|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for gnome-vfs2 RHSA-2013:0131-01|
|Summary:||The remote host is missing an update for the 'gnome-vfs2'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'gnome-vfs2'
package(s) announced via the referenced advisory.
The gnome-vfs2 packages provide the GNOME Virtual File System, which is the
foundation of the Nautilus file manager. neon is an HTTP and WebDAV client
library embedded in the gnome-vfs2 packages.
A denial of service flaw was found in the neon Extensible Markup Language
(XML) parser. Visiting a malicious DAV server with an application using
gnome-vfs2 (such as Nautilus) could possibly cause the application to
consume an excessive amount of CPU and memory. (CVE-2009-2473)
This update also fixes the following bugs:
* When extracted from the Uniform Resource Identifier (URI), gnome-vfs2
returned escaped file paths. If a path, as stored in the URI,
contained non-ASCII characters or ASCII characters which are parsed as
something other than a file path (for example, spaces), the escaped path
was inaccurate. Consequently, files with the described type of URI could
not be processed. With this update, gnome-vfs2 properly unescapes paths
that are required for a system call. As a result, these paths are parsed
* In certain cases, the trash info file was populated by foreign
entries, pointing to live data. Emptying the trash caused an accidental
deletion of valuable data. With this update, a workaround has been applied
in order to prevent the deletion. As a result, the accidental data loss is
prevented, however further information is still gathered to fully fix this
ClearCase. This behavior significantly slowed down file operations. With
this update, the unnecessary stat() operations have been limited. As a
result, gnome-vfs2 user interfaces, such as Nautilus, are more responsive.
All gnome-vfs2 users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.
Description truncated, please see the referenced URL(s) for more information.
gnome-vfs2 on Red Hat Enterprise Linux (v. 5 server)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2009-2473|
RedHat Security Advisories: RHSA-2013:0131
SuSE Security Announcement: SUSE-SR:2009:018 (Google Search)
XForce ISS Database: neon-xml-dos(52633)
|Copyright||Copyright (c) 2013 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.