ID de Prueba:	1.3.6.1.4.1.25623.1.0.66357
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:1625
Resumen:	The remote host is missing updates announced in;advisory RHSA-2009:1625.;;Expat is a C library written by James Clark for parsing XML documents.;;Two buffer over-read flaws were found in the way Expat handled malformed;UTF-8 sequences when processing XML files. A specially-crafted XML file;could cause applications using Expat to crash while parsing the file.;(CVE-2009-3560, CVE-2009-3720);;All expat users should upgrade to these updated packages, which contain;backported patches to correct these issues. After installing the updated;packages, applications using the Expat library must be restarted for the;update to take effect.
Descripción:	Summary: The remote host is missing updates announced in advisory RHSA-2009:1625. Expat is a C library written by James Clark for parsing XML documents. Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file. (CVE-2009-3560, CVE-2009-3720) All expat users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, applications using the Expat library must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3560 BugTraq ID: 37203 http://www.securityfocus.com/bid/37203 Debian Security Information: DSA-1953 (Google Search) http://www.debian.org/security/2009/dsa-1953 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00370.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00394.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00413.html HPdes Security Advisory: HPSBUX02645 http://marc.info/?l=bugtraq&m=130168502603566&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2009:316 http://mail.python.org/pipermail/expat-bugs/2009-November/002846.html https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E http://lists.vmware.com/pipermail/security-announce/2010/000082.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10613 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12942 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6883 http://www.redhat.com/support/errata/RHSA-2011-0896.html http://www.securitytracker.com/id?1023278 http://secunia.com/advisories/37537 http://secunia.com/advisories/38231 http://secunia.com/advisories/38794 http://secunia.com/advisories/38832 http://secunia.com/advisories/38834 http://secunia.com/advisories/39478 http://secunia.com/advisories/41701 http://secunia.com/advisories/43300 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1 SuSE Security Announcement: SUSE-SR:2010:001 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html SuSE Security Announcement: SUSE-SR:2010:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html SuSE Security Announcement: SUSE-SR:2010:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html SuSE Security Announcement: SUSE-SR:2010:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://www.ubuntu.com/usn/USN-890-1 http://www.ubuntu.com/usn/USN-890-6 http://www.vupen.com/english/advisories/2010/0528 http://www.vupen.com/english/advisories/2010/0896 http://www.vupen.com/english/advisories/2010/1107 http://www.vupen.com/english/advisories/2011/0359 Common Vulnerability Exposure (CVE) ID: CVE-2009-3720 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01274.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051247.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051228.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051442.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051405.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:211 http://www.mandriva.com/security/advisories?name=MDVSA-2009:212 http://www.mandriva.com/security/advisories?name=MDVSA-2009:215 http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 http://www.mandriva.com/security/advisories?name=MDVSA-2009:218 http://www.mandriva.com/security/advisories?name=MDVSA-2009:219 http://www.mandriva.com/security/advisories?name=MDVSA-2009:220 http://sourceforge.net/tracker/index.php?func=detail&aid=1990430&group_id=10127&atid=110127 http://mail.python.org/pipermail/expat-bugs/2009-January/002781.html https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2009/08/21/2 http://www.openwall.com/lists/oss-security/2009/08/26/4 http://www.openwall.com/lists/oss-security/2009/08/26/3 http://www.openwall.com/lists/oss-security/2009/08/27/6 http://www.openwall.com/lists/oss-security/2009/09/06/1 http://www.openwall.com/lists/oss-security/2009/10/23/2 http://www.openwall.com/lists/oss-security/2009/10/22/9 http://www.openwall.com/lists/oss-security/2009/10/22/5 http://www.openwall.com/lists/oss-security/2009/10/23/6 http://www.openwall.com/lists/oss-security/2009/10/26/3 http://www.openwall.com/lists/oss-security/2009/10/28/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12719 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7112 http://www.redhat.com/support/errata/RHSA-2010-0002.html http://www.securitytracker.com/id?1023160 http://secunia.com/advisories/37324 http://secunia.com/advisories/37925 http://secunia.com/advisories/38050 http://secunia.com/advisories/42326 http://secunia.com/advisories/42338 SuSE Security Announcement: SUSE-SR:2009:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://www.vupen.com/english/advisories/2010/3035 http://www.vupen.com/english/advisories/2010/3053 http://www.vupen.com/english/advisories/2010/3061
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.