Test Kennung:	1.3.6.1.4.1.25623.1.0.61803
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: libxml2
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: libxml2 CVE-2008-3281 libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. CVE-2008-3529 Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long XML entity name. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3281 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html BugTraq ID: 30783 http://www.securityfocus.com/bid/30783 Bugtraq: 20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff (Google Search) http://www.securityfocus.com/archive/1/497962/100/0/threaded Debian Security Information: DSA-1631 (Google Search) http://www.debian.org/security/2008/dsa-1631 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00347.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00261.html http://security.gentoo.org/glsa/glsa-200812-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:180 http://www.mandriva.com/security/advisories?name=MDVSA-2008:192 http://www.vmware.com/security/advisories/VMSA-2008-0017.html http://lists.vmware.com/pipermail/security-announce/2008/000039.html http://mail.gnome.org/archives/xml/2008-August/msg00034.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6496 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9812 RedHat Security Advisories: RHSA-2008:0836 https://rhn.redhat.com/errata/RHSA-2008-0836.html http://www.securitytracker.com/id?1020728 http://secunia.com/advisories/31558 http://secunia.com/advisories/31566 http://secunia.com/advisories/31590 http://secunia.com/advisories/31728 http://secunia.com/advisories/31748 http://secunia.com/advisories/31855 http://secunia.com/advisories/31982 http://secunia.com/advisories/32488 http://secunia.com/advisories/32807 http://secunia.com/advisories/32974 http://secunia.com/advisories/35379 SuSE Security Announcement: SUSE-SR:2008:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://www.ubuntu.com/usn/usn-640-1 https://usn.ubuntu.com/644-1/ http://www.vupen.com/english/advisories/2008/2419 http://www.vupen.com/english/advisories/2008/2843 http://www.vupen.com/english/advisories/2008/2971 http://www.vupen.com/english/advisories/2009/1522 http://www.vupen.com/english/advisories/2009/1621 Common Vulnerability Exposure (CVE) ID: CVE-2008-3529 http://lists.apple.com/archives/security-announce/2009/May/msg00000.html BugTraq ID: 31126 http://www.securityfocus.com/bid/31126 Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1654 (Google Search) http://www.debian.org/security/2008/dsa-1654 https://www.exploit-db.com/exploits/8798 http://xmlsoft.org/news.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103 http://www.redhat.com/support/errata/RHSA-2008-0884.html http://www.redhat.com/support/errata/RHSA-2008-0886.html http://securitytracker.com/id?1020855 http://secunia.com/advisories/31860 http://secunia.com/advisories/31868 http://secunia.com/advisories/32265 http://secunia.com/advisories/32280 http://secunia.com/advisories/33715 http://secunia.com/advisories/33722 http://secunia.com/advisories/35056 http://secunia.com/advisories/35074 http://secunia.com/advisories/36173 http://secunia.com/advisories/36235 http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1 http://www.ubuntu.com/usn/USN-815-1 http://www.vupen.com/english/advisories/2008/2822 http://www.vupen.com/english/advisories/2009/1297 http://www.vupen.com/english/advisories/2009/1298 XForce ISS Database: libxml2-entitynames-bo(45085) https://exchange.xforce.ibmcloud.com/vulnerabilities/45085
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.