Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2013.0193
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2013-0193)
Zusammenfassung:	The remote host is missing an update for the 'xml-security-c' package(s) announced via the MGASA-2013-0193 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'xml-security-c' package(s) announced via the MGASA-2013-0193 advisory. Vulnerability Insight: The implementation of XML digital signatures in the Santuario-C++ library is vulnerable to a spoofing issue allowing an attacker to reuse existing signatures with arbitrary content (CVE-2013-2153). A stack overflow, possibly leading to arbitrary code execution, exists in the processing of malformed XPointer expressions in the XML Signature Reference processing code (CVE-2013-2154). A bug in the processing of the output length of an HMAC-based XML Signature would cause a denial of service when processing specially chosen input (CVE-2013-2155). A heap overflow exists in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitrary code execution (CVE-2013-2156). The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code (CVE-2013-2210). Affected Software/OS: 'xml-security-c' package(s) on Mageia 2, Mageia 3. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2153 Debian Security Information: DSA-2710 (Google Search) http://www.debian.org/security/2013/dsa-2710 http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0140.html http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGReference.cpp?r1=1125514&r2=1493959&pathrev=1493959&diff_format=h https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2013-2154 http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0141.html Common Vulnerability Exposure (CVE) ID: CVE-2013-2155 http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0142.html http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp?r1=1125752&r2=1493960&pathrev=1493960&diff_format=h Common Vulnerability Exposure (CVE) ID: CVE-2013-2156 http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0143.html http://svn.apache.org/viewvc?view=revision&revision=1493961 Common Vulnerability Exposure (CVE) ID: CVE-2013-2210 20130626 CVE-2013-2210 http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0216.html DSA-2717 http://www.debian.org/security/2013/dsa-2717 [santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E [santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E http://santuario.apache.org/secadv.data/CVE-2013-2210.txt https://www.tenable.com/security/tns-2018-15
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.