_______________________________________________________________________
Package : xmlsec1
Date : December 5, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Multiple security vulnerabilities has been identified and fixed
in xmlsec1:
A missing check for the recommended minimum length of the truncated
form of HMAC-based XML signatures was found in xmlsec1 prior to
1.2.12. An attacker could use this flaw to create a specially-crafted
XML file that forges an XML signature, allowing the attacker to
bypass authentication that is based on the XML Signature specification
(CVE-2009-0217).
All versions of libtool prior to 2.2.6b suffers from a local
privilege escalation vulnerability that could be exploited under
certain conditions to load arbitrary code (CVE-2009-3736).
Packages for 2008.0 are being provided due to extended support for
Corporate products.
This update fixes this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0217
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3736
http://www.kb.cert.org/vuls/id/466161
_______________________________________________________________________
[ MDVSA-2009:318 ] xmlsec1
Ensimmäinen lukematon viesti • 1 viesti
• Sivu 1/1
[ MDVSA-2009:318 ] xmlsec1
Kirjoittaja dude67 » 06 Joulu 2009, 01:45
1. Mageia-1 KDE4 x86_64 (& Win7 Pro) | desktop
2. Mageia-2 KDE4 (& Win7 Home Premium) | laptop Acer 7530
3. Mageia-1 KDE4 (& Win7 Starter) | Samsung NC-10 miniläppäri
4. Mageia-1 KDE4 | serverinä toimiva desktop
Luotettavaa Linux käyttöä jo Mandriva 2006.0:sta lähtien
-
dude67 - Site Admin
- Viestit: 2256
- Liittynyt: 27 Syys 2007, 16:58
- Paikkakunta: Espoo
1 viesti
• Sivu 1/1
Paluu Mandrivan turvallisuustiedotteet
Paikallaolijat
Käyttäjiä lukemassa tätä aluetta: Ei rekisteröityneitä käyttäjiä ja 61 vierailijaa