Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.702941 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian Security Advisory DSA 2941-1 (lxml - security update) |
Zusammenfassung: | It was discovered that clean_html() function of lxml (pythonic bindings;for the libxml2 and libxslt libraries) performed insufficient;sanitisation for some non-printable characters. This could lead to;cross-site scripting. |
Beschreibung: | Summary: It was discovered that clean_html() function of lxml (pythonic bindings for the libxml2 and libxslt libraries) performed insufficient sanitisation for some non-printable characters. This could lead to cross-site scripting. Affected Software/OS: lxml on Debian Linux Solution: For the stable distribution (wheezy), this problem has been fixed in version 2.3.2-1+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 3.3.5-1. For the unstable distribution (sid), this problem has been fixed in version 3.3.5-1. We recommend that you upgrade your lxml packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3146 BugTraq ID: 67159 http://www.securityfocus.com/bid/67159 Debian Security Information: DSA-2941 (Google Search) http://www.debian.org/security/2014/dsa-2941 http://seclists.org/fulldisclosure/2014/Apr/210 http://seclists.org/fulldisclosure/2014/Apr/319 http://www.mandriva.com/security/advisories?name=MDVSA-2015:112 https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html http://www.openwall.com/lists/oss-security/2014/05/09/7 http://secunia.com/advisories/58013 http://secunia.com/advisories/58744 http://secunia.com/advisories/59008 SuSE Security Announcement: openSUSE-SU-2014:0735 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html http://www.ubuntu.com/usn/USN-2217-1 |
Copyright | Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |