ID de Prueba:	1.3.6.1.4.1.25623.1.0.66392
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2009:200-1 (libxml)
Resumen:	The remote host is missing an update to libxml;announced via advisory MDVSA-2009:200-1.
Descripción:	Summary: The remote host is missing an update to libxml announced via advisory MDVSA-2009:200-1. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in libxml: Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2414). Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416). This update provides a solution to these vulnerabilities. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. Affected: 2008.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2414 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components http://www.securityfocus.com/archive/1/507985/100/0/threaded 35036 http://secunia.com/advisories/35036 36010 http://www.securityfocus.com/bid/36010 36207 http://secunia.com/advisories/36207 36338 http://secunia.com/advisories/36338 36417 http://secunia.com/advisories/36417 36631 http://secunia.com/advisories/36631 37346 http://secunia.com/advisories/37346 37471 http://secunia.com/advisories/37471 ADV-2009-2420 http://www.vupen.com/english/advisories/2009/2420 ADV-2009-3184 http://www.vupen.com/english/advisories/2009/3184 ADV-2009-3217 http://www.vupen.com/english/advisories/2009/3217 ADV-2009-3316 http://www.vupen.com/english/advisories/2009/3316 APPLE-SA-2009-11-09-1 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html APPLE-SA-2009-11-11-1 http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html APPLE-SA-2010-06-21-1 http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html DSA-1859 http://www.debian.org/security/2009/dsa-1859 FEDORA-2009-8491 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html FEDORA-2009-8498 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html FEDORA-2009-8580 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html SUSE-SR:2009:015 http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html USN-815-1 http://www.ubuntu.com/usn/USN-815-1 [debian-bugs-dist] 20090810 Bug#540865: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html http://support.apple.com/kb/HT3937 http://support.apple.com/kb/HT3949 http://support.apple.com/kb/HT4225 http://www.cert.fi/en/reports/2009/vulnerability2009085.html http://www.codenomicon.com/labs/xml/ http://www.networkworld.com/columnists/2009/080509-xml-flaw.html http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html http://www.vmware.com/security/advisories/VMSA-2009-0016.html https://bugzilla.redhat.com/show_bug.cgi?id=515195 https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59 oval:org.mitre.oval:def:10129 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10129 oval:org.mitre.oval:def:8639 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8639 Common Vulnerability Exposure (CVE) ID: CVE-2009-2416 https://bugzilla.redhat.com/show_bug.cgi?id=515205 oval:org.mitre.oval:def:7783 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783 oval:org.mitre.oval:def:9262 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.