Test ID:	1.3.6.1.4.1.25623.1.1.10.2013.0193
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2013-0193)
Summary:	The remote host is missing an update for the 'xml-security-c' package(s) announced via the MGASA-2013-0193 advisory.
Description:	Summary: The remote host is missing an update for the 'xml-security-c' package(s) announced via the MGASA-2013-0193 advisory. Vulnerability Insight: The implementation of XML digital signatures in the Santuario-C++ library is vulnerable to a spoofing issue allowing an attacker to reuse existing signatures with arbitrary content (CVE-2013-2153). A stack overflow, possibly leading to arbitrary code execution, exists in the processing of malformed XPointer expressions in the XML Signature Reference processing code (CVE-2013-2154). A bug in the processing of the output length of an HMAC-based XML Signature would cause a denial of service when processing specially chosen input (CVE-2013-2155). A heap overflow exists in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitrary code execution (CVE-2013-2156). The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code (CVE-2013-2210). Affected Software/OS: 'xml-security-c' package(s) on Mageia 2, Mageia 3. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2153 Debian Security Information: DSA-2710 (Google Search) http://www.debian.org/security/2013/dsa-2710 http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0140.html http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGReference.cpp?r1=1125514&r2=1493959&pathrev=1493959&diff_format=h https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2013-2154 http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0141.html Common Vulnerability Exposure (CVE) ID: CVE-2013-2155 http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0142.html http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp?r1=1125752&r2=1493960&pathrev=1493960&diff_format=h Common Vulnerability Exposure (CVE) ID: CVE-2013-2156 http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0143.html http://svn.apache.org/viewvc?view=revision&revision=1493961 Common Vulnerability Exposure (CVE) ID: CVE-2013-2210 20130626 CVE-2013-2210 http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0216.html DSA-2717 http://www.debian.org/security/2013/dsa-2717 [santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E [santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E http://santuario.apache.org/secadv.data/CVE-2013-2210.txt https://www.tenable.com/security/tns-2018-15
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.