CentOS Local Security Checks : CentOS Update for libxml2 CESA-2013:0581 centos5

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.881617

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for libxml2 CESA-2013:0581 centos5

Zusammenfassung: The remote host is missing an update for the 'libxml2'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'libxml2'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The libxml2 library is a development toolbox providing the implementation
of various XML standards.

A denial of service flaw was found in the way libxml2 performed string
substitutions when entity values for entity references replacement was
enabled. A remote attacker could provide a specially-crafted XML file that,
when processed by an application linked against libxml2, would lead to
excessive CPU consumption. (CVE-2013-0338)

All users of libxml2 are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. The desktop must
be restarted (log out, then log back in) for this update to take effect.

Affected Software/OS:
libxml2 on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-0338
52662
http://secunia.com/advisories/52662
55568
http://secunia.com/advisories/55568
DSA-2652
http://www.debian.org/security/2013/dsa-2652
HPSBGN03302
http://marc.info/?l=bugtraq&m=142798889927587&w=2
MDVSA-2013:056
http://www.mandriva.com/security/advisories?name=MDVSA-2013:056
SSRT101996
SUSE-SU-2013:1627
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
USN-1782-1
http://www.ubuntu.com/usn/USN-1782-1
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
https://bugzilla.redhat.com/show_bug.cgi?id=912400
https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
openSUSE-SU-2013:0552
http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html
openSUSE-SU-2013:0555
http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html

Copyright Copyright (C) 2013 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.881617
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for libxml2 CESA-2013:0581 centos5
Zusammenfassung:	The remote host is missing an update for the 'libxml2'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libxml2' package(s) announced via the referenced advisory. Vulnerability Insight: The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption. (CVE-2013-0338) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. Affected Software/OS: libxml2 on CentOS 5 Solution: Please install the updated packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0338 52662 http://secunia.com/advisories/52662 55568 http://secunia.com/advisories/55568 DSA-2652 http://www.debian.org/security/2013/dsa-2652 HPSBGN03302 http://marc.info/?l=bugtraq&m=142798889927587&w=2 MDVSA-2013:056 http://www.mandriva.com/security/advisories?name=MDVSA-2013:056 SSRT101996 SUSE-SU-2013:1627 http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html USN-1782-1 http://www.ubuntu.com/usn/USN-1782-1 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html https://bugzilla.redhat.com/show_bug.cgi?id=912400 https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab openSUSE-SU-2013:0552 http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html openSUSE-SU-2013:0555 http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html
Copyright	Copyright (C) 2013 Greenbone AG