ID de Prueba:	1.3.6.1.4.1.25623.1.0.61307
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0649
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0649. libxslt is a library for transforming XML files into other XML files using the standard XSLT stylesheet transformation mechanism. A heap buffer overflow flaw was discovered in the RC4 libxslt library extension. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute arbitrary code with the privileges of the application using the libxslt library to perform XSL transformations on untrusted XSL style sheets. (CVE-2008-2935) Red Hat would like to thank Chris Evans for reporting this vulnerability. All libxslt users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0649.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2935 1020596 http://www.securitytracker.com/id?1020596 20080731 [oCERT-2008-009] libxslt heap overflow http://www.securityfocus.com/archive/1/494976/100/0/threaded 20080801 libxslt heap overflow http://www.securityfocus.com/archive/1/495018/100/0/threaded 20081027 rPSA-2008-0306-1 libxslt http://www.securityfocus.com/archive/1/497829/100/0/threaded 30467 http://www.securityfocus.com/bid/30467 31230 http://secunia.com/advisories/31230 31310 http://secunia.com/advisories/31310 31331 http://secunia.com/advisories/31331 31363 http://secunia.com/advisories/31363 31395 http://secunia.com/advisories/31395 31399 http://secunia.com/advisories/31399 32453 http://secunia.com/advisories/32453 4078 http://securityreason.com/securityalert/4078 ADV-2008-2266 http://www.vupen.com/english/advisories/2008/2266/references DSA-1624 http://www.debian.org/security/2008/dsa-1624 FEDORA-2008-7029 https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html FEDORA-2008-7062 https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html GLSA-200808-06 http://security.gentoo.org/glsa/glsa-200808-06.xml MDVSA-2008:160 http://www.mandriva.com/security/advisories?name=MDVSA-2008:160 RHSA-2008:0649 http://www.redhat.com/support/errata/RHSA-2008-0649.html USN-633-1 http://www.ubuntu.com/usn/usn-633-1 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306 http://www.ocert.org/advisories/ocert-2008-009.html http://www.ocert.org/patches/exslt_crypt.patch http://www.scary.beasts.org/security/CESA-2008-003.html libxslt-multiple-crypto-bo(44141) https://exchange.xforce.ibmcloud.com/vulnerabilities/44141 oval:org.mitre.oval:def:10827 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.