Test ID:	1.3.6.1.4.1.25623.1.0.69983
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2277-1)
Summary:	The remote host is missing an update for the Debian 'xml-security-c' package(s) announced via the DSA-2277-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'xml-security-c' package(s) announced via the DSA-2277-1 advisory. Vulnerability Insight: It has been discovered that xml-security-c, an implementation of the XML Digital Signature and Encryption specifications, is not properly handling RSA keys of sizes on the order of 8192 or more bits. This allows an attacker to crash applications using this functionality or potentially execute arbitrary code by tricking an application into verifying a signature created with a sufficiently long RSA key. For the oldstable distribution (lenny), this problem has been fixed in version 1.4.0-3+lenny3. For the stable distribution (squeeze), this problem has been fixed in version 1.5.1-3+squeeze1. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 1.6.1-1. We recommend that you upgrade your xml-security-c packages. Affected Software/OS: 'xml-security-c' package(s) on Debian 5, Debian 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2516 1025755 http://www.securitytracker.com/id?1025755 20110707 Security Advisory: CVE-2011-2516 http://www.securityfocus.com/archive/1/518756/100/0/threaded 45151 http://secunia.com/advisories/45151 45191 http://secunia.com/advisories/45191 45198 http://secunia.com/advisories/45198 45491 http://secunia.com/advisories/45491 48611 http://www.securityfocus.com/bid/48611 DSA-2277 http://www.debian.org/security/2011/dsa-2277 FEDORA-2011-9494 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063229.html FEDORA-2011-9501 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063159.html [santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E [santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E apache-xml-dos(68420) https://exchange.xforce.ibmcloud.com/vulnerabilities/68420 http://santuario.apache.org/secadv/CVE-2011-2516.txt http://shibboleth.internet2.edu/secadv/secadv_20110706.txt https://issues.apache.org/jira/browse/SANTUARIO-271
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.