Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2011-0486

Опубликовано: 04 мая 2011
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2011-0486: xmlsec1 security and bug fix update (MODERATE)

[1.2.9-8.1.2]

  • disable xslt i/o support in library, tools and examples, CVE-2011-1425
  • Resolves: rhbz#694124
  • limit the paths used for searching the security library loaded dynamically

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

xmlsec1

1.2.9-8.1.2

xmlsec1-devel

1.2.9-8.1.2

xmlsec1-gnutls

1.2.9-8.1.2

xmlsec1-gnutls-devel

1.2.9-8.1.2

xmlsec1-nss

1.2.9-8.1.2

xmlsec1-nss-devel

1.2.9-8.1.2

xmlsec1-openssl

1.2.9-8.1.2

xmlsec1-openssl-devel

1.2.9-8.1.2

Oracle Linux x86_64

xmlsec1

1.2.9-8.1.2

xmlsec1-devel

1.2.9-8.1.2

xmlsec1-gnutls

1.2.9-8.1.2

xmlsec1-gnutls-devel

1.2.9-8.1.2

xmlsec1-nss

1.2.9-8.1.2

xmlsec1-nss-devel

1.2.9-8.1.2

xmlsec1-openssl

1.2.9-8.1.2

xmlsec1-openssl-devel

1.2.9-8.1.2

Oracle Linux i386

xmlsec1

1.2.9-8.1.2

xmlsec1-devel

1.2.9-8.1.2

xmlsec1-gnutls

1.2.9-8.1.2

xmlsec1-gnutls-devel

1.2.9-8.1.2

xmlsec1-nss

1.2.9-8.1.2

xmlsec1-nss-devel

1.2.9-8.1.2

xmlsec1-openssl

1.2.9-8.1.2

xmlsec1-openssl-devel

1.2.9-8.1.2

Связанные CVE

CVE-2011-1425

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2011-1425

ubuntu
около 14 лет назад

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

redhat логотип

CVE-2011-1425

redhat
около 14 лет назад

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

nvd логотип

CVE-2011-1425

nvd
около 14 лет назад

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

debian логотип

CVE-2011-1425

debian
около 14 лет назад

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in ...

github логотип

GHSA-63qq-pm7h-vc34

github
около 3 лет назад

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.