Test ID:	1.3.6.1.4.1.25623.1.1.4.2017.0164.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2017:0164-1)
Summary:	The remote host is missing an update for the 'libxml2' package(s) announced via the SUSE-SU-2017:0164-1 advisory.
Description:	Summary: The remote host is missing an update for the 'libxml2' package(s) announced via the SUSE-SU-2017:0164-1 advisory. Vulnerability Insight: This update for libxml2 fixes the following issues: * CVE-2016-9318: libxml2 did not offer a flag directly indicating that the current document may be read but other files may not be opened, which made it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document (bsc#1010675). * Prevent NULL dereference in xpointer.c and xmlDumpElementContent, and infinite recursion in xmlParseConditionalSections when in recovery mode(bnc#1014873) Affected Software/OS: 'libxml2' package(s) on SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server for SAP Applications 11-SP4. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9318 BugTraq ID: 94347 http://www.securityfocus.com/bid/94347 https://security.gentoo.org/glsa/201711-01 https://bugzilla.gnome.org/show_bug.cgi?id=772726 https://github.com/lsh123/xmlsec/issues/43 https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html https://usn.ubuntu.com/3739-1/ https://usn.ubuntu.com/3739-2/
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.