Vulnerabilities > CVE-2018-9251 - Infinite Loop vulnerability in multiple products

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
high complexity
xmlsoft
debian
CWE-835
nessus

Summary

The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.

Vulnerable Configurations

Part Description Count
Application
Xmlsoft
1
OS
Debian
1

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2211.NASL
    descriptionAccording to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the
    last seen2020-05-08
    modified2019-11-08
    plugin id130673
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130673
    titleEulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2019-2211)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130673);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2015-8806",
        "CVE-2017-5969",
        "CVE-2017-8872",
        "CVE-2017-9048",
        "CVE-2017-9049",
        "CVE-2017-9050",
        "CVE-2018-14567",
        "CVE-2018-9251"
      );
    
      script_name(english:"EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2019-2211)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the libxml2 packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - dict.c in libxml2 allows remote attackers to cause a
        denial of service (heap-based buffer over-read and
        application crash) via an unexpected character
        immediately after the '<!DOCTYPE html' substring in a
        crafted HTML document.(CVE-2015-8806)
    
      - libxml2 2.9.4, when used in recover mode, allows remote
        attackers to cause a denial of service (NULL pointer
        dereference) via a crafted XML document. NOTE: The
        maintainer states 'I would disagree of a CVE with the
        Recover parsing option which should only be used for
        manual recovery at least for XML
        parser.'(CVE-2017-5969)
    
      - The htmlParseTryOrFinish function in HTMLparser.c in
        libxml2 2.9.4 allows attackers to cause a denial of
        service (buffer over-read) or information
        disclosure.(CVE-2017-8872)
    
      - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a
        stack-based buffer overflow. The function
        xmlSnprintfElementContent in valid.c is supposed to
        recursively dump the element content definition into a
        char buffer 'buf' of size 'size'. At the end of the
        routine, the function may strcat two more characters
        without checking whether the current strlen(buf) + 2 <
        size. This vulnerability causes programs that use
        libxml2, such as PHP, to crash.(CVE-2017-9048)
    
      - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a
        heap-based buffer over-read in the
        xmlDictComputeFastKey function in dict.c. This
        vulnerability causes programs that use libxml2, such as
        PHP, to crash. This vulnerability exists because of an
        incomplete fix for libxml2 Bug 759398.(CVE-2017-9049)
    
      - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a
        heap-based buffer over-read in the xmlDictAddString
        function in dict.c. This vulnerability causes programs
        that use libxml2, such as PHP, to crash. This
        vulnerability exists because of an incomplete fix for
        CVE-2016-1839.(CVE-2017-9050)
    
      - The xz_decomp function in xzlib.c in libxml2 2.9.8, if
        --with-lzma is used, allows remote attackers to cause a
        denial of service (infinite loop) via a crafted XML
        file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated
        by xmllint, a different vulnerability than
        CVE-2015-8035.(CVE-2018-9251)
    
      - libxml2 2.9.8, if --with-lzma is used, allows remote
        attackers to cause a denial of service (infinite loop)
        via a crafted XML file that triggers
        LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a
        different vulnerability than CVE-2015-8035 and
        CVE-2018-9251.(CVE-2018-14567)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2211
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?20307672");
      script_set_attribute(attribute:"solution", value:
    "Update the affected libxml2 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxml2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxml2-python");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["libxml2-2.9.1-6.3.h20.eulerosv2r7",
            "libxml2-devel-2.9.1-6.3.h20.eulerosv2r7",
            "libxml2-python-2.9.1-6.3.h20.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-E198CF4A64.NASL
    descriptionFix few CVEs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-08-10
    plugin id111621
    published2018-08-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111621
    titleFedora 27 : libxml2 (2018-e198cf4a64)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-e198cf4a64.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111621);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-14404", "CVE-2018-9251");
      script_xref(name:"FEDORA", value:"2018-e198cf4a64");
    
      script_name(english:"Fedora 27 : libxml2 (2018-e198cf4a64)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fix few CVEs
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-e198cf4a64"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libxml2 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libxml2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/08/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC27", reference:"libxml2-2.9.8-4.fc27")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3081-1.NASL
    descriptionThis update for libxml2 fixes the following security issues : CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279). CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166). CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046). CVE-2017-18258: The xz_head function allowed remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality did not restrict memory usage to what is required for a legitimate file (bsc#1088601). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118032
    published2018-10-10
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118032
    titleSUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2018:3081-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:3081-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118032);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/10 13:51:49");
    
      script_cve_id("CVE-2017-18258", "CVE-2018-14404", "CVE-2018-14567", "CVE-2018-9251");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2018:3081-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libxml2 fixes the following security issues :
    
    CVE-2018-9251: The xz_decomp function allowed remote attackers to
    cause a denial of service (infinite loop) via a crafted XML file that
    triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint
    (bsc#1088279).
    
    CVE-2018-14567: Prevent denial of service (infinite loop) via a
    crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by
    xmllint (bsc#1105166).
    
    CVE-2018-14404: Prevent NULL pointer dereference in the
    xmlXPathCompOpEval() function when parsing an invalid XPath expression
    in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service
    attack (bsc#1102046).
    
    CVE-2017-18258: The xz_head function allowed remote attackers to cause
    a denial of service (memory consumption) via a crafted LZMA file,
    because the decoder functionality did not restrict memory usage to
    what is required for a legitimate file (bsc#1088601).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1088279"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1088601"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1102046"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105166"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18258/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-14404/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-14567/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-9251/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20183081-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?01eed67d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2018-2181=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2018-2181=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2018-2181=1
    
    SUSE CaaS Platform ALL :
    
    To install this update, use the SUSE CaaS Platform Velum dashboard. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.
    
    SUSE CaaS Platform 3.0 :
    
    To install this update, use the SUSE CaaS Platform Velum dashboard. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.
    
    OpenStack Cloud Magnum Orchestration 7:zypper in -t patch
    SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2181=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-libxml2-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libxml2-2-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libxml2-2-debuginfo-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libxml2-debugsource-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libxml2-tools-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libxml2-tools-debuginfo-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-libxml2-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-libxml2-debuginfo-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-libxml2-debugsource-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libxml2-2-32bit-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libxml2-2-debuginfo-32bit-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libxml2-2-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libxml2-2-32bit-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libxml2-2-debuginfo-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libxml2-2-debuginfo-32bit-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libxml2-debugsource-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libxml2-tools-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libxml2-tools-debuginfo-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-libxml2-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-libxml2-debuginfo-2.9.4-46.15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-libxml2-debugsource-2.9.4-46.15.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1150.NASL
    descriptionThis update for libxml2 fixes the following security issues : - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279) - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166) - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-10-15
    plugin id118116
    published2018-10-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118116
    titleopenSUSE Security Update : libxml2 (openSUSE-2018-1150)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-1150.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118116);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-14404", "CVE-2018-14567", "CVE-2018-9251");
    
      script_name(english:"openSUSE Security Update : libxml2 (openSUSE-2018-1150)");
      script_summary(english:"Check for the openSUSE-2018-1150 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libxml2 fixes the following security issues :
    
      - CVE-2018-9251: The xz_decomp function allowed remote
        attackers to cause a denial of service (infinite loop)
        via a crafted XML file that triggers
        LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint
        (bsc#1088279)
    
      - CVE-2018-14567: Prevent denial of service (infinite
        loop) via a crafted XML file that triggers
        LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint
        (bsc#1105166)
    
      - CVE-2018-14404: Prevent NULL pointer dereference in the
        xmlXPathCompOpEval() function when parsing an invalid
        XPath expression in the XPATH_OP_AND or XPATH_OP_OR case
        leading to a denial of service attack (bsc#1102046)
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1088279"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102046"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1105166"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libxml2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libxml2-python-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python2-libxml2-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python2-libxml2-python-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-libxml2-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-libxml2-python-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"libxml2-2-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxml2-2-debuginfo-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxml2-debugsource-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxml2-devel-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxml2-tools-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxml2-tools-debuginfo-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"python-libxml2-python-debugsource-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"python2-libxml2-python-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"python2-libxml2-python-debuginfo-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"python3-libxml2-python-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"python3-libxml2-python-debuginfo-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libxml2-2-32bit-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libxml2-2-32bit-debuginfo-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libxml2-devel-32bit-2.9.7-lp150.2.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2-2 / libxml2-2-debuginfo / libxml2-debugsource / etc");
    }
    
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_JSA10916.NASL
    descriptionAccording to its self-reported version number, the remote Juniper Junos device is affected by a Multiple vulnerabilities in libxml2: - Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.(CVE-2016-4448) - The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. (CVE-2016-3627)
    last seen2020-06-01
    modified2020-06-02
    plugin id121070
    published2019-01-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121070
    titleJunos OS: Multiple vulnerabilities in libxml2 (JSA10916)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(121070);
      script_version("1.3");
      script_cvs_date("Date: 2019/04/18 12:05:36");
    
      script_cve_id(
          "CVE-2016-3627", 
          "CVE-2016-3705",
          "CVE-2016-4447", 
          "CVE-2016-4448",
          "CVE-2016-4449", 
          "CVE-2017-7375",
          "CVE-2017-18258", 
          "CVE-2018-9251"
        );
      script_xref(name:"JSA", value:"JSA10916");
    
      script_name(english:"Junos OS: Multiple vulnerabilities in libxml2 (JSA10916)");
      script_summary(english:"Checks the Junos version and build date.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote device is missing a vendor-supplied security patch.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version number, the remote Juniper
    Junos device is affected by a Multiple vulnerabilities in libxml2:
    
    - Format string vulnerability in libxml2 before 2.9.4 allows 
      attackers to have unspecified impact via format string 
      specifiers in unknown vectors.(CVE-2016-4448)
      
    - The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and 
      earlier, when used in recovery mode, allows context-dependent 
      attackers to cause a denial of service (infinite recursion, stack 
      consumption, and application crash) via a crafted XML document. 
      (CVE-2016-3627)");
      script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10916");
      script_set_attribute(attribute:"solution", value:
    "Apply the relevant Junos software release referenced in Juniper
    advisory JSA10916.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4448");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/01/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/11");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Junos Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("junos_version.nasl");
      script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");
    
      exit(0);
    }
    
    include("audit.inc");
    include("junos.inc");
    include("misc_func.inc");
    
    ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
    model = get_kb_item_or_exit('Host/Juniper/model');
    
    fixes = make_array();
    
    fixes['12.3R'] = '12.3R12-S10';
    
    if (model =~ '^SRX')
    {
        fixes['12.1X46'] = '12.1X46-D81';
        fixes['12.3X48'] = '12.3X48-D75';
        fixes['15.1X49'] = '15.1X49-D150';
    }
    if (model =~ '^NFX')
    {
        fixes['15.1X53'] = '15.1X53-D495';
    }
    if (model =~ '^QFX5')
    {
        fixes['15.1X53'] = '15.1X53-D234';
    }
    if (model =~ '^QFX10000')
    {
        fixes['15.1X53'] = '15.1X53-D68';
    }
    if (model =~ '^EX')
    {
        fixes['15.1X53'] = '15.1X53-D590';
    }
    if (model =~ '^EX' || model =~ '^QFX')
    {
        fixes['14.1X53'] = '15.1X53-D590';
    }
    fixes['15.1'] = '15.1R4-S9';
    fixes['15.1F'] = '15.1F6-S11';
    fixes['16.1'] = '16.1R4-S11';
    fixes['16.2'] = '16.2R2-S7';
    fixes['17.1'] = '17.1R2-S9';
    fixes['17.2'] = '17.2R1-S7';
    fixes['17.3'] = '17.3R2-S4';
    fixes['17.4'] = '17.4R2';
    fixes['18.1'] = '18.1R2-S2';
    fixes['18.2'] = '18.2R1-S1';
    fixes['18.2X75'] = '18.2X75-D20';
    
    fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);
    
    if (report_verbosity > 0)
    {
      report = get_report(ver:ver, fix:fix);
      security_hole(port:0, extra:report);
    }
    else security_hole(0);
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3080-1.NASL
    descriptionThis update for libxml2 fixes the following security issues : CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279) CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166) CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-02
    plugin id120125
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120125
    titleSUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2018:3080-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:3080-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120125);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/16");
    
      script_cve_id("CVE-2018-14404", "CVE-2018-14567", "CVE-2018-9251");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2018:3080-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libxml2 fixes the following security issues :
    
    CVE-2018-9251: The xz_decomp function allowed remote attackers to
    cause a denial of service (infinite loop) via a crafted XML file that
    triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279)
    
    CVE-2018-14567: Prevent denial of service (infinite loop) via a
    crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by
    xmllint (bsc#1105166)
    
    CVE-2018-14404: Prevent NULL pointer dereference in the
    xmlXPathCompOpEval() function when parsing an invalid XPath expression
    in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service
    attack (bsc#1102046)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1088279"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1102046"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105166"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-14404/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-14567/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-9251/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20183080-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d57ed144"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-2018-2182=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-2-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-libxml2-python-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python2-libxml2-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python2-libxml2-python-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-libxml2-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-libxml2-python-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libxml2-2-32bit-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libxml2-2-32bit-debuginfo-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libxml2-2-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libxml2-2-debuginfo-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libxml2-debugsource-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libxml2-devel-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libxml2-tools-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libxml2-tools-debuginfo-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"python-libxml2-python-debugsource-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"python2-libxml2-python-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"python2-libxml2-python-debuginfo-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"python3-libxml2-python-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"python3-libxml2-python-debuginfo-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libxml2-2-32bit-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libxml2-2-32bit-debuginfo-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libxml2-2-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libxml2-2-debuginfo-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libxml2-debugsource-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libxml2-devel-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libxml2-tools-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libxml2-tools-debuginfo-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"python-libxml2-python-debugsource-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"python2-libxml2-python-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"python2-libxml2-python-debuginfo-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"python3-libxml2-python-2.9.7-3.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"python3-libxml2-python-debuginfo-2.9.7-3.3.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-785.NASL
    descriptionThis update for libxml2 fixes the following security issues : - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279) - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166) - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123336
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123336
    titleopenSUSE Security Update : libxml2 (openSUSE-2019-785)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-785.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123336);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/30");
    
      script_cve_id("CVE-2018-14404", "CVE-2018-14567", "CVE-2018-9251");
    
      script_name(english:"openSUSE Security Update : libxml2 (openSUSE-2019-785)");
      script_summary(english:"Check for the openSUSE-2019-785 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libxml2 fixes the following security issues :
    
      - CVE-2018-9251: The xz_decomp function allowed remote
        attackers to cause a denial of service (infinite loop)
        via a crafted XML file that triggers
        LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint
        (bsc#1088279)
    
      - CVE-2018-14567: Prevent denial of service (infinite
        loop) via a crafted XML file that triggers
        LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint
        (bsc#1105166)
    
      - CVE-2018-14404: Prevent NULL pointer dereference in the
        xmlXPathCompOpEval() function when parsing an invalid
        XPath expression in the XPATH_OP_AND or XPATH_OP_OR case
        leading to a denial of service attack (bsc#1102046)
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1088279"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102046"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1105166"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libxml2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libxml2-python-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python2-libxml2-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python2-libxml2-python-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-libxml2-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-libxml2-python-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"libxml2-2-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxml2-2-debuginfo-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxml2-debugsource-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxml2-devel-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxml2-tools-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxml2-tools-debuginfo-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"python-libxml2-python-debugsource-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"python2-libxml2-python-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"python2-libxml2-python-debuginfo-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"python3-libxml2-python-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"python3-libxml2-python-debuginfo-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libxml2-2-32bit-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libxml2-2-32bit-debuginfo-2.9.7-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libxml2-devel-32bit-2.9.7-lp150.2.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2-2 / libxml2-2-32bit / libxml2-2-32bit-debuginfo / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1524.NASL
    descriptionCVE-2018-14404 Fix of a NULL pointer dereference which might result in a crash and thus in a denial of service. CVE-2018-14567 and CVE-2018-9251 Approvement in LZMA error handling which prevents an infinite loop. CVE-2017-18258 Limit available memory to 100MB to avoid exhaustive memory consumption by malicious files. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id117811
    published2018-09-28
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117811
    titleDebian DLA-1524-1 : libxml2 security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1149.NASL
    descriptionThis update for libxml2 fixes the following security issues : - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279). - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166). - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046). - CVE-2017-18258: The xz_head function allowed remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality did not restrict memory usage to what is required for a legitimate file (bsc#1088601). This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2018-10-15
    plugin id118115
    published2018-10-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118115
    titleopenSUSE Security Update : libxml2 (openSUSE-2018-1149)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0024_LIBXML2.NASL
    descriptionAn update of the libxml2 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id128154
    published2019-08-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128154
    titlePhoton OS 3.0: Libxml2 PHSA-2019-3.0-0024
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1268.NASL
    descriptionAccording to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.(CVE-2017-9050) - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.(CVE-2017-9049) - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer
    last seen2020-03-26
    modified2020-03-20
    plugin id134734
    published2020-03-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134734
    titleEulerOS Virtualization 3.0.2.2 : libxml2 (EulerOS-SA-2020-1268)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-3B782350FF.NASL
    descriptionFix few CVEs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120363
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120363
    titleFedora 28 : libxml2 (2018-3b782350ff)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2491.NASL
    descriptionAccording to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.(CVE-2017-0663) - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.(CVE-2018-14567) - The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.(CVE-2017-8872) - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer
    last seen2020-05-08
    modified2019-12-04
    plugin id131644
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131644
    titleEulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2019-2491)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2626.NASL
    descriptionAccording to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library.Security Fix(es):** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states
    last seen2020-05-08
    modified2019-12-18
    plugin id132161
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132161
    titleEulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2019-2626)

Redhat

advisories
bugzilla
id1595985
titleCVE-2018-14404 libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 8 is installed
      ovaloval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • commentlibxml2-debugsource is earlier than 0:2.9.7-7.el8
          ovaloval:com.redhat.rhsa:tst:20201827001
        • commentlibxml2-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201827002
      • AND
        • commentlibxml2-devel is earlier than 0:2.9.7-7.el8
          ovaloval:com.redhat.rhsa:tst:20201827003
        • commentlibxml2-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111749004
      • AND
        • commentpython3-libxml2 is earlier than 0:2.9.7-7.el8
          ovaloval:com.redhat.rhsa:tst:20201827005
        • commentpython3-libxml2 is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20201827006
      • AND
        • commentlibxml2 is earlier than 0:2.9.7-7.el8
          ovaloval:com.redhat.rhsa:tst:20201827007
        • commentlibxml2 is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111749006
rhsa
idRHSA-2020:1827
released2020-04-28
severityModerate
titleRHSA-2020:1827: libxml2 security update (Moderate)
rpms
  • libxml2-0:2.9.7-7.el8
  • libxml2-debuginfo-0:2.9.7-7.el8
  • libxml2-debugsource-0:2.9.7-7.el8
  • libxml2-devel-0:2.9.7-7.el8
  • python3-libxml2-0:2.9.7-7.el8
  • python3-libxml2-debuginfo-0:2.9.7-7.el8