CentOS Local Security Checks : CentOS Update for libxml2 CESA-2013:0581 centos6

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881647

Categoría: CentOS Local Security Checks

Título: CentOS Update for libxml2 CESA-2013:0581 centos6

Resumen: The remote host is missing an update for the 'libxml2'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'libxml2'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The libxml2 library is a development toolbox providing the implementation
of various XML standards.

A denial of service flaw was found in the way libxml2 performed string
substitutions when entity values for entity references replacement was
enabled. A remote attacker could provide a specially-crafted XML file that,
when processed by an application linked against libxml2, would lead to
excessive CPU consumption. (CVE-2013-0338)

All users of libxml2 are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The desktop must
be restarted (log out, then log back in) for this update to take effect.

Affected Software/OS:
libxml2 on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-0338
52662
http://secunia.com/advisories/52662
55568
http://secunia.com/advisories/55568
DSA-2652
http://www.debian.org/security/2013/dsa-2652
HPSBGN03302
http://marc.info/?l=bugtraq&m=142798889927587&w=2
MDVSA-2013:056
http://www.mandriva.com/security/advisories?name=MDVSA-2013:056
SSRT101996
SUSE-SU-2013:1627
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
USN-1782-1
http://www.ubuntu.com/usn/USN-1782-1
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
https://bugzilla.redhat.com/show_bug.cgi?id=912400
https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
openSUSE-SU-2013:0552
http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html
openSUSE-SU-2013:0555
http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881647
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for libxml2 CESA-2013:0581 centos6
Resumen:	The remote host is missing an update for the 'libxml2'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'libxml2' package(s) announced via the referenced advisory. Vulnerability Insight: The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption. (CVE-2013-0338) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. Affected Software/OS: libxml2 on CentOS 6 Solution: Please install the updated packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0338 52662 http://secunia.com/advisories/52662 55568 http://secunia.com/advisories/55568 DSA-2652 http://www.debian.org/security/2013/dsa-2652 HPSBGN03302 http://marc.info/?l=bugtraq&m=142798889927587&w=2 MDVSA-2013:056 http://www.mandriva.com/security/advisories?name=MDVSA-2013:056 SSRT101996 SUSE-SU-2013:1627 http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html USN-1782-1 http://www.ubuntu.com/usn/USN-1782-1 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html https://bugzilla.redhat.com/show_bug.cgi?id=912400 https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab openSUSE-SU-2013:0552 http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html openSUSE-SU-2013:0555 http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html
Copyright	Copyright (C) 2013 Greenbone AG