English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 74154 CVE descriptions
and 39337 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61510
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-633-1 (libxslt)
Summary:Ubuntu USN-633-1 (libxslt)
Description:
The remote host is missing an update to libxslt
announced via advisory USN-633-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Details follow:

It was discovered that long transformation matches in libxslt could
overflow. If an attacker were able to make an application linked against
libxslt process malicious XSL style sheet input, they could execute
arbitrary code with user privileges or cause the application to crash,
leading to a denial of serivce. (CVE-2008-1767)

Chris Evans discovered that the RC4 processing code in libxslt did not
correctly handle corrupted key information. If a remote attacker were
able to make an application linked against libxslt process malicious
XML input, they could crash the application, leading to a denial of
service. (CVE-2008-2935)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libxslt1.1 1.1.15-1ubuntu1.2

Ubuntu 7.04:
libxslt1.1 1.1.20-0ubuntu2.2

Ubuntu 7.10:
libxslt1.1 1.1.21-2ubuntu2.2

Ubuntu 8.04 LTS:
libxslt1.1 1.1.22-1ubuntu1.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-633-1

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-1767
http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html
Debian Security Information: DSA-1589 (Google Search)
http://www.debian.org/security/2008/dsa-1589
http://security.gentoo.org/glsa/glsa-200806-02.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:151
http://www.redhat.com/support/errata/RHSA-2008-0287.html
SuSE Security Announcement: SUSE-SR:2008:013 (Google Search)
http://www.novell.com/linux/security/advisories/2008_13_sr.html
http://www.ubuntu.com/usn/usn-633-1
BugTraq ID: 29312
http://www.securityfocus.com/bid/29312
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9785
http://secunia.com/advisories/32706
http://www.vupen.com/english/advisories/2008/1580/references
http://www.vupen.com/english/advisories/2008/2094/references
http://www.vupen.com/english/advisories/2008/2780
http://www.securitytracker.com/id?1020071
http://secunia.com/advisories/30315
http://secunia.com/advisories/30323
http://secunia.com/advisories/30393
http://secunia.com/advisories/30521
http://secunia.com/advisories/30717
http://secunia.com/advisories/31074
http://secunia.com/advisories/31363
http://secunia.com/advisories/32222
XForce ISS Database: libxslt-xsl-bo(42560)
http://xforce.iss.net/xforce/xfdb/42560
Common Vulnerability Exposure (CVE) ID: CVE-2008-2935
Bugtraq: 20080731 [oCERT-2008-009] libxslt heap overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/494976/100/0/threaded
Bugtraq: 20080801 libxslt heap overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/495018/100/0/threaded
Bugtraq: 20081027 rPSA-2008-0306-1 libxslt (Google Search)
http://www.securityfocus.com/archive/1/archive/1/497829/100/0/threaded
http://www.ocert.org/advisories/ocert-2008-009.html
http://www.ocert.org/patches/exslt_crypt.patch
http://www.scary.beasts.org/security/CESA-2008-003.html
Debian Security Information: DSA-1624 (Google Search)
http://www.debian.org/security/2008/dsa-1624
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html
http://security.gentoo.org/glsa/glsa-200808-06.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:160
http://www.redhat.com/support/errata/RHSA-2008-0649.html
BugTraq ID: 30467
http://www.securityfocus.com/bid/30467
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10827
http://www.vupen.com/english/advisories/2008/2266/references
http://www.securitytracker.com/id?1020596
http://secunia.com/advisories/31230
http://secunia.com/advisories/31310
http://secunia.com/advisories/31331
http://secunia.com/advisories/31395
http://secunia.com/advisories/31399
http://secunia.com/advisories/32453
http://securityreason.com/securityalert/4078
XForce ISS Database: libxslt-multiple-crypto-bo(44141)
http://xforce.iss.net/xforce/xfdb/44141
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 39337 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.