Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0136)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2015.0136

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0136)

Resumen: The remote host is missing an update for the 'xerces-c' package(s) announced via the MGASA-2015-0136 advisory.

Descripción: Summary:
The remote host is missing an update for the 'xerces-c' package(s) announced via the MGASA-2015-0136 advisory.

Vulnerability Insight:
Updated xerces-c packages fix security vulnerability:

Anton Rager and Jonathan Brossard from the Salesforce.com Product Security
Team and Ben Laurie of Google discovered a denial of service vulnerability in
xerces-c. The parser mishandles certain kinds of malformed input documents,
resulting in a segmentation fault during a parse operation. An
unauthenticated attacker could use this flaw to cause an application using
the xerces-c library to crash (CVE-2015-0252).

Affected Software/OS:
'xerces-c' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-0252
BugTraq ID: 73252
http://www.securityfocus.com/bid/73252
Debian Security Information: DSA-3199 (Google Search)
http://www.debian.org/security/2015/dsa-3199
https://www.exploit-db.com/exploits/36906/
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152882.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153887.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153923.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html
http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html
RedHat Security Advisories: RHSA-2015:1193
http://rhn.redhat.com/errata/RHSA-2015-1193.html
http://www.securitytracker.com/id/1032254
SuSE Security Announcement: openSUSE-SU-2016:0966 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2015.0136
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0136)
Resumen:	The remote host is missing an update for the 'xerces-c' package(s) announced via the MGASA-2015-0136 advisory.
Descripción:	Summary: The remote host is missing an update for the 'xerces-c' package(s) announced via the MGASA-2015-0136 advisory. Vulnerability Insight: Updated xerces-c packages fix security vulnerability: Anton Rager and Jonathan Brossard from the Salesforce.com Product Security Team and Ben Laurie of Google discovered a denial of service vulnerability in xerces-c. The parser mishandles certain kinds of malformed input documents, resulting in a segmentation fault during a parse operation. An unauthenticated attacker could use this flaw to cause an application using the xerces-c library to crash (CVE-2015-0252). Affected Software/OS: 'xerces-c' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0252 BugTraq ID: 73252 http://www.securityfocus.com/bid/73252 Debian Security Information: DSA-3199 (Google Search) http://www.debian.org/security/2015/dsa-3199 https://www.exploit-db.com/exploits/36906/ http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152882.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153887.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153923.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html RedHat Security Advisories: RHSA-2015:1193 http://rhn.redhat.com/errata/RHSA-2015-1193.html http://www.securitytracker.com/id/1032254 SuSE Security Announcement: openSUSE-SU-2016:0966 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html
Copyright	Copyright (C) 2022 Greenbone AG