Debian Local Security Checks : Debian Security Advisory DSA 2941-1 (lxml

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.702941

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 2941-1 (lxml - security update)

Zusammenfassung: It was discovered that clean_html() function of lxml (pythonic bindings;for the libxml2 and libxslt libraries) performed insufficient;sanitisation for some non-printable characters. This could lead to;cross-site scripting.

Beschreibung: Summary:
It was discovered that clean_html() function of lxml (pythonic bindings
for the libxml2 and libxslt libraries) performed insufficient
sanitisation for some non-printable characters. This could lead to
cross-site scripting.

Affected Software/OS:
lxml on Debian Linux

Solution:
For the stable distribution (wheezy), this problem has been fixed in
version 2.3.2-1+deb7u1.

For the testing distribution (jessie), this problem has been fixed in
version 3.3.5-1.

For the unstable distribution (sid), this problem has been fixed in
version 3.3.5-1.

We recommend that you upgrade your lxml packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-3146
BugTraq ID: 67159
http://www.securityfocus.com/bid/67159
Debian Security Information: DSA-2941 (Google Search)
http://www.debian.org/security/2014/dsa-2941
http://seclists.org/fulldisclosure/2014/Apr/210
http://seclists.org/fulldisclosure/2014/Apr/319
http://www.mandriva.com/security/advisories?name=MDVSA-2015:112
https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html
http://www.openwall.com/lists/oss-security/2014/05/09/7
http://secunia.com/advisories/58013
http://secunia.com/advisories/58744
http://secunia.com/advisories/59008
SuSE Security Announcement: openSUSE-SU-2014:0735 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html
http://www.ubuntu.com/usn/USN-2217-1

Copyright Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.702941
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 2941-1 (lxml - security update)
Zusammenfassung:	It was discovered that clean_html() function of lxml (pythonic bindings;for the libxml2 and libxslt libraries) performed insufficient;sanitisation for some non-printable characters. This could lead to;cross-site scripting.
Beschreibung:	Summary: It was discovered that clean_html() function of lxml (pythonic bindings for the libxml2 and libxslt libraries) performed insufficient sanitisation for some non-printable characters. This could lead to cross-site scripting. Affected Software/OS: lxml on Debian Linux Solution: For the stable distribution (wheezy), this problem has been fixed in version 2.3.2-1+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 3.3.5-1. For the unstable distribution (sid), this problem has been fixed in version 3.3.5-1. We recommend that you upgrade your lxml packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3146 BugTraq ID: 67159 http://www.securityfocus.com/bid/67159 Debian Security Information: DSA-2941 (Google Search) http://www.debian.org/security/2014/dsa-2941 http://seclists.org/fulldisclosure/2014/Apr/210 http://seclists.org/fulldisclosure/2014/Apr/319 http://www.mandriva.com/security/advisories?name=MDVSA-2015:112 https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html http://www.openwall.com/lists/oss-security/2014/05/09/7 http://secunia.com/advisories/58013 http://secunia.com/advisories/58744 http://secunia.com/advisories/59008 SuSE Security Announcement: openSUSE-SU-2014:0735 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html http://www.ubuntu.com/usn/USN-2217-1
Copyright	Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net