Test Kennung:	1.3.6.1.4.1.25623.1.0.882043
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for xerces-j2 CESA-2014:1319 centos7
Zusammenfassung:	The remote host is missing an update for the 'xerces-j2'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'xerces-j2' package(s) announced via the referenced advisory. Vulnerability Insight: Apache Xerces for Java (Xerces-J) is a high performance, standards compliant, validating XML parser written in Java. The xerces-j2 packages provide Xerces-J version 2. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. (CVE-2013-4002) All xerces-j2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the Xerces-J must be restarted for this update to take effect. Affected Software/OS: xerces-j2 on CentOS 7 Solution: Please install the updated packages. CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4002 AIX APAR: IC98015 http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015 http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html BugTraq ID: 61310 http://www.securityfocus.com/bid/61310 http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBUX02943 http://marc.info/?l=bugtraq&m=138674031212883&w=2 HPdes Security Advisory: HPSBUX02944 http://marc.info/?l=bugtraq&m=138674073720143&w=2 http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013 https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55@%3Csolr-user.lucene.apache.org%3E RedHat Security Advisories: RHSA-2013:1059 http://rhn.redhat.com/errata/RHSA-2013-1059.html RedHat Security Advisories: RHSA-2013:1060 http://rhn.redhat.com/errata/RHSA-2013-1060.html RedHat Security Advisories: RHSA-2013:1081 http://rhn.redhat.com/errata/RHSA-2013-1081.html RedHat Security Advisories: RHSA-2013:1440 http://rhn.redhat.com/errata/RHSA-2013-1440.html RedHat Security Advisories: RHSA-2013:1447 http://rhn.redhat.com/errata/RHSA-2013-1447.html RedHat Security Advisories: RHSA-2013:1451 http://rhn.redhat.com/errata/RHSA-2013-1451.html RedHat Security Advisories: RHSA-2013:1505 http://rhn.redhat.com/errata/RHSA-2013-1505.html RedHat Security Advisories: RHSA-2014:0414 https://access.redhat.com/errata/RHSA-2014:0414 RedHat Security Advisories: RHSA-2014:1818 http://rhn.redhat.com/errata/RHSA-2014-1818.html RedHat Security Advisories: RHSA-2014:1821 http://rhn.redhat.com/errata/RHSA-2014-1821.html RedHat Security Advisories: RHSA-2014:1822 http://rhn.redhat.com/errata/RHSA-2014-1822.html RedHat Security Advisories: RHSA-2014:1823 http://rhn.redhat.com/errata/RHSA-2014-1823.html RedHat Security Advisories: RHSA-2015:0675 http://rhn.redhat.com/errata/RHSA-2015-0675.html RedHat Security Advisories: RHSA-2015:0720 http://rhn.redhat.com/errata/RHSA-2015-0720.html RedHat Security Advisories: RHSA-2015:0765 http://rhn.redhat.com/errata/RHSA-2015-0765.html RedHat Security Advisories: RHSA-2015:0773 http://rhn.redhat.com/errata/RHSA-2015-0773.html http://secunia.com/advisories/56257 SuSE Security Announcement: SUSE-SU-2013:1255 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html SuSE Security Announcement: SUSE-SU-2013:1256 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html SuSE Security Announcement: SUSE-SU-2013:1257 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html SuSE Security Announcement: SUSE-SU-2013:1263 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html SuSE Security Announcement: SUSE-SU-2013:1293 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html SuSE Security Announcement: SUSE-SU-2013:1305 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html SuSE Security Announcement: SUSE-SU-2013:1666 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html SuSE Security Announcement: openSUSE-SU-2013:1663 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html http://www.ubuntu.com/usn/USN-2033-1 http://www.ubuntu.com/usn/USN-2089-1 XForce ISS Database: ibm-java-cve20134002-dos(85260) https://exchange.xforce.ibmcloud.com/vulnerabilities/85260
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.