Mandrake Local Security Checks : Mandriva Update for libxml2 MDVSA-2012:176 (libxml2)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.831753

Categoría: Mandrake Local Security Checks

Título: Mandriva Update for libxml2 MDVSA-2012:176 (libxml2)

Resumen: The remote host is missing an update for the 'libxml2'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'libxml2'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability was found and corrected in libxml2:

A heap-buffer overflow was found in the way libxml2 decoded certain
XML entities. A remote attacker could provide a specially-crafted
XML file, which once opened in an application linked against libxml
would cause that application to crash, or, potentially, execute
arbitrary code with the privileges of the user running the application
(CVE-2012-5134).

The updated packages have been patched to correct this issue.

Affected Software/OS:
libxml2 on Mandriva Linux 2011.0,
Mandriva Enterprise Server 5.2

Solution:
Please Install the Updated Packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-5134
http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
BugTraq ID: 56684
http://www.securityfocus.com/bid/56684
Debian Security Information: DSA-2580 (Google Search)
http://www.debian.org/security/2012/dsa-2580
http://www.mandriva.com/security/advisories?name=MDVSA-2013:056
RedHat Security Advisories: RHSA-2012:1512
http://rhn.redhat.com/errata/RHSA-2012-1512.html
RedHat Security Advisories: RHSA-2013:0217
http://rhn.redhat.com/errata/RHSA-2013-0217.html
http://www.securitytracker.com/id?1027815
http://secunia.com/advisories/51448
http://secunia.com/advisories/54886
http://secunia.com/advisories/55568
SuSE Security Announcement: SUSE-SU-2013:1627 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
SuSE Security Announcement: openSUSE-SU-2012:1637 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html
SuSE Security Announcement: openSUSE-SU-2013:0178 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00023.html
http://www.ubuntu.com/usn/USN-1656-1
XForce ISS Database: google-libxml-buffer-underflow(80294)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80294

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831753
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for libxml2 MDVSA-2012:176 (libxml2)
Resumen:	The remote host is missing an update for the 'libxml2'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'libxml2' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability was found and corrected in libxml2: A heap-buffer overflow was found in the way libxml2 decoded certain XML entities. A remote attacker could provide a specially-crafted XML file, which once opened in an application linked against libxml would cause that application to crash, or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2012-5134). The updated packages have been patched to correct this issue. Affected Software/OS: libxml2 on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5134 http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html BugTraq ID: 56684 http://www.securityfocus.com/bid/56684 Debian Security Information: DSA-2580 (Google Search) http://www.debian.org/security/2012/dsa-2580 http://www.mandriva.com/security/advisories?name=MDVSA-2013:056 RedHat Security Advisories: RHSA-2012:1512 http://rhn.redhat.com/errata/RHSA-2012-1512.html RedHat Security Advisories: RHSA-2013:0217 http://rhn.redhat.com/errata/RHSA-2013-0217.html http://www.securitytracker.com/id?1027815 http://secunia.com/advisories/51448 http://secunia.com/advisories/54886 http://secunia.com/advisories/55568 SuSE Security Announcement: SUSE-SU-2013:1627 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html SuSE Security Announcement: openSUSE-SU-2012:1637 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html SuSE Security Announcement: openSUSE-SU-2013:0178 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00023.html http://www.ubuntu.com/usn/USN-1656-1 XForce ISS Database: google-libxml-buffer-underflow(80294) https://exchange.xforce.ibmcloud.com/vulnerabilities/80294
Copyright	Copyright (C) 2012 Greenbone AG