Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2013.1654.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2013:1654-1)
Summary:The remote host is missing an update for the 'libxslt' package(s) announced via the SUSE-SU-2013:1654-1 advisory.
Description:Summary:
The remote host is missing an update for the 'libxslt' package(s) announced via the SUSE-SU-2013:1654-1 advisory.

Vulnerability Insight:
libxslt receives hereby a LTSS roll-up security update to fix several security issues:

*

CVE-2013-4520: The XSL implementation in libxslt allowed remote attackers to cause a denial of service
(crash) via an invalid DTD. (addendum due to incomplete fix for CVE-2012-2825)

*

CVE-2012-6139: libxslt allowed remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.

*

CVE-2012-2825: The XSL implementation in libxslt allowed remote attackers to cause a denial of service
(incorrect read operation) via unspecified vectors.

*

CVE-2011-3970: libxslt allowed remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Security Issue references:

* CVE-2012-6139
>
* CVE-2012-2825
>
* CVE-2011-3970
>

Affected Software/OS:
'libxslt' package(s) on SUSE Linux Enterprise Server 10 SP3

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-3970
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14818
SuSE Security Announcement: SUSE-SU-2013:1654 (Google Search)
https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html
SuSE Security Announcement: SUSE-SU-2013:1656 (Google Search)
https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-2825
http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
http://secunia.com/advisories/54886
SuSE Security Announcement: openSUSE-SU-2012:0813 (Google Search)
https://hermes.opensuse.org/messages/15075728
Common Vulnerability Exposure (CVE) ID: CVE-2012-6139
Debian Security Information: DSA-2654 (Google Search)
http://www.debian.org/security/2013/dsa-2654
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:141
http://www.securitytracker.com/id/1028338
http://secunia.com/advisories/52745
http://secunia.com/advisories/52805
http://secunia.com/advisories/52813
http://secunia.com/advisories/52884
SuSE Security Announcement: openSUSE-SU-2013:0585 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html
SuSE Security Announcement: openSUSE-SU-2013:0593 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html
http://www.ubuntu.com/usn/USN-1784-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-4520
https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa
http://seclists.org/oss-sec/2013/q4/238
http://seclists.org/oss-sec/2013/q4/239
http://www.osvdb.org/99671
http://secunia.com/advisories/56072
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.