ID de Prueba:	1.3.6.1.4.1.25623.1.0.831417
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for xerces-j2 MDVSA-2011:108 (xerces-j2)
Resumen:	The remote host is missing an update for the 'xerces-j2'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'xerces-j2' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability was discovered and corrected in xerces-j2: Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2625). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct this issue. Affected Software/OS: xerces-j2 on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2625 http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html BugTraq ID: 35958 http://www.securityfocus.com/bid/35958 Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) http://www.securityfocus.com/archive/1/507985/100/0/threaded Cert/CC Advisory: TA09-294A http://www.us-cert.gov/cas/techalerts/TA09-294A.html Cert/CC Advisory: TA10-012A http://www.us-cert.gov/cas/techalerts/TA10-012A.html Debian Security Information: DSA-1984 (Google Search) http://www.debian.org/security/2010/dsa-1984 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html HPdes Security Advisory: HPSBUX02476 http://marc.info/?l=bugtraq&m=125787273209737&w=2 HPdes Security Advisory: SSRT090250 http://www.mandriva.com/security/advisories?name=MDVSA-2009:209 http://www.mandriva.com/security/advisories?name=MDVSA-2011:108 http://www.cert.fi/en/reports/2009/vulnerability2009085.html http://www.codenomicon.com/labs/xml/ http://www.networkworld.com/columnists/2009/080509-xml-flaw.html https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55@%3Csolr-user.lucene.apache.org%3E http://www.openwall.com/lists/oss-security/2009/09/06/1 http://www.openwall.com/lists/oss-security/2009/10/22/9 http://www.openwall.com/lists/oss-security/2009/10/23/6 http://www.openwall.com/lists/oss-security/2009/10/26/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356 RedHat Security Advisories: RHSA-2009:1199 https://rhn.redhat.com/errata/RHSA-2009-1199.html RedHat Security Advisories: RHSA-2009:1200 https://rhn.redhat.com/errata/RHSA-2009-1200.html RedHat Security Advisories: RHSA-2009:1201 https://rhn.redhat.com/errata/RHSA-2009-1201.html http://www.redhat.com/support/errata/RHSA-2009-1615.html RedHat Security Advisories: RHSA-2009:1636 https://rhn.redhat.com/errata/RHSA-2009-1636.html RedHat Security Advisories: RHSA-2009:1637 https://rhn.redhat.com/errata/RHSA-2009-1637.html RedHat Security Advisories: RHSA-2009:1649 https://rhn.redhat.com/errata/RHSA-2009-1649.html RedHat Security Advisories: RHSA-2009:1650 https://rhn.redhat.com/errata/RHSA-2009-1650.html http://www.redhat.com/support/errata/RHSA-2011-0858.html RedHat Security Advisories: RHSA-2012:1232 http://rhn.redhat.com/errata/RHSA-2012-1232.html RedHat Security Advisories: RHSA-2012:1537 http://rhn.redhat.com/errata/RHSA-2012-1537.html http://www.securitytracker.com/id?1022680 http://secunia.com/advisories/36162 http://secunia.com/advisories/36176 http://secunia.com/advisories/36180 http://secunia.com/advisories/36199 http://secunia.com/advisories/37300 http://secunia.com/advisories/37460 http://secunia.com/advisories/37671 http://secunia.com/advisories/37754 http://secunia.com/advisories/38231 http://secunia.com/advisories/38342 http://secunia.com/advisories/43300 http://secunia.com/advisories/50549 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1 SuSE Security Announcement: SUSE-SA:2009:053 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html SuSE Security Announcement: SUSE-SR:2009:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html SuSE Security Announcement: SUSE-SR:2009:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://www.ubuntu.com/usn/USN-890-1 http://www.vupen.com/english/advisories/2009/2543 http://www.vupen.com/english/advisories/2009/3316 http://www.vupen.com/english/advisories/2011/0359
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.