English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.841503
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu Update for libxml2 USN-1904-2
Zusammenfassung:The remote host is missing an update for the 'libxml2'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'libxml2'
package(s) announced via the referenced advisory.

Vulnerability Insight:
USN-1904-1 fixed vulnerabilities in libxml2. The update caused a regression
for certain users. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that libxml2 would load XML external entities by default.
If a user or automated system were tricked into opening a specially crafted
document, an attacker could possibly obtain access to arbitrary files or
cause resource consumption. This issue only affected Ubuntu 10.04 LTS,
Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2013-0339)

It was discovered that libxml2 incorrectly handled documents that end
abruptly. If a user or automated system were tricked into opening a
specially crafted document, an attacker could possibly cause libxml2 to
crash, resulting in a denial of service. (CVE-2013-2877)

Affected Software/OS:
libxml2 on Ubuntu 13.04,
Ubuntu 12.10,
Ubuntu 12.04 LTS,
Ubuntu 10.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-0339
Debian Security Information: DSA-2652 (Google Search)
http://www.debian.org/security/2013/dsa-2652
https://bugzilla.redhat.com/show_bug.cgi?id=915149
https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f
http://openwall.com/lists/oss-security/2013/02/21/24
http://openwall.com/lists/oss-security/2013/02/22/3
http://www.openwall.com/lists/oss-security/2013/04/12/6
http://seclists.org/oss-sec/2013/q4/182
http://seclists.org/oss-sec/2013/q4/184
http://seclists.org/oss-sec/2013/q4/188
http://secunia.com/advisories/52662
http://secunia.com/advisories/54172
http://secunia.com/advisories/55568
SuSE Security Announcement: SUSE-SU-2013:1627 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
http://www.ubuntu.com/usn/USN-1904-1
http://www.ubuntu.com/usn/USN-1904-2
Common Vulnerability Exposure (CVE) ID: CVE-2013-2877
BugTraq ID: 61050
http://www.securityfocus.com/bid/61050
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Debian Security Information: DSA-2724 (Google Search)
http://www.debian.org/security/2013/dsa-2724
Debian Security Information: DSA-2779 (Google Search)
http://www.debian.org/security/2013/dsa-2779
http://seclists.org/fulldisclosure/2014/Dec/23
SuSE Security Announcement: openSUSE-SU-2013:1221 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-07/msg00063.html
SuSE Security Announcement: openSUSE-SU-2013:1246 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-07/msg00077.html
CopyrightCopyright (c) 2013 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.