ID de Prueba:	1.3.6.1.4.1.25623.1.0.66239
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:1572
Resumen:	The remote host is missing updates announced in;advisory RHSA-2009:1572.;;The 4Suite package contains XML-related tools and libraries for Python,;including 4DOM, 4XSLT, 4XPath, 4RDF, and 4XPointer.;;A buffer over-read flaw was found in the way 4Suite's XML parser handles;malformed UTF-8 sequences when processing XML files. A specially-crafted;XML file could cause applications using the 4Suite library to crash while;parsing the file. (CVE-2009-3720);;Note: In Red Hat Enterprise Linux 3, this flaw only affects a non-default;configuration of the 4Suite package: configurations where the beta version;of the cDomlette module is enabled.;;All 4Suite users should upgrade to this updated package, which contains a;backported patch to correct this issue. After installing the updated;package, applications using the 4Suite XML-related tools and libraries must;be restarted for the update to take effect.
Descripción:	Summary: The remote host is missing updates announced in advisory RHSA-2009:1572. The 4Suite package contains XML-related tools and libraries for Python, including 4DOM, 4XSLT, 4XPath, 4RDF, and 4XPointer. A buffer over-read flaw was found in the way 4Suite's XML parser handles malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using the 4Suite library to crash while parsing the file. (CVE-2009-3720) Note: In Red Hat Enterprise Linux 3, this flaw only affects a non-default configuration of the 4Suite package: configurations where the beta version of the cDomlette module is enabled. All 4Suite users should upgrade to this updated package, which contains a backported patch to correct this issue. After installing the updated package, applications using the 4Suite XML-related tools and libraries must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3720 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00370.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00413.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01274.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051247.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051228.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051442.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051405.html HPdes Security Advisory: HPSBUX02645 http://marc.info/?l=bugtraq&m=130168502603566&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2009:211 http://www.mandriva.com/security/advisories?name=MDVSA-2009:212 http://www.mandriva.com/security/advisories?name=MDVSA-2009:215 http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 http://www.mandriva.com/security/advisories?name=MDVSA-2009:218 http://www.mandriva.com/security/advisories?name=MDVSA-2009:219 http://www.mandriva.com/security/advisories?name=MDVSA-2009:220 http://sourceforge.net/tracker/index.php?func=detail&aid=1990430&group_id=10127&atid=110127 http://mail.python.org/pipermail/expat-bugs/2009-January/002781.html https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2009/08/21/2 http://www.openwall.com/lists/oss-security/2009/08/26/4 http://www.openwall.com/lists/oss-security/2009/08/26/3 http://www.openwall.com/lists/oss-security/2009/08/27/6 http://www.openwall.com/lists/oss-security/2009/09/06/1 http://www.openwall.com/lists/oss-security/2009/10/23/2 http://www.openwall.com/lists/oss-security/2009/10/22/9 http://www.openwall.com/lists/oss-security/2009/10/22/5 http://www.openwall.com/lists/oss-security/2009/10/23/6 http://www.openwall.com/lists/oss-security/2009/10/26/3 http://www.openwall.com/lists/oss-security/2009/10/28/3 http://lists.vmware.com/pipermail/security-announce/2010/000082.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12719 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7112 http://www.redhat.com/support/errata/RHSA-2010-0002.html http://www.redhat.com/support/errata/RHSA-2011-0896.html http://www.securitytracker.com/id?1023160 http://secunia.com/advisories/37324 http://secunia.com/advisories/37537 http://secunia.com/advisories/37925 http://secunia.com/advisories/38050 http://secunia.com/advisories/38231 http://secunia.com/advisories/38794 http://secunia.com/advisories/38832 http://secunia.com/advisories/38834 http://secunia.com/advisories/39478 http://secunia.com/advisories/41701 http://secunia.com/advisories/42326 http://secunia.com/advisories/42338 http://secunia.com/advisories/43300 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1 SuSE Security Announcement: SUSE-SR:2009:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html SuSE Security Announcement: SUSE-SR:2010:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html SuSE Security Announcement: SUSE-SR:2010:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html SuSE Security Announcement: SUSE-SR:2010:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://www.ubuntu.com/usn/USN-890-1 http://www.ubuntu.com/usn/USN-890-6 http://www.vupen.com/english/advisories/2010/0528 http://www.vupen.com/english/advisories/2010/0896 http://www.vupen.com/english/advisories/2010/1107 http://www.vupen.com/english/advisories/2010/3035 http://www.vupen.com/english/advisories/2010/3053 http://www.vupen.com/english/advisories/2010/3061 http://www.vupen.com/english/advisories/2011/0359
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.