Mandrake Local Security Checks : Mandriva Update for xmlsec1 MDVSA-2011:063 (xmlsec1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.831362

Category: Mandrake Local Security Checks

Title: Mandriva Update for xmlsec1 MDVSA-2011:063 (xmlsec1)

Summary: The remote host is missing an update for the 'xmlsec1'; package(s) announced via the referenced advisory.

Description: Summary:
The remote host is missing an update for the 'xmlsec1'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A vulnerability was discovered and corrected in xmlsec1:

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as
used in WebKit and other products, when XSLT is enabled, allows
remote attackers to create or overwrite arbitrary files via vectors
involving the libxslt output extension and a ds:Transform element
during signature verification (CVE-2011-1425).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. The updated packages have been patched to correct this issue.

Affected Software/OS:
xmlsec1 on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
5.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1425
BugTraq ID: 47135
http://www.securityfocus.com/bid/47135
Debian Security Information: DSA-2219 (Google Search)
http://www.debian.org/security/2011/dsa-2219
http://www.mandriva.com/security/advisories?name=MDVSA-2011:063
http://www.aleksey.com/pipermail/xmlsec/2011/009120.html
http://www.redhat.com/support/errata/RHSA-2011-0486.html
http://www.securitytracker.com/id?1025284
http://secunia.com/advisories/43920
http://secunia.com/advisories/44167
http://secunia.com/advisories/44423
http://www.vupen.com/english/advisories/2011/0855
http://www.vupen.com/english/advisories/2011/0858
http://www.vupen.com/english/advisories/2011/1010
http://www.vupen.com/english/advisories/2011/1172
XForce ISS Database: xmlsecurity-xmlfiles-sec-bypass(66506)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66506

Copyright Copyright (C) 2011 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.831362
Category:	Mandrake Local Security Checks
Title:	Mandriva Update for xmlsec1 MDVSA-2011:063 (xmlsec1)
Summary:	The remote host is missing an update for the 'xmlsec1'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'xmlsec1' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability was discovered and corrected in xmlsec1: xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification (CVE-2011-1425). Packages for 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct this issue. Affected Software/OS: xmlsec1 on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1425 BugTraq ID: 47135 http://www.securityfocus.com/bid/47135 Debian Security Information: DSA-2219 (Google Search) http://www.debian.org/security/2011/dsa-2219 http://www.mandriva.com/security/advisories?name=MDVSA-2011:063 http://www.aleksey.com/pipermail/xmlsec/2011/009120.html http://www.redhat.com/support/errata/RHSA-2011-0486.html http://www.securitytracker.com/id?1025284 http://secunia.com/advisories/43920 http://secunia.com/advisories/44167 http://secunia.com/advisories/44423 http://www.vupen.com/english/advisories/2011/0855 http://www.vupen.com/english/advisories/2011/0858 http://www.vupen.com/english/advisories/2011/1010 http://www.vupen.com/english/advisories/2011/1172 XForce ISS Database: xmlsecurity-xmlfiles-sec-bypass(66506) https://exchange.xforce.ibmcloud.com/vulnerabilities/66506
Copyright	Copyright (C) 2011 Greenbone AG