ID de Prueba:	1.3.6.1.4.1.25623.1.0.69826
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:108 (xerces-j2)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to xerces-j2 announced via advisory MDVSA-2011:108. A vulnerability was discovered and corrected in xerces-j2: Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2625). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2010.1, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:108 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2625 http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html BugTraq ID: 35958 http://www.securityfocus.com/bid/35958 Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) http://www.securityfocus.com/archive/1/507985/100/0/threaded Cert/CC Advisory: TA09-294A http://www.us-cert.gov/cas/techalerts/TA09-294A.html Cert/CC Advisory: TA10-012A http://www.us-cert.gov/cas/techalerts/TA10-012A.html Debian Security Information: DSA-1984 (Google Search) http://www.debian.org/security/2010/dsa-1984 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html HPdes Security Advisory: HPSBUX02476 http://marc.info/?l=bugtraq&m=125787273209737&w=2 HPdes Security Advisory: SSRT090250 http://www.mandriva.com/security/advisories?name=MDVSA-2009:209 http://www.mandriva.com/security/advisories?name=MDVSA-2011:108 http://www.cert.fi/en/reports/2009/vulnerability2009085.html http://www.codenomicon.com/labs/xml/ http://www.networkworld.com/columnists/2009/080509-xml-flaw.html https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55@%3Csolr-user.lucene.apache.org%3E http://www.openwall.com/lists/oss-security/2009/09/06/1 http://www.openwall.com/lists/oss-security/2009/10/22/9 http://www.openwall.com/lists/oss-security/2009/10/23/6 http://www.openwall.com/lists/oss-security/2009/10/26/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356 RedHat Security Advisories: RHSA-2009:1199 https://rhn.redhat.com/errata/RHSA-2009-1199.html RedHat Security Advisories: RHSA-2009:1200 https://rhn.redhat.com/errata/RHSA-2009-1200.html RedHat Security Advisories: RHSA-2009:1201 https://rhn.redhat.com/errata/RHSA-2009-1201.html http://www.redhat.com/support/errata/RHSA-2009-1615.html RedHat Security Advisories: RHSA-2009:1636 https://rhn.redhat.com/errata/RHSA-2009-1636.html RedHat Security Advisories: RHSA-2009:1637 https://rhn.redhat.com/errata/RHSA-2009-1637.html RedHat Security Advisories: RHSA-2009:1649 https://rhn.redhat.com/errata/RHSA-2009-1649.html RedHat Security Advisories: RHSA-2009:1650 https://rhn.redhat.com/errata/RHSA-2009-1650.html http://www.redhat.com/support/errata/RHSA-2011-0858.html RedHat Security Advisories: RHSA-2012:1232 http://rhn.redhat.com/errata/RHSA-2012-1232.html RedHat Security Advisories: RHSA-2012:1537 http://rhn.redhat.com/errata/RHSA-2012-1537.html http://www.securitytracker.com/id?1022680 http://secunia.com/advisories/36162 http://secunia.com/advisories/36176 http://secunia.com/advisories/36180 http://secunia.com/advisories/36199 http://secunia.com/advisories/37300 http://secunia.com/advisories/37460 http://secunia.com/advisories/37671 http://secunia.com/advisories/37754 http://secunia.com/advisories/38231 http://secunia.com/advisories/38342 http://secunia.com/advisories/43300 http://secunia.com/advisories/50549 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1 SuSE Security Announcement: SUSE-SA:2009:053 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html SuSE Security Announcement: SUSE-SR:2009:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html SuSE Security Announcement: SUSE-SR:2009:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://www.ubuntu.com/usn/USN-890-1 http://www.vupen.com/english/advisories/2009/2543 http://www.vupen.com/english/advisories/2009/3316 http://www.vupen.com/english/advisories/2011/0359
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.