Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2013:056 | First vendor Publication | 2013-04-08 |
| Vendor | Mandriva | Last vendor Modification | 2013-04-08 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.8 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple vulnerabilities was found and corrected in libxml2: A heap-buffer overflow was found in the way libxml2 decoded certain XML entitites. A remote attacker could provide a specially-crafted XML file, which once opened in an application linked against libxml would cause that application to crash, or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2012-5134). A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption (CVE-2013-0338). An Off-by-one error in libxml2 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors (CVE-2011-3102). Multiple integer overflows in libxml2, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2012-2807). The updated packages have been patched to correct these issues. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:056 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:17574 | |||
| Oval ID: | oval:org.mitre.oval:def:17574 | ||
| Title: | USN-1447-1 -- libxml2 vulnerability | ||
| Description: | Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1447-1 CVE-2011-3102 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17901 | |||
| Oval ID: | oval:org.mitre.oval:def:17901 | ||
| Title: | USN-1656-1 -- libxml2 vulnerability | ||
| Description: | Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1656-1 CVE-2012-5134 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18162 | |||
| Oval ID: | oval:org.mitre.oval:def:18162 | ||
| Title: | USN-1587-1 -- libxml2 vulnerability | ||
| Description: | Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1587-1 CVE-2012-2807 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18166 | |||
| Oval ID: | oval:org.mitre.oval:def:18166 | ||
| Title: | USN-1782-1 -- libxml2 vulnerability | ||
| Description: | libxml2 could be made to hang if it received specially crafted input. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1782-1 CVE-2013-0338 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18539 | |||
| Oval ID: | oval:org.mitre.oval:def:18539 | ||
| Title: | DSA-2479-1 libxml2 - off-by-one | ||
| Description: | Jueri Aedla discovered an off-by-one in libxml2, which could result in the execution of arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2479-1 CVE-2011-3102 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19412 | |||
| Oval ID: | oval:org.mitre.oval:def:19412 | ||
| Title: | DSA-2580-1 libxml2 - buffer overflow | ||
| Description: | Jueri Aedla discovered a buffer overflow in the libxml XML library, which could result in the execution of arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2580-1 CVE-2012-5134 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20171 | |||
| Oval ID: | oval:org.mitre.oval:def:20171 | ||
| Title: | DSA-2521-1 libxml2 - integer overflows | ||
| Description: | Jueri Aedla discovered several integer overflows in libxml, which could lead to the execution of arbitrary code or denial of service. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2521-1 CVE-2012-2807 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20411 | |||
| Oval ID: | oval:org.mitre.oval:def:20411 | ||
| Title: | VMware ESXi and ESX security update for third party library | ||
| Description: | Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-5134 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20491 | |||
| Oval ID: | oval:org.mitre.oval:def:20491 | ||
| Title: | VMware vSphere, ESX and ESXi updates to third party libraries | ||
| Description: | libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0338 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20521 | |||
| Oval ID: | oval:org.mitre.oval:def:20521 | ||
| Title: | VMware vSphere security updates for the authentication service and third party libraries | ||
| Description: | Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-3102 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20612 | |||
| Oval ID: | oval:org.mitre.oval:def:20612 | ||
| Title: | VMware vSphere security updates for the authentication service and third party libraries | ||
| Description: | Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-2807 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20771 | |||
| Oval ID: | oval:org.mitre.oval:def:20771 | ||
| Title: | RHSA-2013:0217: mingw32-libxml2 security update (Important) | ||
| Description: | Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0217-01 CESA-2013:0217 CVE-2010-4008 CVE-2010-4494 CVE-2011-0216 CVE-2011-1944 CVE-2011-2821 CVE-2011-2834 CVE-2011-3102 CVE-2011-3905 CVE-2011-3919 CVE-2012-0841 CVE-2012-5134 | Version: | 157 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | mingw32-libxml2 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:20894 | |||
| Oval ID: | oval:org.mitre.oval:def:20894 | ||
| Title: | RHSA-2013:0581: libxml2 security update (Moderate) | ||
| Description: | libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0581-01 CESA-2013:0581 CVE-2013-0338 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21578 | |||
| Oval ID: | oval:org.mitre.oval:def:21578 | ||
| Title: | RHSA-2012:1288: libxml2 security update (Moderate) | ||
| Description: | Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1288-01 CESA-2012:1288 CVE-2011-3102 CVE-2012-2807 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21665 | |||
| Oval ID: | oval:org.mitre.oval:def:21665 | ||
| Title: | RHSA-2012:1512: libxml2 security update (Important) | ||
| Description: | Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1512-01 CESA-2012:1512 CVE-2012-5134 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23288 | |||
| Oval ID: | oval:org.mitre.oval:def:23288 | ||
| Title: | DEPRECATED: ELSA-2012:1288: libxml2 security update (Moderate) | ||
| Description: | Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1288-01 CVE-2011-3102 CVE-2012-2807 | Version: | 14 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23439 | |||
| Oval ID: | oval:org.mitre.oval:def:23439 | ||
| Title: | DEPRECATED: ELSA-2012:1512: libxml2 security update (Important) | ||
| Description: | Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1512-01 CVE-2012-5134 | Version: | 7 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23449 | |||
| Oval ID: | oval:org.mitre.oval:def:23449 | ||
| Title: | ELSA-2013:0581: libxml2 security update (Moderate) | ||
| Description: | libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0581-01 CVE-2013-0338 | Version: | 6 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23888 | |||
| Oval ID: | oval:org.mitre.oval:def:23888 | ||
| Title: | ELSA-2013:0217: mingw32-libxml2 security update (Important) | ||
| Description: | Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0217-01 CVE-2010-4008 CVE-2010-4494 CVE-2011-0216 CVE-2011-1944 CVE-2011-2821 CVE-2011-2834 CVE-2011-3102 CVE-2011-3905 CVE-2011-3919 CVE-2012-0841 CVE-2012-5134 | Version: | 49 |
| Platform(s): | Oracle Linux 6 | Product(s): | mingw32-libxml2 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23922 | |||
| Oval ID: | oval:org.mitre.oval:def:23922 | ||
| Title: | ELSA-2012:1512: libxml2 security update (Important) | ||
| Description: | Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1512-01 CVE-2012-5134 | Version: | 6 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23945 | |||
| Oval ID: | oval:org.mitre.oval:def:23945 | ||
| Title: | ELSA-2012:1288: libxml2 security update (Moderate) | ||
| Description: | Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1288-01 CVE-2011-3102 CVE-2012-2807 | Version: | 13 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23965 | |||
| Oval ID: | oval:org.mitre.oval:def:23965 | ||
| Title: | DEPRECATED: ELSA-2013:0581: libxml2 security update (Moderate) | ||
| Description: | libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0581-01 CVE-2013-0338 | Version: | 6 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26593 | |||
| Oval ID: | oval:org.mitre.oval:def:26593 | ||
| Title: | Allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact | ||
| Description: | Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3102 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26819 | |||
| Oval ID: | oval:org.mitre.oval:def:26819 | ||
| Title: | Allows remote attackers to cause a denial of service or possibly execute arbitrary code | ||
| Description: | Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5134 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27000 | |||
| Oval ID: | oval:org.mitre.oval:def:27000 | ||
| Title: | DEPRECATED: ELSA-2013-0581 -- libxml2 security update (moderate) | ||
| Description: | [2.7.6-12.0.1.el6_4.1] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0581 CVE-2013-0338 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27133 | |||
| Oval ID: | oval:org.mitre.oval:def:27133 | ||
| Title: | DEPRECATED: ELSA-2012-1512 -- libxml2 security update (important) | ||
| Description: | [2.7.6-8.0.1.el6_3.4 ] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.7.6-8.el6_3.4] - fix out of range heap access (CVE-2012-5134) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1512 CVE-2012-5134 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27385 | |||
| Oval ID: | oval:org.mitre.oval:def:27385 | ||
| Title: | DEPRECATED: ELSA-2013-0217 -- mingw32-libxml2 security update (important) | ||
| Description: | [2.7.6-6] - Synchronize patch-set with mainline-version. - Bump version to 5, 6. Related: rhbz#891477 [2.7.6-4] - Change release number to 4. - Added patch libxml2-Fix-an-off-by-one-pointer-access.patch - Added patch libxml2-Fix-a-segfault-on-XSD-validation-on-pattern-error.patch - Added patch libxml2-Fix-entities-local-buffers-size-problems.patch - Added patch libxml2-gnome-bug-561340-fix.patch - Added patch for CVE-2012-0841 - Added patch for CVE-2011-0216 - Added patch for CVE-2011-2834 - Added patch for CVE-2011-3919 - Added patch for CVE-2011-1944 - Added patch for CVE-2011-3905 Related: rhbz#891477 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0217 CVE-2012-0841 CVE-2011-3905 CVE-2011-3919 CVE-2010-4008 CVE-2010-4494 CVE-2011-0216 CVE-2011-1944 CVE-2011-2821 CVE-2011-2834 CVE-2011-3102 CVE-2012-5134 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | mingw32-libxml2 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27761 | |||
| Oval ID: | oval:org.mitre.oval:def:27761 | ||
| Title: | DEPRECATED: ELSA-2012-1288 -- libxml2 security update (moderate) | ||
| Description: | [2.7.6-8.0.1.el6_3.3 ] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.7.6-8.el6_3.3] - Change the XPath code to percolate allocation error (CVE-2011-1944) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1288 CVE-2011-3102 CVE-2012-2807 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | libxml2 |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-12-14 | Name : SuSE Update for Chromium openSUSE-SU-2012:1637-1 (Chromium) File : nvt/gb_suse_2012_1637_1.nasl |
| 2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:0656-1 (update) File : nvt/gb_suse_2012_0656_1.nasl |
| 2012-12-06 | Name : Ubuntu Update for libxml2 USN-1656-1 File : nvt/gb_ubuntu_USN_1656_1.nasl |
| 2012-12-04 | Name : Mandriva Update for libxml2 MDVSA-2012:176 (libxml2) File : nvt/gb_mandriva_MDVSA_2012_176.nasl |
| 2012-12-04 | Name : Google Chrome Multiple Vulnerabilities-01 Dec2012 (Windows) File : nvt/gb_google_chrome_mult_vuln01_dec12_win.nasl |
| 2012-12-04 | Name : Google Chrome Multiple Vulnerabilities-01 Dec2012 (Mac OS X) File : nvt/gb_google_chrome_mult_vuln01_dec12_macosx.nasl |
| 2012-12-04 | Name : Google Chrome Multiple Vulnerabilities-01 Dec2012 (Linux) File : nvt/gb_google_chrome_mult_vuln01_dec12_lin.nasl |
| 2012-12-04 | Name : RedHat Update for libxml2 RHSA-2012:1512-01 File : nvt/gb_RHSA-2012_1512-01_libxml2.nasl |
| 2012-12-04 | Name : CentOS Update for libxml2 CESA-2012:1512 centos6 File : nvt/gb_CESA-2012_1512_libxml2_centos6.nasl |
| 2012-12-04 | Name : CentOS Update for libxml2 CESA-2012:1512 centos5 File : nvt/gb_CESA-2012_1512_libxml2_centos5.nasl |
| 2012-12-04 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium24.nasl |
| 2012-12-04 | Name : Debian Security Advisory DSA 2580-1 (libxml2) File : nvt/deb_2580_1.nasl |
| 2012-10-03 | Name : Fedora Update for libxml2 FEDORA-2012-13824 File : nvt/gb_fedora_2012_13824_libxml2_fc16.nasl |
| 2012-10-03 | Name : Ubuntu Update for libxml2 USN-1587-1 File : nvt/gb_ubuntu_USN_1587_1.nasl |
| 2012-09-27 | Name : Fedora Update for libxml2 FEDORA-2012-13820 File : nvt/gb_fedora_2012_13820_libxml2_fc17.nasl |
| 2012-09-22 | Name : RedHat Update for libxml2 RHSA-2012:1288-01 File : nvt/gb_RHSA-2012_1288-01_libxml2.nasl |
| 2012-09-22 | Name : CentOS Update for libxml2 CESA-2012:1288 centos6 File : nvt/gb_CESA-2012_1288_libxml2_centos6.nasl |
| 2012-09-22 | Name : CentOS Update for libxml2 CESA-2012:1288 centos5 File : nvt/gb_CESA-2012_1288_libxml2_centos5.nasl |
| 2012-08-10 | Name : Gentoo Security Advisory GLSA 201207-02 (libxml2) File : nvt/glsa_201207_02.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2521-1 (libxml2) File : nvt/deb_2521_1.nasl |
| 2012-08-09 | Name : Mandriva Update for libxml2 MDVSA-2012:126 (libxml2) File : nvt/gb_mandriva_MDVSA_2012_126.nasl |
| 2012-06-22 | Name : Mandriva Update for libxml2 MDVSA-2012:098 (libxml2) File : nvt/gb_mandriva_MDVSA_2012_098.nasl |
| 2012-05-31 | Name : FreeBSD Ports: libxml2 File : nvt/freebsd_libxml23.nasl |
| 2012-05-31 | Name : Debian Security Advisory DSA 2479-1 (libxml2) File : nvt/deb_2479_1.nasl |
| 2012-05-22 | Name : Ubuntu Update for libxml2 USN-1447-1 File : nvt/gb_ubuntu_USN_1447_1.nasl |
| 2012-05-17 | Name : Google Chrome Multiple Vulnerabilities - May 12 (Windows) File : nvt/gb_google_chrome_mult_vuln_may12_win.nasl |
| 2012-05-17 | Name : Google Chrome Multiple Vulnerabilities - May 12 (Mac OS X) File : nvt/gb_google_chrome_mult_vuln_may12_macosx.nasl |
| 2012-05-17 | Name : Google Chrome Multiple Vulnerabilities - May 12 (Linux) File : nvt/gb_google_chrome_mult_vuln_may12_lin.nasl |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2013-02-07 | IAVM : 2013-A-0031 - Multiple Security Vulnerabilities in VMware ESX 4.1 and ESXi 4.1 Severity : Category I - VMSKEY : V0036787 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0009_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0004_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0001_remote.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1627-1.nasl - Type : ACT_GATHER_INFO |
| 2015-01-27 | Name : The remote web server is affected by multiple vulnerabilities. File : oracle_http_server_cpu_jan_2015.nasl - Type : ACT_GATHER_INFO |
| 2015-01-23 | Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10669.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libxml2_20130716.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libxml2_20121120.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libxml2_20130702.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libxslt_20130716.nasl - Type : ACT_GATHER_INFO |
| 2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-11.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0636.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-1325.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1324.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-263.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-295.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-320.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-355.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-501.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-845.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-854.nasl - Type : ACT_GATHER_INFO |
| 2014-01-23 | Name : The remote host contains an application that has multiple vulnerabilities. File : itunes_11_1_4.nasl - Type : ACT_GATHER_INFO |
| 2014-01-23 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_11_1_4_banner.nasl - Type : ACT_GATHER_INFO |
| 2014-01-20 | Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_1483097_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_1_build_1063671_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_1311177_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities. File : vmware_esxi_5_0_build_1022489_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-11-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201311-06.nasl - Type : ACT_GATHER_INFO |
| 2013-10-24 | Name : The remote host contains an application that has multiple vulnerabilities. File : itunes_11_1_2.nasl - Type : ACT_GATHER_INFO |
| 2013-10-24 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_11_1_2_banner.nasl - Type : ACT_GATHER_INFO |
| 2013-10-01 | Name : The remote device is affected by multiple vulnerabilities. File : appletv_6_0.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-134.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-143.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-188.nasl - Type : ACT_GATHER_INFO |
| 2013-08-02 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2013-0009.nasl - Type : ACT_GATHER_INFO |
| 2013-07-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-198.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0217.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1288.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1512.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0581.nasl - Type : ACT_GATHER_INFO |
| 2013-05-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libxml2-130320.nasl - Type : ACT_GATHER_INFO |
| 2013-05-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxml2-8513.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-056.nasl - Type : ACT_GATHER_INFO |
| 2013-04-08 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_843a4641981611e29c51080027019be0.nasl - Type : ACT_GATHER_INFO |
| 2013-03-29 | Name : The remote VMware ESXi / ESX host is missing a security-related patch. File : vmware_VMSA-2013-0004.nasl - Type : ACT_GATHER_INFO |
| 2013-03-29 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1782-1.nasl - Type : ACT_GATHER_INFO |
| 2013-03-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2652.nasl - Type : ACT_GATHER_INFO |
| 2013-03-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0581.nasl - Type : ACT_GATHER_INFO |
| 2013-03-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0581.nasl - Type : ACT_GATHER_INFO |
| 2013-03-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130228_libxml2_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-02-16 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2013-0001.nasl - Type : ACT_GATHER_INFO |
| 2013-02-04 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130131_mingw32_libxml2_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-02-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0217.nasl - Type : ACT_GATHER_INFO |
| 2013-02-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0217.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libxml2-121207.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libxml2-120718.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libxml2-120530.nasl - Type : ACT_GATHER_INFO |
| 2012-12-07 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2012-341-03.nasl - Type : ACT_GATHER_INFO |
| 2012-12-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1656-1.nasl - Type : ACT_GATHER_INFO |
| 2012-12-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2580.nasl - Type : ACT_GATHER_INFO |
| 2012-12-03 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-176.nasl - Type : ACT_GATHER_INFO |
| 2012-11-30 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20121129_libxml2_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-11-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1512.nasl - Type : ACT_GATHER_INFO |
| 2012-11-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1512.nasl - Type : ACT_GATHER_INFO |
| 2012-11-28 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4d64fc61387811e2a4eb00262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2012-11-27 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_23_0_1271_91.nasl - Type : ACT_GATHER_INFO |
| 2012-09-28 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1587-1.nasl - Type : ACT_GATHER_INFO |
| 2012-09-27 | Name : The remote Fedora host is missing a security update. File : fedora_2012-13824.nasl - Type : ACT_GATHER_INFO |
| 2012-09-27 | Name : The remote Fedora host is missing a security update. File : fedora_2012-13820.nasl - Type : ACT_GATHER_INFO |
| 2012-09-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1288.nasl - Type : ACT_GATHER_INFO |
| 2012-09-19 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120918_libxml2_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-09-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1288.nasl - Type : ACT_GATHER_INFO |
| 2012-09-07 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxml2-8235.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-126.nasl - Type : ACT_GATHER_INFO |
| 2012-08-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2521.nasl - Type : ACT_GATHER_INFO |
| 2012-07-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201207-02.nasl - Type : ACT_GATHER_INFO |
| 2012-06-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxml2-8156.nasl - Type : ACT_GATHER_INFO |
| 2012-06-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-098.nasl - Type : ACT_GATHER_INFO |
| 2012-05-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2479.nasl - Type : ACT_GATHER_INFO |
| 2012-05-22 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1447-1.nasl - Type : ACT_GATHER_INFO |
| 2012-05-21 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b8ae4659a0da11e1a294bcaec565249c.nasl - Type : ACT_GATHER_INFO |
| 2012-05-16 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_19_0_1084_46.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:43:27 |
|
| 2013-09-27 21:23:27 |
|
| 2013-04-26 13:20:19 |
|
| 2013-04-08 17:18:31 |
|
