Mandrake Local Security Checks : Mandriva Update for xmlsec1 MDVSA-2011:063 (xmlsec1)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.831362

Kategorie: Mandrake Local Security Checks

Titel: Mandriva Update for xmlsec1 MDVSA-2011:063 (xmlsec1)

Zusammenfassung: The remote host is missing an update for the 'xmlsec1'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'xmlsec1'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability was discovered and corrected in xmlsec1:

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as
used in WebKit and other products, when XSLT is enabled, allows
remote attackers to create or overwrite arbitrary files via vectors
involving the libxslt output extension and a ds:Transform element
during signature verification (CVE-2011-1425).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. The updated packages have been patched to correct this issue.

Affected Software/OS:
xmlsec1 on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
5.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-1425
BugTraq ID: 47135
http://www.securityfocus.com/bid/47135
Debian Security Information: DSA-2219 (Google Search)
http://www.debian.org/security/2011/dsa-2219
http://www.mandriva.com/security/advisories?name=MDVSA-2011:063
http://www.aleksey.com/pipermail/xmlsec/2011/009120.html
http://www.redhat.com/support/errata/RHSA-2011-0486.html
http://www.securitytracker.com/id?1025284
http://secunia.com/advisories/43920
http://secunia.com/advisories/44167
http://secunia.com/advisories/44423
http://www.vupen.com/english/advisories/2011/0855
http://www.vupen.com/english/advisories/2011/0858
http://www.vupen.com/english/advisories/2011/1010
http://www.vupen.com/english/advisories/2011/1172
XForce ISS Database: xmlsecurity-xmlfiles-sec-bypass(66506)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66506

Copyright Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.831362
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Update for xmlsec1 MDVSA-2011:063 (xmlsec1)
Zusammenfassung:	The remote host is missing an update for the 'xmlsec1'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'xmlsec1' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability was discovered and corrected in xmlsec1: xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification (CVE-2011-1425). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct this issue. Affected Software/OS: xmlsec1 on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1425 BugTraq ID: 47135 http://www.securityfocus.com/bid/47135 Debian Security Information: DSA-2219 (Google Search) http://www.debian.org/security/2011/dsa-2219 http://www.mandriva.com/security/advisories?name=MDVSA-2011:063 http://www.aleksey.com/pipermail/xmlsec/2011/009120.html http://www.redhat.com/support/errata/RHSA-2011-0486.html http://www.securitytracker.com/id?1025284 http://secunia.com/advisories/43920 http://secunia.com/advisories/44167 http://secunia.com/advisories/44423 http://www.vupen.com/english/advisories/2011/0855 http://www.vupen.com/english/advisories/2011/0858 http://www.vupen.com/english/advisories/2011/1010 http://www.vupen.com/english/advisories/2011/1172 XForce ISS Database: xmlsecurity-xmlfiles-sec-bypass(66506) https://exchange.xforce.ibmcloud.com/vulnerabilities/66506
Copyright	Copyright (C) 2011 Greenbone AG