Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2017-0214)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2017.0214

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2017-0214)

Zusammenfassung: The remote host is missing an update for the 'expat' package(s) announced via the MGASA-2017-0214 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'expat' package(s) announced via the MGASA-2017-0214 advisory.

Vulnerability Insight:
Gustavo Grieco discovered an integer overflow flaw during parsing of
XML. An attacker can take advantage of this flaw to cause a denial of
service against an application using the Expat library (CVE-2016-9063).

Rhodri James discovered an infinite loop vulnerability within the
entityValueInitProcessor() function while parsing malformed XML in an
external entity. An attacker can take advantage of this flaw to cause a
denial of service against an application using the Expat library
(CVE-2017-9233).

Affected Software/OS:
'expat' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-9063
BugTraq ID: 94337
http://www.securityfocus.com/bid/94337
Debian Security Information: DSA-3898 (Google Search)
https://www.debian.org/security/2017/dsa-3898
http://www.securitytracker.com/id/1037298
http://www.securitytracker.com/id/1039427
Common Vulnerability Exposure (CVE) ID: CVE-2017-9233
BugTraq ID: 99276
http://www.securityfocus.com/bid/99276
http://www.debian.org/security/2017/dsa-3898
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
http://www.openwall.com/lists/oss-security/2017/06/17/7

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2017.0214
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2017-0214)
Zusammenfassung:	The remote host is missing an update for the 'expat' package(s) announced via the MGASA-2017-0214 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'expat' package(s) announced via the MGASA-2017-0214 advisory. Vulnerability Insight: Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library (CVE-2016-9063). Rhodri James discovered an infinite loop vulnerability within the entityValueInitProcessor() function while parsing malformed XML in an external entity. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library (CVE-2017-9233). Affected Software/OS: 'expat' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9063 BugTraq ID: 94337 http://www.securityfocus.com/bid/94337 Debian Security Information: DSA-3898 (Google Search) https://www.debian.org/security/2017/dsa-3898 http://www.securitytracker.com/id/1037298 http://www.securitytracker.com/id/1039427 Common Vulnerability Exposure (CVE) ID: CVE-2017-9233 BugTraq ID: 99276 http://www.securityfocus.com/bid/99276 http://www.debian.org/security/2017/dsa-3898 https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E http://www.openwall.com/lists/oss-security/2017/06/17/7
Copyright	Copyright (C) 2022 Greenbone AG