ID de Prueba:	1.3.6.1.4.1.25623.1.0.70489
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2011:1749
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2011:1749. The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) Multiple flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, and CVE-2011-2834 flaws to be exploited however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-1749.html Risk factor : Low
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4008 http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html BugTraq ID: 44779 http://www.securityfocus.com/bid/44779 Debian Security Information: DSA-2128 (Google Search) http://www.debian.org/security/2010/dsa-2128 HPdes Security Advisory: HPSBGN02970 http://marc.info/?l=bugtraq&m=139447903326211&w=2 HPdes Security Advisory: HPSBMA02662 http://marc.info/?l=bugtraq&m=130331363227777&w=2 HPdes Security Advisory: SSRT100409 http://www.mandriva.com/security/advisories?name=MDVSA-2010:243 http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/ http://mail.gnome.org/archives/xml/2010-November/msg00015.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148 http://www.redhat.com/support/errata/RHSA-2011-1749.html RedHat Security Advisories: RHSA-2013:0217 http://rhn.redhat.com/errata/RHSA-2013-0217.html http://secunia.com/advisories/40775 http://secunia.com/advisories/42109 http://secunia.com/advisories/42175 http://secunia.com/advisories/42314 http://secunia.com/advisories/42429 SuSE Security Announcement: SUSE-SR:2010:023 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html http://www.ubuntu.com/usn/USN-1016-1 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.com/english/advisories/2010/3076 http://www.vupen.com/english/advisories/2010/3100 http://www.vupen.com/english/advisories/2011/0230 Common Vulnerability Exposure (CVE) ID: CVE-2010-4494 http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html Debian Security Information: DSA-2137 (Google Search) http://www.debian.org/security/2010/dsa-2137 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055775.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:260 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11916 http://secunia.com/advisories/42472 http://secunia.com/advisories/42721 http://secunia.com/advisories/42762 SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://www.vupen.com/english/advisories/2010/3319 http://www.vupen.com/english/advisories/2010/3336 Common Vulnerability Exposure (CVE) ID: CVE-2011-0216 http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html Debian Security Information: DSA-2394 (Google Search) http://www.debian.org/security/2012/dsa-2394 http://www.mandriva.com/security/advisories?name=MDVSA-2011:188 Common Vulnerability Exposure (CVE) ID: CVE-2011-1944 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html BugTraq ID: 48056 http://www.securityfocus.com/bid/48056 Debian Security Information: DSA-2255 (Google Search) http://www.debian.org/security/2011/dsa-2255 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.html HPdes Security Advisory: HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 HPdes Security Advisory: SSRT100877 http://www.mandriva.com/security/advisories?name=MDVSA-2011:131 http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html http://www.openwall.com/lists/oss-security/2011/05/31/8 http://www.osvdb.org/73248 http://secunia.com/advisories/44711 SuSE Security Announcement: openSUSE-SU-2011:0839 (Google Search) http://lists.opensuse.org/opensuse-updates/2011-07/msg00035.html http://ubuntu.com/usn/usn-1153-1 Common Vulnerability Exposure (CVE) ID: CVE-2011-2821 http://www.mandriva.com/security/advisories?name=MDVSA-2011:145 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13840 Common Vulnerability Exposure (CVE) ID: CVE-2011-2834 http://osvdb.org/75560 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14410 XForce ISS Database: chrome-libxml-code-execution(69885) https://exchange.xforce.ibmcloud.com/vulnerabilities/69885
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.