Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2013-0193)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2013.0193

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2013-0193)

Resumen: The remote host is missing an update for the 'xml-security-c' package(s) announced via the MGASA-2013-0193 advisory.

Descripción: Summary:
The remote host is missing an update for the 'xml-security-c' package(s) announced via the MGASA-2013-0193 advisory.

Vulnerability Insight:
The implementation of XML digital signatures in the Santuario-C++ library
is vulnerable to a spoofing issue allowing an attacker to reuse existing
signatures with arbitrary content (CVE-2013-2153).

A stack overflow, possibly leading to arbitrary code execution, exists in
the processing of malformed XPointer expressions in the XML Signature
Reference processing code (CVE-2013-2154).

A bug in the processing of the output length of an HMAC-based XML
Signature would cause a denial of service when processing specially chosen
input (CVE-2013-2155).

A heap overflow exists in the processing of the PrefixList attribute
optionally used in conjunction with Exclusive Canonicalization, potentially
allowing arbitrary code execution (CVE-2013-2156).

The attempted fix to address CVE-2013-2154 introduced the possibility of a
heap overflow, possibly leading to arbitrary code execution, in the
processing of malformed XPointer expressions in the XML Signature Reference
processing code (CVE-2013-2210).

Affected Software/OS:
'xml-security-c' package(s) on Mageia 2, Mageia 3.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-2153
Debian Security Information: DSA-2710 (Google Search)
http://www.debian.org/security/2013/dsa-2710
http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0140.html
http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGReference.cpp?r1=1125514&r2=1493959&pathrev=1493959&diff_format=h
https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E
https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E
Common Vulnerability Exposure (CVE) ID: CVE-2013-2154
http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0141.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-2155
http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0142.html
http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp?r1=1125752&r2=1493960&pathrev=1493960&diff_format=h
Common Vulnerability Exposure (CVE) ID: CVE-2013-2156
http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0143.html
http://svn.apache.org/viewvc?view=revision&revision=1493961
Common Vulnerability Exposure (CVE) ID: CVE-2013-2210
20130626 CVE-2013-2210
http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0216.html
DSA-2717
http://www.debian.org/security/2013/dsa-2717
[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html
https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E
[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html
https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E
http://santuario.apache.org/secadv.data/CVE-2013-2210.txt
https://www.tenable.com/security/tns-2018-15

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2013.0193
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2013-0193)
Resumen:	The remote host is missing an update for the 'xml-security-c' package(s) announced via the MGASA-2013-0193 advisory.
Descripción:	Summary: The remote host is missing an update for the 'xml-security-c' package(s) announced via the MGASA-2013-0193 advisory. Vulnerability Insight: The implementation of XML digital signatures in the Santuario-C++ library is vulnerable to a spoofing issue allowing an attacker to reuse existing signatures with arbitrary content (CVE-2013-2153). A stack overflow, possibly leading to arbitrary code execution, exists in the processing of malformed XPointer expressions in the XML Signature Reference processing code (CVE-2013-2154). A bug in the processing of the output length of an HMAC-based XML Signature would cause a denial of service when processing specially chosen input (CVE-2013-2155). A heap overflow exists in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitrary code execution (CVE-2013-2156). The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code (CVE-2013-2210). Affected Software/OS: 'xml-security-c' package(s) on Mageia 2, Mageia 3. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2153 Debian Security Information: DSA-2710 (Google Search) http://www.debian.org/security/2013/dsa-2710 http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0140.html http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGReference.cpp?r1=1125514&r2=1493959&pathrev=1493959&diff_format=h https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2013-2154 http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0141.html Common Vulnerability Exposure (CVE) ID: CVE-2013-2155 http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0142.html http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp?r1=1125752&r2=1493960&pathrev=1493960&diff_format=h Common Vulnerability Exposure (CVE) ID: CVE-2013-2156 http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0143.html http://svn.apache.org/viewvc?view=revision&revision=1493961 Common Vulnerability Exposure (CVE) ID: CVE-2013-2210 20130626 CVE-2013-2210 http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0216.html DSA-2717 http://www.debian.org/security/2013/dsa-2717 [santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E [santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E http://santuario.apache.org/secadv.data/CVE-2013-2210.txt https://www.tenable.com/security/tns-2018-15
Copyright	Copyright (C) 2022 Greenbone AG