wid-sec-w-2023-0920
Vulnerability from csaf_certbund
Published
2023-04-11 22:00
Modified
2024-06-11 22:00
Summary
libxml2: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
libxml ist ein C Parser und Toolkit, welches für das Gnome Projekt entwickelt wurde.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in libxml2 ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "libxml ist ein C Parser und Toolkit, welches f\u00fcr das Gnome Projekt entwickelt wurde.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in libxml2 ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0920 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0920.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0920 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0920"
},
{
"category": "external",
"summary": "RedHat Security Advisory",
"url": "https://access.redhat.com/errata/RHSA-2024:0413"
},
{
"category": "external",
"summary": "Red Hat Bugzilla Bug ID: 2185984 vom 2023-04-11",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185984"
},
{
"category": "external",
"summary": "Red Hat Bugzilla Bug ID: 2185994 vom 2023-04-11",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185994"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-A521B917C8 vom 2023-04-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-a521b917c8"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2023-DAE7CC20AC vom 2023-04-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-dae7cc20ac"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6028-1 vom 2023-04-19",
"url": "https://ubuntu.com/security/notices/USN-6028-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5391 vom 2023-04-20",
"url": "https://lists.debian.org/debian-security-announce/2023/msg00081.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:2048-1 vom 2023-04-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-April/014596.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:2054-1 vom 2023-04-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-April/014613.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:2053-1 vom 2023-04-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-April/014614.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3405 vom 2023-04-30",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-2021 vom 2023-05-03",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2021.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1743 vom 2023-05-04",
"url": "https://alas.aws.amazon.com/ALAS-2023-1743.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0119 vom 2024-01-11",
"url": "http://linux.oracle.com/errata/ELSA-2024-0119.html"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2023-20 vom 2023-05-11",
"url": "https://de.tenable.com/security/tns-2023-20"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20230601-0006 vom 2023-06-01",
"url": "https://security.netapp.com/advisory/ntap-20230601-0006/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6028-2 vom 2023-06-07",
"url": "https://ubuntu.com/security/notices/USN-6028-2"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7002473 vom 2023-06-08",
"url": "https://www.ibm.com/support/pages/node/7002473"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6028-2 vom 2023-06-07",
"url": "https://www.cybersecurity-help.cz/vdb/SB2023060730"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7002439 vom 2023-06-08",
"url": "https://www.ibm.com/support/pages/node/7002439"
},
{
"category": "external",
"summary": "Security Update for Dell NetWorker",
"url": "https://www.dell.com/support/kbdoc/de-de/000215498/dsa-2023-232-security-update-for-networker-libxml2-2-6-26"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6985269 vom 2023-07-25",
"url": "https://aix.software.ibm.com/aix/efixes/security/libxml2_advisory5.asc"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4349 vom 2023-08-01",
"url": "https://access.redhat.com/errata/RHSA-2023:4349"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4529 vom 2023-08-08",
"url": "https://access.redhat.com/errata/RHSA-2023:4529"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-4529 vom 2023-08-10",
"url": "https://linux.oracle.com/errata/ELSA-2023-4529.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-4349 vom 2023-08-10",
"url": "https://oss.oracle.com/pipermail/el-errata/2023-August/014293.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4628 vom 2023-08-15",
"url": "https://access.redhat.com/errata/RHSA-2023:4628"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4982 vom 2023-09-05",
"url": "https://access.redhat.com/errata/RHSA-2023:4982"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3665-1 vom 2023-09-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016187.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202402-11 vom 2024-02-09",
"url": "https://security.gentoo.org/glsa/202402-11"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-317 vom 2023-11-13",
"url": "https://www.dell.com/support/kbdoc/de-de/000219148/dsa-2023-317-security-update-for-dell-networker-vproxy-multiple-linux-packages-vulnerabilities"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7148376 vom 2024-04-16",
"url": "https://www.ibm.com/support/pages/node/7148376"
},
{
"category": "external",
"summary": "F5 Security Advisory K000139592 vom 2024-05-16",
"url": "https://my.f5.com/manage/s/article/K000139592"
},
{
"category": "external",
"summary": "F5 Security Advisory K000139641 vom 2024-05-16",
"url": "https://my.f5.com/manage/s/article/K000139641"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-248 vom 2024-06-11",
"url": "https://www.dell.com/support/kbdoc/de-de/000225945/dsa-2024-248-security-update-for-dell-networker-multiple-component-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "libxml2: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
"tracking": {
"current_release_date": "2024-06-11T22:00:00.000+00:00",
"generator": {
"date": "2024-06-12T08:10:34.213+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-0920",
"initial_release_date": "2023-04-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-04-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-04-13T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-04-19T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-04-20T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-04-26T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-04-27T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-05-01T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-05-02T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-05-04T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-05-11T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Tenable aufgenommen"
},
{
"date": "2023-06-01T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2023-06-08T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Ubuntu und IBM aufgenommen"
},
{
"date": "2023-07-04T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2023-07-25T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-08-01T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-08-08T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-08-09T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-08-10T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-08-15T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-09-05T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-09-18T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-11-12T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-01-10T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-01-24T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-08T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-04-16T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-05-15T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2024-05-16T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "29"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T024663",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c19.9.0.1",
"product": {
"name": "Dell NetWorker \u003c19.9.0.1",
"product_id": "T028404",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.9.0.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003cvproxy 19.9.0.2",
"product": {
"name": "Dell NetWorker \u003cvproxy 19.9.0.2",
"product_id": "T030173",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vproxy_19.9.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003cvproxy 19.8.0.3",
"product": {
"name": "Dell NetWorker \u003cvproxy 19.8.0.3",
"product_id": "T030174",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vproxy_19.8.0.3"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM AIX",
"product": {
"name": "IBM AIX",
"product_id": "5094",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "v10",
"product": {
"name": "IBM Power Hardware Management Console v10",
"product_id": "T023373",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:hardware_management_console:v10"
}
}
}
],
"category": "product_name",
"name": "Power Hardware Management Console"
},
{
"branches": [
{
"category": "product_version",
"name": "10.1",
"product": {
"name": "IBM TXSeries 10.1",
"product_id": "T028006",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:10.1"
}
}
}
],
"category": "product_name",
"name": "TXSeries"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T016960",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.10.4",
"product": {
"name": "Open Source libxml2 \u003c2.10.4",
"product_id": "T027198",
"product_identification_helper": {
"cpe": "cpe:/a:xmlsoft:libxml2:2.10.4"
}
}
}
],
"category": "product_name",
"name": "libxml2"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Core Services",
"product": {
"name": "Red Hat JBoss Core Services",
"product_id": "T012412",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "10.5.2",
"product": {
"name": "Tenable Security Nessus 10.5.2",
"product_id": "T027700",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus:10.5.2"
}
}
}
],
"category": "product_name",
"name": "Nessus"
}
],
"category": "vendor",
"name": "Tenable Security"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28484",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in libxml2. Diese sind auf NULL-Zeiger-Dereferenzierungen in \"xmlSchemaFixupComplexType\" sowie \"xmlSchemaCheckCOSSTDerivedOK\" zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T012412",
"T012167",
"T004914",
"T030174",
"T016960",
"T030173",
"74185",
"5094",
"2951",
"T002207",
"T000126",
"T024663",
"T027700",
"T028404",
"T001663",
"398363",
"T028006",
"T023373"
]
},
"release_date": "2023-04-11T22:00:00Z",
"title": "CVE-2023-28484"
},
{
"cve": "CVE-2023-29469",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in libxml2. Diese ist darauf zur\u00fcckzuf\u00fchren, dass ein Hash-Vorgang eines leeren Strings nicht deterministisch ist. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T012412",
"T012167",
"T004914",
"T030174",
"T016960",
"T030173",
"74185",
"5094",
"2951",
"T002207",
"T000126",
"T024663",
"T027700",
"T028404",
"T001663",
"398363",
"T028006",
"T023373"
]
},
"release_date": "2023-04-11T22:00:00Z",
"title": "CVE-2023-29469"
}
]
}
Loading...