ID de Prueba:	1.3.6.1.4.1.25623.1.0.880711
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for xerces-j2 CESA-2009:1615 centos5 i386
Resumen:	The remote host is missing an update for the 'xerces-j2'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'xerces-j2' package(s) announced via the referenced advisory. Vulnerability Insight: The xerces-j2 packages provide the Apache Xerces2 Java Parser, a high-performance XML parser. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially-crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service (application hang due to excessive CPU use). (CVE-2009-2625) Users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the Apache Xerces2 Java Parser must be restarted for this update to take effect. Affected Software/OS: xerces-j2 on CentOS 5 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2625 http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html BugTraq ID: 35958 http://www.securityfocus.com/bid/35958 Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) http://www.securityfocus.com/archive/1/507985/100/0/threaded Cert/CC Advisory: TA09-294A http://www.us-cert.gov/cas/techalerts/TA09-294A.html Cert/CC Advisory: TA10-012A http://www.us-cert.gov/cas/techalerts/TA10-012A.html Debian Security Information: DSA-1984 (Google Search) http://www.debian.org/security/2010/dsa-1984 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html HPdes Security Advisory: HPSBUX02476 http://marc.info/?l=bugtraq&m=125787273209737&w=2 HPdes Security Advisory: SSRT090250 http://www.mandriva.com/security/advisories?name=MDVSA-2009:209 http://www.mandriva.com/security/advisories?name=MDVSA-2011:108 http://www.cert.fi/en/reports/2009/vulnerability2009085.html http://www.codenomicon.com/labs/xml/ http://www.networkworld.com/columnists/2009/080509-xml-flaw.html https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55@%3Csolr-user.lucene.apache.org%3E http://www.openwall.com/lists/oss-security/2009/09/06/1 http://www.openwall.com/lists/oss-security/2009/10/22/9 http://www.openwall.com/lists/oss-security/2009/10/23/6 http://www.openwall.com/lists/oss-security/2009/10/26/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356 RedHat Security Advisories: RHSA-2009:1199 https://rhn.redhat.com/errata/RHSA-2009-1199.html RedHat Security Advisories: RHSA-2009:1200 https://rhn.redhat.com/errata/RHSA-2009-1200.html RedHat Security Advisories: RHSA-2009:1201 https://rhn.redhat.com/errata/RHSA-2009-1201.html http://www.redhat.com/support/errata/RHSA-2009-1615.html RedHat Security Advisories: RHSA-2009:1636 https://rhn.redhat.com/errata/RHSA-2009-1636.html RedHat Security Advisories: RHSA-2009:1637 https://rhn.redhat.com/errata/RHSA-2009-1637.html RedHat Security Advisories: RHSA-2009:1649 https://rhn.redhat.com/errata/RHSA-2009-1649.html RedHat Security Advisories: RHSA-2009:1650 https://rhn.redhat.com/errata/RHSA-2009-1650.html http://www.redhat.com/support/errata/RHSA-2011-0858.html RedHat Security Advisories: RHSA-2012:1232 http://rhn.redhat.com/errata/RHSA-2012-1232.html RedHat Security Advisories: RHSA-2012:1537 http://rhn.redhat.com/errata/RHSA-2012-1537.html http://www.securitytracker.com/id?1022680 http://secunia.com/advisories/36162 http://secunia.com/advisories/36176 http://secunia.com/advisories/36180 http://secunia.com/advisories/36199 http://secunia.com/advisories/37300 http://secunia.com/advisories/37460 http://secunia.com/advisories/37671 http://secunia.com/advisories/37754 http://secunia.com/advisories/38231 http://secunia.com/advisories/38342 http://secunia.com/advisories/43300 http://secunia.com/advisories/50549 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1 SuSE Security Announcement: SUSE-SA:2009:053 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html SuSE Security Announcement: SUSE-SR:2009:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html SuSE Security Announcement: SUSE-SR:2009:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://www.ubuntu.com/usn/USN-890-1 http://www.vupen.com/english/advisories/2009/2543 http://www.vupen.com/english/advisories/2009/3316 http://www.vupen.com/english/advisories/2011/0359
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.