 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2014.0218 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2014-0218) |
| Resumen: | The remote host is missing an update for the 'python-lxml' package(s) announced via the MGASA-2014-0218 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'python-lxml' package(s) announced via the MGASA-2014-0218 advisory. Vulnerability Insight: Updated python-lxml packages fix security vulnerability: The clean_html() function, provided by the lxml.html.clean module, did not properly clean HTML input if it included non-printed characters (\x01-\x08). A remote attacker could use this flaw to serve malicious content to an application using the clean_html() function to process HTML, possibly allowing the attacker to inject malicious code into a website generated by this application (CVE-2014-3146). Affected Software/OS: 'python-lxml' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3146 20140415 lxml (python lib) vulnerability http://seclists.org/fulldisclosure/2014/Apr/210 20140430 Re: lxml (python lib) vulnerability http://seclists.org/fulldisclosure/2014/Apr/319 58013 http://secunia.com/advisories/58013 58744 http://secunia.com/advisories/58744 59008 http://secunia.com/advisories/59008 67159 http://www.securityfocus.com/bid/67159 DSA-2941 http://www.debian.org/security/2014/dsa-2941 MDVSA-2015:112 http://www.mandriva.com/security/advisories?name=MDVSA-2015:112 USN-2217-1 http://www.ubuntu.com/usn/USN-2217-1 [lxml] 20140415 lxml.html.clean vulnerability https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html [oss-security] 20140509 Re: CVE request: python-lxml clean_html() input sanitization flaw http://www.openwall.com/lists/oss-security/2014/05/09/7 http://advisories.mageia.org/MGASA-2014-0218.html http://lxml.de/3.3/changes-3.3.5.html openSUSE-SU-2014:0735 http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |