Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2016-0088)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.131249

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2016-0088)

Resumen: The remote host is missing an update for the 'xerces-c' package(s) announced via the MGASA-2016-0088 advisory.

Descripción: Summary:
The remote host is missing an update for the 'xerces-c' package(s) announced via the MGASA-2016-0088 advisory.

Vulnerability Insight:
Updated xerces-c packages fix security vulnerability:

The Xerces-C XML parser mishandles certain kinds of malformed input documents,
resulting in buffer overlows during processing and error reporting. The
overflows can manifest as a segmentation fault or as memory corruption during
a parse operation. The bugs allow for a denial of service attack in many
applications by an unauthenticated attacker, and could conceivably result in
remote code execution (CVE-2016-0729).

Affected Software/OS:
'xerces-c' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-0729
BugTraq ID: 83423
http://www.securityfocus.com/bid/83423
Bugtraq: 20160225 CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input (Google Search)
http://www.securityfocus.com/archive/1/537620/100/0/threaded
Debian Security Information: DSA-3493 (Google Search)
http://www.debian.org/security/2016/dsa-3493
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182597.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182062.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182131.html
https://security.gentoo.org/glsa/201612-46
http://packetstormsecurity.com/files/135949/Apache-Xerces-C-XML-Parser-Buffer-Overflow.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
http://www.securitytracker.com/id/1035113
SuSE Security Announcement: openSUSE-SU-2016:0966 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html
SuSE Security Announcement: openSUSE-SU-2016:1121 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-04/msg00086.html
SuSE Security Announcement: openSUSE-SU-2016:1808 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.131249
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0088)
Resumen:	The remote host is missing an update for the 'xerces-c' package(s) announced via the MGASA-2016-0088 advisory.
Descripción:	Summary: The remote host is missing an update for the 'xerces-c' package(s) announced via the MGASA-2016-0088 advisory. Vulnerability Insight: Updated xerces-c packages fix security vulnerability: The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in buffer overlows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution (CVE-2016-0729). Affected Software/OS: 'xerces-c' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-0729 BugTraq ID: 83423 http://www.securityfocus.com/bid/83423 Bugtraq: 20160225 CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input (Google Search) http://www.securityfocus.com/archive/1/537620/100/0/threaded Debian Security Information: DSA-3493 (Google Search) http://www.debian.org/security/2016/dsa-3493 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182597.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182062.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182131.html https://security.gentoo.org/glsa/201612-46 http://packetstormsecurity.com/files/135949/Apache-Xerces-C-XML-Parser-Buffer-Overflow.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html http://www.securitytracker.com/id/1035113 SuSE Security Announcement: openSUSE-SU-2016:0966 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html SuSE Security Announcement: openSUSE-SU-2016:1121 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-04/msg00086.html SuSE Security Announcement: openSUSE-SU-2016:1808 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html
Copyright	Copyright (C) 2016 Greenbone AG