Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0550)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0550

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0550)

Resumen: The remote host is missing an update for the 'apache-poi' package(s) announced via the MGASA-2014-0550 advisory.

Descripción: Summary:
The remote host is missing an update for the 'apache-poi' package(s) announced via the MGASA-2014-0550 advisory.

Vulnerability Insight:
Updated apache-poi packages fix security vulnerabilities:

It was found that Apache POI would resolve entities in OOXML documents. A
remote attacker able to supply OOXML documents that are parsed by Apache POI
could use this flaw to read files accessible to the user running the
application server, and potentially perform other more advanced XXE attacks
(CVE-2014-3529).

It was found that Apache POI would expand an unlimited number of entities in
OOXML documents. A remote attacker able to supply OOXML documents that are
parsed by Apache POI could use this flaw to trigger a denial of service
attack via excessive CPU and memory consumption (CVE-2014-3574).

Affected Software/OS:
'apache-poi' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-3529
BugTraq ID: 69647
http://www.securityfocus.com/bid/69647
BugTraq ID: 78018
http://www.securityfocus.com/bid/78018
RedHat Security Advisories: RHSA-2014:1370
http://rhn.redhat.com/errata/RHSA-2014-1370.html
RedHat Security Advisories: RHSA-2014:1398
http://rhn.redhat.com/errata/RHSA-2014-1398.html
RedHat Security Advisories: RHSA-2014:1399
http://rhn.redhat.com/errata/RHSA-2014-1399.html
RedHat Security Advisories: RHSA-2014:1400
http://rhn.redhat.com/errata/RHSA-2014-1400.html
http://secunia.com/advisories/59943
http://secunia.com/advisories/60419
http://secunia.com/advisories/61766
XForce ISS Database: apache-poi-cve20143529-info-disc(95770)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95770
Common Vulnerability Exposure (CVE) ID: CVE-2014-3574
BugTraq ID: 69648
http://www.securityfocus.com/bid/69648
XForce ISS Database: apache-poi-cve20143574-dos(95768)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95768

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0550
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0550)
Resumen:	The remote host is missing an update for the 'apache-poi' package(s) announced via the MGASA-2014-0550 advisory.
Descripción:	Summary: The remote host is missing an update for the 'apache-poi' package(s) announced via the MGASA-2014-0550 advisory. Vulnerability Insight: Updated apache-poi packages fix security vulnerabilities: It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks (CVE-2014-3529). It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption (CVE-2014-3574). Affected Software/OS: 'apache-poi' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3529 BugTraq ID: 69647 http://www.securityfocus.com/bid/69647 BugTraq ID: 78018 http://www.securityfocus.com/bid/78018 RedHat Security Advisories: RHSA-2014:1370 http://rhn.redhat.com/errata/RHSA-2014-1370.html RedHat Security Advisories: RHSA-2014:1398 http://rhn.redhat.com/errata/RHSA-2014-1398.html RedHat Security Advisories: RHSA-2014:1399 http://rhn.redhat.com/errata/RHSA-2014-1399.html RedHat Security Advisories: RHSA-2014:1400 http://rhn.redhat.com/errata/RHSA-2014-1400.html http://secunia.com/advisories/59943 http://secunia.com/advisories/60419 http://secunia.com/advisories/61766 XForce ISS Database: apache-poi-cve20143529-info-disc(95770) https://exchange.xforce.ibmcloud.com/vulnerabilities/95770 Common Vulnerability Exposure (CVE) ID: CVE-2014-3574 BugTraq ID: 69648 http://www.securityfocus.com/bid/69648 XForce ISS Database: apache-poi-cve20143574-dos(95768) https://exchange.xforce.ibmcloud.com/vulnerabilities/95768
Copyright	Copyright (C) 2022 Greenbone AG