Login
Newsletter
Werbung

Sicherheit: Überschreiben von Dateien in xmlsec1
Aktuelle Meldungen Distributionen
Name: Überschreiben von Dateien in xmlsec1
ID: RHSA-2011:0486-01
Distribution: Red Hat
Plattformen: Red Hat Enterprise Linux
Datum: Do, 5. Mai 2011, 08:44
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1425
Applikationen: xmlsec1

Originalnachricht

--===============0830955535230014480==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: xmlsec1 security and bug fix update
Advisory ID: RHSA-2011:0486-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0486.html
Issue date: 2011-05-04
CVE Names: CVE-2011-1425
=====================================================================

1. Summary:

Updated xmlsec1 packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

The XML Security Library is a C library based on libxml2 and OpenSSL that
implements the XML Digital Signature and XML Encryption standards.

A flaw was found in the way xmlsec1 handled XML files that contain an XSLT
transformation specification. A specially-crafted XML file could cause
xmlsec1 to create or overwrite an arbitrary file while performing the
verification of a file's digital signature. (CVE-2011-1425)

Red Hat would like to thank Nicolas Gr
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung