Mandrake Local Security Checks : Mandriva Update for xmlsec1 MDVSA-2011:063 (xmlsec1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.831362

Categoría: Mandrake Local Security Checks

Título: Mandriva Update for xmlsec1 MDVSA-2011:063 (xmlsec1)

Resumen: The remote host is missing an update for the 'xmlsec1'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'xmlsec1'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability was discovered and corrected in xmlsec1:

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as
used in WebKit and other products, when XSLT is enabled, allows
remote attackers to create or overwrite arbitrary files via vectors
involving the libxslt output extension and a ds:Transform element
during signature verification (CVE-2011-1425).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. The updated packages have been patched to correct this issue.

Affected Software/OS:
xmlsec1 on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
5.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1425
BugTraq ID: 47135
http://www.securityfocus.com/bid/47135
Debian Security Information: DSA-2219 (Google Search)
http://www.debian.org/security/2011/dsa-2219
http://www.mandriva.com/security/advisories?name=MDVSA-2011:063
http://www.aleksey.com/pipermail/xmlsec/2011/009120.html
http://www.redhat.com/support/errata/RHSA-2011-0486.html
http://www.securitytracker.com/id?1025284
http://secunia.com/advisories/43920
http://secunia.com/advisories/44167
http://secunia.com/advisories/44423
http://www.vupen.com/english/advisories/2011/0855
http://www.vupen.com/english/advisories/2011/0858
http://www.vupen.com/english/advisories/2011/1010
http://www.vupen.com/english/advisories/2011/1172
XForce ISS Database: xmlsecurity-xmlfiles-sec-bypass(66506)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66506

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831362
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for xmlsec1 MDVSA-2011:063 (xmlsec1)
Resumen:	The remote host is missing an update for the 'xmlsec1'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'xmlsec1' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability was discovered and corrected in xmlsec1: xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification (CVE-2011-1425). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct this issue. Affected Software/OS: xmlsec1 on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1425 BugTraq ID: 47135 http://www.securityfocus.com/bid/47135 Debian Security Information: DSA-2219 (Google Search) http://www.debian.org/security/2011/dsa-2219 http://www.mandriva.com/security/advisories?name=MDVSA-2011:063 http://www.aleksey.com/pipermail/xmlsec/2011/009120.html http://www.redhat.com/support/errata/RHSA-2011-0486.html http://www.securitytracker.com/id?1025284 http://secunia.com/advisories/43920 http://secunia.com/advisories/44167 http://secunia.com/advisories/44423 http://www.vupen.com/english/advisories/2011/0855 http://www.vupen.com/english/advisories/2011/0858 http://www.vupen.com/english/advisories/2011/1010 http://www.vupen.com/english/advisories/2011/1172 XForce ISS Database: xmlsecurity-xmlfiles-sec-bypass(66506) https://exchange.xforce.ibmcloud.com/vulnerabilities/66506
Copyright	Copyright (C) 2011 Greenbone AG