ID de Prueba:	1.3.6.1.4.1.25623.1.0.60957
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0287
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0287. libxslt is a C library, based on libxml, for parsing of XML files into other textual formats (eg HTML, plain text and other XML representations of the underlying data). It uses the standard XSLT stylesheet transformation mechanism and, being written in plain ANSI C, is designed to be simple to incorporate into other applications Anthony de Almeida Lopes reported the libxslt library did not properly process long transformation match conditions in the XSL stylesheet files. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute and arbitrary code with the privileges of the application using libxslt library to perform XSL transformations. (CVE-2008-1767) All users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0287.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1767 http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html BugTraq ID: 29312 http://www.securityfocus.com/bid/29312 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 Debian Security Information: DSA-1589 (Google Search) http://www.debian.org/security/2008/dsa-1589 http://security.gentoo.org/glsa/glsa-200806-02.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:151 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9785 http://www.redhat.com/support/errata/RHSA-2008-0287.html http://www.securitytracker.com/id?1020071 http://secunia.com/advisories/30315 http://secunia.com/advisories/30323 http://secunia.com/advisories/30393 http://secunia.com/advisories/30521 http://secunia.com/advisories/30717 http://secunia.com/advisories/31074 http://secunia.com/advisories/31363 http://secunia.com/advisories/32222 http://secunia.com/advisories/32706 SuSE Security Announcement: SUSE-SR:2008:013 (Google Search) http://www.novell.com/linux/security/advisories/2008_13_sr.html http://www.ubuntu.com/usn/usn-633-1 http://www.vupen.com/english/advisories/2008/1580/references http://www.vupen.com/english/advisories/2008/2094/references http://www.vupen.com/english/advisories/2008/2780 XForce ISS Database: libxslt-xsl-bo(42560) https://exchange.xforce.ibmcloud.com/vulnerabilities/42560
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.