Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:180-1 (libxml2)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61525

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2008:180-1 (libxml2)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to libxml2
announced via advisory MDVSA-2008:180-1.

Andreas Solberg found a denial of service flaw in how libxml2 processed
certain content. If an application linked against libxml2 processed
such malformed XML content, it could cause the application to stop
responding (CVE-2008-3281).

Update:

The original fix used to correct this issue caused some applications
that used the libxml2 library to crash. These new updated packages
use a different fix that does not cause certain linked applications
to crash as the old packages did.

Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:180-1

Risk factor : Medium

CVSS Score:
4.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-3281
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
BugTraq ID: 30783
http://www.securityfocus.com/bid/30783
Bugtraq: 20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff (Google Search)
http://www.securityfocus.com/archive/1/497962/100/0/threaded
Debian Security Information: DSA-1631 (Google Search)
http://www.debian.org/security/2008/dsa-1631
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00347.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00261.html
http://security.gentoo.org/glsa/glsa-200812-06.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:180
http://www.mandriva.com/security/advisories?name=MDVSA-2008:192
http://www.vmware.com/security/advisories/VMSA-2008-0017.html
http://lists.vmware.com/pipermail/security-announce/2008/000039.html
http://mail.gnome.org/archives/xml/2008-August/msg00034.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6496
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9812
RedHat Security Advisories: RHSA-2008:0836
https://rhn.redhat.com/errata/RHSA-2008-0836.html
http://www.securitytracker.com/id?1020728
http://secunia.com/advisories/31558
http://secunia.com/advisories/31566
http://secunia.com/advisories/31590
http://secunia.com/advisories/31728
http://secunia.com/advisories/31748
http://secunia.com/advisories/31855
http://secunia.com/advisories/31982
http://secunia.com/advisories/32488
http://secunia.com/advisories/32807
http://secunia.com/advisories/32974
http://secunia.com/advisories/35379
SuSE Security Announcement: SUSE-SR:2008:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
http://www.ubuntu.com/usn/usn-640-1
https://usn.ubuntu.com/644-1/
http://www.vupen.com/english/advisories/2008/2419
http://www.vupen.com/english/advisories/2008/2843
http://www.vupen.com/english/advisories/2008/2971
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61525
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:180-1 (libxml2)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to libxml2 announced via advisory MDVSA-2008:180-1. Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding (CVE-2008-3281). Update: The original fix used to correct this issue caused some applications that used the libxml2 library to crash. These new updated packages use a different fix that does not cause certain linked applications to crash as the old packages did. Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:180-1 Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3281 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html BugTraq ID: 30783 http://www.securityfocus.com/bid/30783 Bugtraq: 20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff (Google Search) http://www.securityfocus.com/archive/1/497962/100/0/threaded Debian Security Information: DSA-1631 (Google Search) http://www.debian.org/security/2008/dsa-1631 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00347.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00261.html http://security.gentoo.org/glsa/glsa-200812-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:180 http://www.mandriva.com/security/advisories?name=MDVSA-2008:192 http://www.vmware.com/security/advisories/VMSA-2008-0017.html http://lists.vmware.com/pipermail/security-announce/2008/000039.html http://mail.gnome.org/archives/xml/2008-August/msg00034.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6496 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9812 RedHat Security Advisories: RHSA-2008:0836 https://rhn.redhat.com/errata/RHSA-2008-0836.html http://www.securitytracker.com/id?1020728 http://secunia.com/advisories/31558 http://secunia.com/advisories/31566 http://secunia.com/advisories/31590 http://secunia.com/advisories/31728 http://secunia.com/advisories/31748 http://secunia.com/advisories/31855 http://secunia.com/advisories/31982 http://secunia.com/advisories/32488 http://secunia.com/advisories/32807 http://secunia.com/advisories/32974 http://secunia.com/advisories/35379 SuSE Security Announcement: SUSE-SR:2008:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://www.ubuntu.com/usn/usn-640-1 https://usn.ubuntu.com/644-1/ http://www.vupen.com/english/advisories/2008/2419 http://www.vupen.com/english/advisories/2008/2843 http://www.vupen.com/english/advisories/2008/2971 http://www.vupen.com/english/advisories/2009/1522 http://www.vupen.com/english/advisories/2009/1621
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com