (IV62447)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140519_LIBXML2_ON_SL6_X.NASL
    descriptionIt was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) An out-of-bounds read flaw was found in the way libxml2 detected the end of an XML file. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to crash. (CVE-2013-2877) The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen2020-03-18
    modified2014-05-20
    plugin id74103
    published2014-05-20
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74103
    titleScientific Linux Security Update : libxml2 on SL6.x i386/x86_64 (20140519)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IV62448.NASL
    descriptionLibxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the xmlParserHandlePEReference().
    last seen2020-06-01
    modified2020-06-02
    plugin id77258
    published2014-08-20
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77258
    titleAIX 6.1 TL 9 : libxml2 (IV62448)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201409-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201409-08 (libxml2: Denial of Service) A vulnerability in the xmlParserHandlePEReference() function of parser.c, when expanding entity references, can be exploited to consume large amounts of memory and cause a crash or hang. Impact : A remote attacker may be able to cause Denial of Service via a specially crafted XML file containing malicious attributes. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id77776
    published2014-09-22
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77776
    titleGLSA-201409-08 : libxml2: Denial of Service
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-394.NASL
    descriptionUpdated fix for openSUSE-SU-2014:0645-1 because of a regression that caused xmllint to break.
    last seen2020-06-05
    modified2014-06-13
    plugin id75373
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75373
    titleopenSUSE Security Update : libxml2 / python-libxml2 (openSUSE-SU-2014:0716-1)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IV62449.NASL
    descriptionLibxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the xmlParserHandlePEReference().
    last seen2020-06-01
    modified2020-06-02
    plugin id77259
    published2014-08-20
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77259
    titleAIX 7.1 TL 2 : libxml2 (IV62449)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-086.NASL
    descriptionUpdated libxml2 packages fix security vulnerability : It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors (CVE-2014-0191).
    last seen2020-06-01
    modified2020-06-02
    plugin id73978
    published2014-05-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73978
    titleMandriva Linux Security Advisory : libxml2 (MDVSA-2014:086)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-341.NASL
    descriptionIt was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors.
    last seen2020-06-01
    modified2020-06-02
    plugin id78284
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78284
    titleAmazon Linux AMI : libxml2 (ALAS-2014-341)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_10_5.NASL
    descriptionThe remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - Apple ID OD Plug-in - AppleGraphicsControl - Bluetooth - bootp - CloudKit - CoreMedia Playback - CoreText - curl - Data Detectors Engine - Date & Time pref pane - Dictionary Application - DiskImages - dyld - FontParser - groff - ImageIO - Install Framework Legacy - IOFireWireFamily - IOGraphics - IOHIDFamily - Kernel - Libc - Libinfo - libpthread - libxml2 - libxpc - mail_cmds - Notification Center OSX - ntfs - OpenSSH - OpenSSL - perl - PostgreSQL - python - QL Office - Quartz Composer Framework - Quick Look - QuickTime 7 - SceneKit - Security - SMBClient - Speech UI - sudo - tcpdump - Text Formats - udf Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id85408
    published2015-08-17
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85408
    titleMac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_1_BUILD_2323236_REMOTE.NASL
    descriptionThe remote VMware ESXi host is version 5.1 prior to build 2323236. It is, therefore, affected by the following vulnerabilities in bundled third-party libraries : - Multiple vulnerabilities exist in the bundled Python library. (CVE-2011-3389, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150, CVE-2013-1752, CVE-2013-4238) - Multiple vulnerabilities exist in the bundled GNU C Library (glibc). (CVE-2013-0242, CVE-2013-1914, CVE-2013-4332) - Multiple vulnerabilities exist in the bundled XML Parser library (libxml2). (CVE-2013-2877, CVE-2014-0191) - Multiple vulnerabilities exist in the bundled cURL library (libcurl). (CVE-2014-0015, CVE-2014-0138)
    last seen2020-06-01
    modified2020-06-02
    plugin id79862
    published2014-12-12
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79862
    titleESXi 5.1 < Build 2323236 Third-Party Libraries Multiple Vulnerabilities (remote check) (BEAST)
  • NASL familyAIX Local Security Checks
    NASL idAIX_U862099.NASL
    descriptionThe remote host is missing AIX PTF U862099, which is related to the security of the package bos.rte.control. Libxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the xmlParserHandlePEReference().
    last seen2020-06-01
    modified2020-06-02
    plugin id79063
    published2014-11-10
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79063
    titleAIX 7.1 TL 3 : bos.rte.control (U862099)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2015-006.NASL
    descriptionThe remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-006. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - CoreText - FontParser - Libinfo - libxml2 - OpenSSL - perl - PostgreSQL - QL Office - Quartz Composer Framework - QuickTime 7 - SceneKit Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id85409
    published2015-08-17
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85409
    titleMac OS X Multiple Vulnerabilities (Security Update 2015-006)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0749.NASL
    descriptionFrom Red Hat Security Advisory 2015:0749 : Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82464
    published2015-03-31
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82464
    titleOracle Linux 7 : libxml2 (ELSA-2015-0749)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150330_LIBXML2_ON_SL7_X.NASL
    descriptionIt was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen2020-03-18
    modified2015-03-31
    plugin id82468
    published2015-03-31
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82468
    titleScientific Linux Security Update : libxml2 on SL7.x x86_64 (20150330)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-4658.NASL
    descriptionfixes built in also added a couple of other entities related patches including a fix to CVE-2014-3660 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-04-08
    plugin id82627
    published2015-04-08
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82627
    titleFedora 21 : libxml2-2.9.1-7.fc21 (2015-4658)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-151.NASL
    descriptionIt was discovered that the update released for libxml2 in DSA 2978 fixing CVE-2014-0191 was incomplete. This caused libxml2 to still fetch external entities regardless of whether entity substitution or validation is enabled. In addition, this update addresses a regression introduced in DSA 3057 by the patch fixing CVE-2014-3660. This caused libxml2 to not parse an entity when it
    last seen2020-03-17
    modified2015-03-26
    plugin id82134
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82134
    titleDebian DLA-151-1 : libxml2 security update
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0749.NASL
    descriptionUpdated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82476
    published2015-04-01
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82476
    titleCentOS 7 : libxml2 (CESA-2015:0749)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2978.NASL
    descriptionDaniel P. Berrange discovered a denial of service vulnerability in libxml2 entity substitution.
    last seen2020-03-17
    modified2014-07-15
    plugin id76499
    published2014-07-15
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76499
    titleDebian DSA-2978-1 : libxml2 - security update
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_LIBXML2_20140819.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates.
    last seen2020-06-01
    modified2020-06-02
    plugin id80692
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80692
    titleOracle Solaris Third-Party Patch Update : libxml2 (cve_2014_0191_denial_of)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2214-1.NASL
    descriptionDaniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id74035
    published2014-05-16
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74035
    titleUbuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : libxml2 vulnerability (USN-2214-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0513.NASL
    descriptionUpdated libxml2 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) An out-of-bounds read flaw was found in the way libxml2 detected the end of an XML file. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to crash. (CVE-2013-2877) The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat. All libxml2 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id74102
    published2014-05-20
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74102
    titleRHEL 6 : libxml2 (RHSA-2014:0513)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-80.NASL
    descriptionSogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. (CVE-2014-3660) In addition, this update addresses a misapplied chunk for a patch released the previous version (#762864). NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-03-26
    plugin id82225
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82225
    titleDebian DLA-80-1 : libxml2 security update
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2014-0031.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball - CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1149085) - Fix a set of regressions introduced in CVE-2014-0191 (rhbz#1105011) - Improve handling of xmlStopParser(CVE-2013-2877) - Do not fetch external parameter entities (CVE-2014-0191) - Fix a regression in 2.9.0 breaking validation while streaming (rhbz#863166) - detect and stop excessive entities expansion upon replacement (rhbz#912575)
    last seen2020-06-01
    modified2020-06-02
    plugin id79546
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79546
    titleOracleVM 3.3 : libxml2 (OVMSA-2014-0031)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-17573.NASL
    descriptionUpdate to libxml2 2.9.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-01-02
    plugin id80318
    published2015-01-02
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80318
    titleFedora 20 : mingw-libxml2-2.9.2-1.fc20 (2014-17573)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IV62450.NASL
    descriptionLibxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the xmlParserHandlePEReference().
    last seen2020-06-01
    modified2020-06-02
    plugin id77260
    published2014-08-20
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77260
    titleAIX 7.1 TL 3 : libxml2 (IV62450)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2014-0012_REMOTE.NASL
    descriptionThe remote VMware ESXi host is affected by multiple vulnerabilities : - Multiple denial of service vulnerabilities exist in Python function _read_status() in library httplib and in function readline() in libraries smtplib, ftplib, nntplib, imaplib, and poplib. A remote attacker can exploit these vulnerabilities to crash the module. (CVE-2013-1752) - A out-of-bounds read error exists in file parser.c in library libxml2 due to a failure to properly check the XML_PARSER_EOF state. An unauthenticated, remote attacker can exploit this, via a crafted document that abruptly ends, to cause a denial of service. (CVE-2013-2877) - A spoofing vulnerability exists in the Python SSL module in the ssl.match_hostname() function due to improper handling of the NULL character (
    last seen2020-06-01
    modified2020-06-02
    plugin id87681
    published2015-12-30
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/87681
    titleVMware ESXi Multiple Vulnerabilities (VMSA-2014-0012)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0749.NASL
    descriptionUpdated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id82427
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82427
    titleRHEL 7 : libxml2 (RHSA-2015:0749)
  • NASL familyMisc.
    NASL idVMWARE_VCENTER_VMSA-2014-0012.NASL
    descriptionThe VMware vCenter Server installed on the remote host is version 5.0 prior to Update 3c, 5.1 prior to Update 3, or 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities in third party libraries : - Due to improper certificate validation when connecting to a CIM server on an ESXi host, an attacker can perform man-in-the-middle attacks. (CVE-2014-8371) - The bundled version of Oracle JRE is prior to 1.6.0_81 and thus is affected by multiple vulnerabilities. Note that this only affects version 5.1 and 5.0 of vCenter but is only fixed in 5.1 Update 3.
    last seen2020-06-01
    modified2020-06-02
    plugin id79865
    published2014-12-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79865
    titleVMware Security Updates for vCenter Server (VMSA-2014-0012)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-4719.NASL
    descriptionfixes built in also added a couple of other entities related patches including a fix to CVE-2014-3660 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-04-13
    plugin id82728
    published2015-04-13
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82728
    titleFedora 20 : libxml2-2.9.1-4.fc20 (2015-4719)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2014-0012.NASL
    descriptiona. VMware vCSA cross-site scripting vulnerability VMware vCenter Server Appliance (vCSA) contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page. VMware would like to thank Tanya Secker of Trustwave SpiderLabs for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3797 to this issue. b. vCenter Server certificate validation issue vCenter Server does not properly validate the presented certificate when establishing a connection to a CIM Server residing on an ESXi host. This may allow for a Man-in-the-middle attack against the CIM service. VMware would like to thank The Google Security Team for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-8371 to this issue. c. Update to ESXi libxml2 package libxml2 is updated to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-2877 and CVE-2014-0191 to these issues. d. Update to ESXi Curl package Curl is updated to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0015 and CVE-2014-0138 to these issues. e. Update to ESXi Python package Python is updated to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-1752 and CVE-2013-4238 to these issues. f. vCenter and Update Manager, Oracle JRE 1.6 Update 81 Oracle has documented the CVE identifiers that are addressed in JRE 1.6.0 update 81 in the Oracle Java SE Critical Patch Update Advisory of July 2014. The References section provides a link to this advisory.
    last seen2020-06-01
    modified2020-06-02
    plugin id79762
    published2014-12-06
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79762
    titleVMSA-2014-0012 : VMware vSphere product updates address security vulnerabilities

Redhat

advisories
  • bugzilla
    id1090976
    titleCVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentlibxml2-python is earlier than 0:2.7.6-14.el6_5.1
            ovaloval:com.redhat.rhsa:tst:20140513001
          • commentlibxml2-python is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111749008
        • AND
          • commentlibxml2-devel is earlier than 0:2.7.6-14.el6_5.1
            ovaloval:com.redhat.rhsa:tst:20140513003
          • commentlibxml2-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111749004
        • AND
          • commentlibxml2 is earlier than 0:2.7.6-14.el6_5.1
            ovaloval:com.redhat.rhsa:tst:20140513005
          • commentlibxml2 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111749006
        • AND
          • commentlibxml2-static is earlier than 0:2.7.6-14.el6_5.1
            ovaloval:com.redhat.rhsa:tst:20140513007
          • commentlibxml2-static is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111749002
    rhsa
    idRHSA-2014:0513
    released2014-05-19
    severityModerate
    titleRHSA-2014:0513: libxml2 security update (Moderate)
  • bugzilla
    id1090976
    titleCVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentlibxml2-static is earlier than 0:2.9.1-5.el7_1.2
            ovaloval:com.redhat.rhsa:tst:20150749001
          • commentlibxml2-static is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111749002
        • AND
          • commentlibxml2-devel is earlier than 0:2.9.1-5.el7_1.2
            ovaloval:com.redhat.rhsa:tst:20150749003
          • commentlibxml2-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111749004
        • AND
          • commentlibxml2 is earlier than 0:2.9.1-5.el7_1.2
            ovaloval:com.redhat.rhsa:tst:20150749005
          • commentlibxml2 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111749006
        • AND
          • commentlibxml2-python is earlier than 0:2.9.1-5.el7_1.2
            ovaloval:com.redhat.rhsa:tst:20150749007
          • commentlibxml2-python is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111749008
    rhsa
    idRHSA-2015:0749
    released2015-03-30
    severityModerate
    titleRHSA-2015:0749: libxml2 security update (Moderate)
rpms
  • libxml2-0:2.7.6-14.el6_5.1
  • libxml2-debuginfo-0:2.7.6-14.el6_5.1
  • libxml2-devel-0:2.7.6-14.el6_5.1
  • libxml2-python-0:2.7.6-14.el6_5.1
  • libxml2-static-0:2.7.6-14.el6_5.1
  • libxml2-0:2.9.1-5.ael7b_1.2
  • libxml2-0:2.9.1-5.el7_1.2
  • libxml2-debuginfo-0:2.9.1-5.ael7b_1.2
  • libxml2-debuginfo-0:2.9.1-5.el7_1.2
  • libxml2-devel-0:2.9.1-5.ael7b_1.2
  • libxml2-devel-0:2.9.1-5.el7_1.2
  • libxml2-python-0:2.9.1-5.ael7b_1.2
  • libxml2-python-0:2.9.1-5.el7_1.2
  • libxml2-static-0:2.9.1-5.ael7b_1.2
  • libxml2-static-0:2.9.1-5.el7_1.2

References