Detections
Analytics
Mandriva Linux Security Advisory : xmlsec1 (MDVSA-2011:063)
medium Nessus Plugin ID 53289
Language:
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
A vulnerability was discovered and corrected in xmlsec1 :xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification (CVE-2011-1425).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490
The updated packages have been patched to correct this issue.
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 53289
File Name: mandriva_MDVSA-2011-063.nasl
Version: 1.8
Type: local
Family: Mandriva Local Security Checks
Published: 4/5/2011
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5.1
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:libxmlsec1-gnutls1, p-cpe:/a:mandriva:linux:lib64xmlsec1-gnutls-devel, p-cpe:/a:mandriva:linux:libxmlsec1-openssl1, p-cpe:/a:mandriva:linux:libxmlsec1-openssl-devel, p-cpe:/a:mandriva:linux:lib64xmlsec1-openssl-devel, p-cpe:/a:mandriva:linux:lib64xmlsec1-openssl1, p-cpe:/a:mandriva:linux:lib64xmlsec1-nss1, cpe:/o:mandriva:linux:2010.0, p-cpe:/a:mandriva:linux:lib64xmlsec1-1, p-cpe:/a:mandriva:linux:lib64xmlsec1-gnutls1, p-cpe:/a:mandriva:linux:libxmlsec1-gnutls-devel, p-cpe:/a:mandriva:linux:libxmlsec1-nss-devel, p-cpe:/a:mandriva:linux:libxmlsec1-1, p-cpe:/a:mandriva:linux:lib64xmlsec1-nss-devel, p-cpe:/a:mandriva:linux:lib64xmlsec1-devel, p-cpe:/a:mandriva:linux:xmlsec1, p-cpe:/a:mandriva:linux:libxmlsec1-nss1, p-cpe:/a:mandriva:linux:libxmlsec1-devel, cpe:/o:mandriva:linux:2009.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 4/4/2011
Reference Information
CVE: CVE-2011-1425
MDVSA: 2011:063