Fedora 10 2008-10000

critical Nessus Plugin ID 37490

Synopsis

The remote host is missing the patch for the advisory FEDORA-2008-10000.

Description

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations.
In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library.

Update Information:

Fixes a couple of security issues when overflowing text data size of buffer size.

Solution

Update the affected package(s) using, for example, 'yum update'.

Plugin Details

Severity: Critical

ID: 37490

File Name: fedora_2008-10000.nasl

Version: Revision: 1.7

Type: local

Agent: unix

Published: 4/23/2009

Updated: 10/1/2012

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Host/RedHat/rpm-list

Reference Information

CVE: CVE-2007-1320, CVE-2008-4225, CVE-2008-4226, CVE-2008-4539, CVE-2008-4989, CVE-2008-5148

CWE: 59