Red Hat Local Security Checks : RedHat Security Advisory RHSA-2008:0988

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61816

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2008:0988

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2008:0988.

libxml2 is a library for parsing and manipulating XML files. It includes
support for reading, modifying, and writing XML and HTML files.

An integer overflow flaw causing a heap-based buffer overflow was found in
the libxml2 XML parser. If an application linked against libxml2 processed
untrusted, malformed XML content, it could cause the application to crash
or, possibly, execute arbitrary code. (CVE-2008-4226)

A denial of service flaw was discovered in the libxml2 XML parser. If an
application linked against libxml2 processed untrusted, malformed XML
content, it could cause the application to enter an infinite loop.
(CVE-2008-4225)

Red Hat would like to thank Drew Yao of the Apple Product Security team for
reporting these issues.

Users of libxml2 are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0988.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-4225
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
BugTraq ID: 32331
http://www.securityfocus.com/bid/32331
Debian Security Information: DSA-1666 (Google Search)
http://www.debian.org/security/2008/dsa-1666
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00472.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00513.html
http://security.gentoo.org/glsa/glsa-200812-06.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:231
http://www.osvdb.org/49992
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10025
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6234
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6415
http://www.redhat.com/support/errata/RHSA-2008-0988.html
http://securitytracker.com/id?1021239
http://secunia.com/advisories/32762
http://secunia.com/advisories/32764
http://secunia.com/advisories/32766
http://secunia.com/advisories/32773
http://secunia.com/advisories/32802
http://secunia.com/advisories/32807
http://secunia.com/advisories/32811
http://secunia.com/advisories/32974
http://secunia.com/advisories/33417
http://secunia.com/advisories/33746
http://secunia.com/advisories/33792
http://secunia.com/advisories/34247
http://secunia.com/advisories/35379
http://secunia.com/advisories/36173
http://secunia.com/advisories/36235
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473974
http://sunsolve.sun.com/search/document.do?assetkey=1-26-251406-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1
http://www.ubuntu.com/usn/usn-673-1
http://www.vupen.com/english/advisories/2008/3176
http://www.vupen.com/english/advisories/2009/0034
http://www.vupen.com/english/advisories/2009/0301
http://www.vupen.com/english/advisories/2009/0323
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
Common Vulnerability Exposure (CVE) ID: CVE-2008-4226
BugTraq ID: 32326
http://www.securityfocus.com/bid/32326
HPdes Security Advisory: HPSBMA02492
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
HPdes Security Advisory: SSRT100079
http://www.osvdb.org/49993
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6219
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6360
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9888
http://securitytracker.com/id?1021238
http://secunia.com/advisories/32872
SuSE Security Announcement: SUSE-SR:2008:026 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61816
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0988
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0988. libxml2 is a library for parsing and manipulating XML files. It includes support for reading, modifying, and writing XML and HTML files. An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-4226) A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. (CVE-2008-4225) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. Users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0988.html http://www.redhat.com/security/updates/classification/#important Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4225 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html BugTraq ID: 32331 http://www.securityfocus.com/bid/32331 Debian Security Information: DSA-1666 (Google Search) http://www.debian.org/security/2008/dsa-1666 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00472.html https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00513.html http://security.gentoo.org/glsa/glsa-200812-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:231 http://www.osvdb.org/49992 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10025 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6234 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6415 http://www.redhat.com/support/errata/RHSA-2008-0988.html http://securitytracker.com/id?1021239 http://secunia.com/advisories/32762 http://secunia.com/advisories/32764 http://secunia.com/advisories/32766 http://secunia.com/advisories/32773 http://secunia.com/advisories/32802 http://secunia.com/advisories/32807 http://secunia.com/advisories/32811 http://secunia.com/advisories/32974 http://secunia.com/advisories/33417 http://secunia.com/advisories/33746 http://secunia.com/advisories/33792 http://secunia.com/advisories/34247 http://secunia.com/advisories/35379 http://secunia.com/advisories/36173 http://secunia.com/advisories/36235 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473974 http://sunsolve.sun.com/search/document.do?assetkey=1-26-251406-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1 http://www.ubuntu.com/usn/usn-673-1 http://www.vupen.com/english/advisories/2008/3176 http://www.vupen.com/english/advisories/2009/0034 http://www.vupen.com/english/advisories/2009/0301 http://www.vupen.com/english/advisories/2009/0323 http://www.vupen.com/english/advisories/2009/1522 http://www.vupen.com/english/advisories/2009/1621 Common Vulnerability Exposure (CVE) ID: CVE-2008-4226 BugTraq ID: 32326 http://www.securityfocus.com/bid/32326 HPdes Security Advisory: HPSBMA02492 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 HPdes Security Advisory: SSRT100079 http://www.osvdb.org/49993 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6219 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6360 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9888 http://securitytracker.com/id?1021238 http://secunia.com/advisories/32872 SuSE Security Announcement: SUSE-SR:2008:026 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com