ID

VAR-201104-0096

CVE

CVE-2011-1425

TITLE

WebKit Used in xslt.c Vulnerable to arbitrary file creation

DESCRIPTION

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification. Remote attackers can exploit this issue to read or write to arbitrary XML files. This may lead to further attacks. Versions prior to XML Security Library 1.2.17 are vulnerable. For the oldstable distribution (lenny), this problem has been fixed in version 1.2.9-5+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 1.2.14-1+squeeze1. For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in version 1.2.14-1.1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA43920 SOLUTION: Apply updated packages via the apt-get package manager. ---------------------------------------------------------------------- Secunia Research and vulnerability disclosures coordinated by Secunia: http://secunia.com/research/ ---------------------------------------------------------------------- TITLE: XML Security Library XSLT File Access Vulnerability SECUNIA ADVISORY ID: SA43920 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43920/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43920 RELEASE DATE: 2011-04-02 DISCUSS ADVISORY: http://secunia.com/advisories/43920/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43920/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43920 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the XML Security Library, which can be exploited by malicious people to compromise a vulnerable system. SOLUTION: Update to version 1.2.17. PROVIDED AND/OR DISCOVERED BY: The vendor credits Nicolas Gregoire. ORIGINAL ADVISORY: http://www.aleksey.com/pipermail/xmlsec/2011/009120.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple packages, Multiple vulnerabilities fixed in 2011 Date: December 11, 2014 Bugs: #194151, #294253, #294256, #334087, #344059, #346897, #350598, #352608, #354209, #355207, #356893, #358611, #358785, #358789, #360891, #361397, #362185, #366697, #366699, #369069, #370839, #372971, #376793, #381169, #386321, #386361 ID: 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information. Background ========== For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-sports/racer-bin >= 0.5.0-r1 Vulnerable! 2 media-libs/fmod < 4.38.00 >= 4.38.00 3 dev-php/PEAR-Mail < 1.2.0 >= 1.2.0 4 sys-fs/lvm2 < 2.02.72 >= 2.02.72 5 app-office/gnucash < 2.4.4 >= 2.4.4 6 media-libs/xine-lib < 1.1.19 >= 1.1.19 7 media-sound/lastfmplayer < 1.5.4.26862-r3 >= 1.5.4.26862-r3 8 net-libs/webkit-gtk < 1.2.7 >= 1.2.7 9 sys-apps/shadow < 4.1.4.3 >= 4.1.4.3 10 dev-php/PEAR-PEAR < 1.9.2-r1 >= 1.9.2-r1 11 dev-db/unixODBC < 2.3.0-r1 >= 2.3.0-r1 12 sys-cluster/resource-agents < 1.0.4-r1 >= 1.0.4-r1 13 net-misc/mrouted < 3.9.5 >= 3.9.5 14 net-misc/rsync < 3.0.8 >= 3.0.8 15 dev-libs/xmlsec < 1.2.17 >= 1.2.17 16 x11-apps/xrdb < 1.0.9 >= 1.0.9 17 net-misc/vino < 2.32.2 >= 2.32.2 18 dev-util/oprofile < 0.9.6-r1 >= 0.9.6-r1 19 app-admin/syslog-ng < 3.2.4 >= 3.2.4 20 net-analyzer/sflowtool < 3.20 >= 3.20 21 gnome-base/gdm < 3.8.4-r3 >= 3.8.4-r3 22 net-libs/libsoup < 2.34.3 >= 2.34.3 23 app-misc/ca-certificates < 20110502-r1 >= 20110502-r1 24 dev-vcs/gitolite < 1.5.9.1 >= 1.5.9.1 25 dev-util/qt-creator < 2.1.0 >= 2.1.0 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 25 affected packages Description =========== Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. * FMOD Studio * PEAR Mail * LVM2 * GnuCash * xine-lib * Last.fm Scrobbler * WebKitGTK+ * shadow tool suite * PEAR * unixODBC * Resource Agents * mrouted * rsync * XML Security Library * xrdb * Vino * OProfile * syslog-ng * sFlow Toolkit * GNOME Display Manager * libsoup * CA Certificates * Gitolite * QtCreator * Racer Impact ====== A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround ========== There are no known workarounds at this time. Resolution ========== All FMOD Studio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/fmod-4.38.00" All PEAR Mail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Mail-1.2.0" All LVM2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/lvm2-2.02.72" All GnuCash users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/gnucash-2.4.4" All xine-lib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.19" All Last.fm Scrobbler users should upgrade to the latest version: # emerge --sync # emerge -a --oneshot -v ">=media-sound/lastfmplayer-1.5.4.26862-r3" All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-1.2.7" All shadow tool suite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.4.3" All PEAR users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-PEAR-1.9.2-r1" All unixODBC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/unixODBC-2.3.0-r1" All Resource Agents users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=sys-cluster/resource-agents-1.0.4-r1" All mrouted users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/mrouted-3.9.5" All rsync users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.0.8" All XML Security Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/xmlsec-1.2.17" All xrdb users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xrdb-1.0.9" All Vino users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/vino-2.32.2" All OProfile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/oprofile-0.9.6-r1" All syslog-ng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.2.4" All sFlow Toolkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/sflowtool-3.20" All GNOME Display Manager users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=gnome-base/gdm-3.8.4-r3" All libsoup users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/libsoup-2.34.3" All CA Certificates users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-misc/ca-certificates-20110502-r1" All Gitolite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/gitolite-1.5.9.1" All QtCreator users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/qt-creator-2.1.0" Gentoo has discontinued support for Racer. We recommend that users unmerge Racer: # emerge --unmerge "games-sports/racer-bin" NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues. References ========== [ 1 ] CVE-2007-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370 [ 2 ] CVE-2009-4023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023 [ 3 ] CVE-2009-4111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111 [ 4 ] CVE-2010-0778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778 [ 5 ] CVE-2010-1780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780 [ 6 ] CVE-2010-1782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782 [ 7 ] CVE-2010-1783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783 [ 8 ] CVE-2010-1784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784 [ 9 ] CVE-2010-1785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785 [ 10 ] CVE-2010-1786 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786 [ 11 ] CVE-2010-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787 [ 12 ] CVE-2010-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788 [ 13 ] CVE-2010-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790 [ 14 ] CVE-2010-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791 [ 15 ] CVE-2010-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792 [ 16 ] CVE-2010-1793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793 [ 17 ] CVE-2010-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807 [ 18 ] CVE-2010-1812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812 [ 19 ] CVE-2010-1814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814 [ 20 ] CVE-2010-1815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815 [ 21 ] CVE-2010-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526 [ 22 ] CVE-2010-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901 [ 23 ] CVE-2010-3255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255 [ 24 ] CVE-2010-3257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257 [ 25 ] CVE-2010-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259 [ 26 ] CVE-2010-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362 [ 27 ] CVE-2010-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374 [ 28 ] CVE-2010-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389 [ 29 ] CVE-2010-3812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812 [ 30 ] CVE-2010-3813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813 [ 31 ] CVE-2010-3999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999 [ 32 ] CVE-2010-4042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042 [ 33 ] CVE-2010-4197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197 [ 34 ] CVE-2010-4198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198 [ 35 ] CVE-2010-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204 [ 36 ] CVE-2010-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206 [ 37 ] CVE-2010-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492 [ 38 ] CVE-2010-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493 [ 39 ] CVE-2010-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577 [ 40 ] CVE-2010-4578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578 [ 41 ] CVE-2011-0007 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007 [ 42 ] CVE-2011-0465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465 [ 43 ] CVE-2011-0482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482 [ 44 ] CVE-2011-0721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721 [ 45 ] CVE-2011-0727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727 [ 46 ] CVE-2011-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904 [ 47 ] CVE-2011-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905 [ 48 ] CVE-2011-1072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072 [ 49 ] CVE-2011-1097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097 [ 50 ] CVE-2011-1144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144 [ 51 ] CVE-2011-1425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425 [ 52 ] CVE-2011-1572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572 [ 53 ] CVE-2011-1760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760 [ 54 ] CVE-2011-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951 [ 55 ] CVE-2011-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471 [ 56 ] CVE-2011-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472 [ 57 ] CVE-2011-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473 [ 58 ] CVE-2011-2524 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524 [ 59 ] CVE-2011-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365 [ 60 ] CVE-2011-3366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366 [ 61 ] CVE-2011-3367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1425 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: ab2caef2b723f8a627f4682e9b9b295c 2009.0/i586/libxmlsec1-1-1.2.10-7.3mdv2009.0.i586.rpm a82fe9a2eb07213a40d5b062d0c5a230 2009.0/i586/libxmlsec1-devel-1.2.10-7.3mdv2009.0.i586.rpm 2cec5cb556b742bcc87d10a14ded022c 2009.0/i586/libxmlsec1-gnutls1-1.2.10-7.3mdv2009.0.i586.rpm 7169d872a13bb5da168cad113ca3c9cb 2009.0/i586/libxmlsec1-gnutls-devel-1.2.10-7.3mdv2009.0.i586.rpm d9c9fe192a991bb7937fce742acac213 2009.0/i586/libxmlsec1-nss1-1.2.10-7.3mdv2009.0.i586.rpm c412b1cf110d47b6c9848a2718394e83 2009.0/i586/libxmlsec1-nss-devel-1.2.10-7.3mdv2009.0.i586.rpm fb3fcd72027a0c4707d185c03d7e6ffe 2009.0/i586/libxmlsec1-openssl1-1.2.10-7.3mdv2009.0.i586.rpm ee2375b5ce6b80fb0a37f8a298df8ffc 2009.0/i586/libxmlsec1-openssl-devel-1.2.10-7.3mdv2009.0.i586.rpm 45ec8c67b589d6874c265c316f0ef715 2009.0/i586/xmlsec1-1.2.10-7.3mdv2009.0.i586.rpm 00a18a237c5aee09d3de790df4ee8d0b 2009.0/SRPMS/xmlsec1-1.2.10-7.3mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: ab200f5369469e19e89743b23a097764 2009.0/x86_64/lib64xmlsec1-1-1.2.10-7.3mdv2009.0.x86_64.rpm 15eb2c4424a6d91b68f5caef8db2fdff 2009.0/x86_64/lib64xmlsec1-devel-1.2.10-7.3mdv2009.0.x86_64.rpm ad73f2e06650f4b76b482a1bf7532eac 2009.0/x86_64/lib64xmlsec1-gnutls1-1.2.10-7.3mdv2009.0.x86_64.rpm 7c60997091a4214148c77d2d14c01a94 2009.0/x86_64/lib64xmlsec1-gnutls-devel-1.2.10-7.3mdv2009.0.x86_64.rpm 22ac198274c38732b3f0a65e5814ffc7 2009.0/x86_64/lib64xmlsec1-nss1-1.2.10-7.3mdv2009.0.x86_64.rpm ddb61026f298b57254192f25398498d6 2009.0/x86_64/lib64xmlsec1-nss-devel-1.2.10-7.3mdv2009.0.x86_64.rpm a965cb539117930426efb7b6dbf8553d 2009.0/x86_64/lib64xmlsec1-openssl1-1.2.10-7.3mdv2009.0.x86_64.rpm a2853268d49f512f660b0c85f32f3b98 2009.0/x86_64/lib64xmlsec1-openssl-devel-1.2.10-7.3mdv2009.0.x86_64.rpm cfcb56269c2b2e79ea2701839fa93090 2009.0/x86_64/xmlsec1-1.2.10-7.3mdv2009.0.x86_64.rpm 00a18a237c5aee09d3de790df4ee8d0b 2009.0/SRPMS/xmlsec1-1.2.10-7.3mdv2009.0.src.rpm Mandriva Linux 2010.0: bdc91e075985a73525da8a27c50f3e4d 2010.0/i586/libxmlsec1-1-1.2.13-1.2mdv2010.0.i586.rpm a8cf6ac42e0ae7df962f3b6e1abd0a27 2010.0/i586/libxmlsec1-devel-1.2.13-1.2mdv2010.0.i586.rpm 50e1f9b8c2b36781b5597c37756f0a27 2010.0/i586/libxmlsec1-gnutls1-1.2.13-1.2mdv2010.0.i586.rpm 94b518a20f8d6a99033be5c7fa9a561c 2010.0/i586/libxmlsec1-gnutls-devel-1.2.13-1.2mdv2010.0.i586.rpm b5e93f5674d8b2065e64f2e53ba05605 2010.0/i586/libxmlsec1-nss1-1.2.13-1.2mdv2010.0.i586.rpm 880fe166f23413733c3c3c118d816387 2010.0/i586/libxmlsec1-nss-devel-1.2.13-1.2mdv2010.0.i586.rpm 21b46e66c6b78df3fbcd86064cf30e7c 2010.0/i586/libxmlsec1-openssl1-1.2.13-1.2mdv2010.0.i586.rpm 6620368f5cc3bcbb857b4a23eac3c8ca 2010.0/i586/libxmlsec1-openssl-devel-1.2.13-1.2mdv2010.0.i586.rpm c2ea73966298d29fdfdc34c7c2a2f1c2 2010.0/i586/xmlsec1-1.2.13-1.2mdv2010.0.i586.rpm 877a15d6552bedb5763df240f4d82d84 2010.0/SRPMS/xmlsec1-1.2.13-1.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: a62d421d4fd1899fbba01309dbaf1896 2010.0/x86_64/lib64xmlsec1-1-1.2.13-1.2mdv2010.0.x86_64.rpm 2f537e7a96421519da35174c233ce595 2010.0/x86_64/lib64xmlsec1-devel-1.2.13-1.2mdv2010.0.x86_64.rpm 7a8b160fe2e6034be36f6eae79085ace 2010.0/x86_64/lib64xmlsec1-gnutls1-1.2.13-1.2mdv2010.0.x86_64.rpm 0a6294fd609fc0852648a497a88483c0 2010.0/x86_64/lib64xmlsec1-gnutls-devel-1.2.13-1.2mdv2010.0.x86_64.rpm 29db3a07cccce7ad181397aad0cc8d0d 2010.0/x86_64/lib64xmlsec1-nss1-1.2.13-1.2mdv2010.0.x86_64.rpm fbbf15dc907548874aa56a0a60288c44 2010.0/x86_64/lib64xmlsec1-nss-devel-1.2.13-1.2mdv2010.0.x86_64.rpm 91cde9b85b74ee50ca22063395776ad5 2010.0/x86_64/lib64xmlsec1-openssl1-1.2.13-1.2mdv2010.0.x86_64.rpm 48200b7dbaf54a0f3b773fe838bba047 2010.0/x86_64/lib64xmlsec1-openssl-devel-1.2.13-1.2mdv2010.0.x86_64.rpm 959b3952c7246d48878bd70d51966a8e 2010.0/x86_64/xmlsec1-1.2.13-1.2mdv2010.0.x86_64.rpm 877a15d6552bedb5763df240f4d82d84 2010.0/SRPMS/xmlsec1-1.2.13-1.2mdv2010.0.src.rpm Mandriva Enterprise Server 5: 319b4ab924dbbbf82f4614d148f14804 mes5/i586/libxmlsec1-1-1.2.10-7.3mdvmes5.2.i586.rpm 9278a1efe02a044e5ff7a1a37ffa36d4 mes5/i586/libxmlsec1-devel-1.2.10-7.3mdvmes5.2.i586.rpm cb993560c51e070393b7e2e0861900ff mes5/i586/libxmlsec1-gnutls1-1.2.10-7.3mdvmes5.2.i586.rpm 293f8773291935a45d76908db7825384 mes5/i586/libxmlsec1-gnutls-devel-1.2.10-7.3mdvmes5.2.i586.rpm aab3eb1ab4455876a2339e9863fa7935 mes5/i586/libxmlsec1-nss1-1.2.10-7.3mdvmes5.2.i586.rpm 2ff66c74e00e7dd79d6037162dde87b8 mes5/i586/libxmlsec1-nss-devel-1.2.10-7.3mdvmes5.2.i586.rpm f2f5866fd188473eb74e33c5b78c2d9a mes5/i586/libxmlsec1-openssl1-1.2.10-7.3mdvmes5.2.i586.rpm c41b9570228f06d39b91d87a8538728c mes5/i586/libxmlsec1-openssl-devel-1.2.10-7.3mdvmes5.2.i586.rpm 308bc571cc766753f0c07a44ca80181c mes5/i586/xmlsec1-1.2.10-7.3mdvmes5.2.i586.rpm d07141a9abde87df9f330093acd2d59f mes5/SRPMS/xmlsec1-1.2.10-7.3mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 327e47c32620609fd4245c32475938c7 mes5/x86_64/lib64xmlsec1-1-1.2.10-7.3mdvmes5.2.x86_64.rpm 033b408efc5436eb5d6e09a9582760a5 mes5/x86_64/lib64xmlsec1-devel-1.2.10-7.3mdvmes5.2.x86_64.rpm 814d8c33a387f72d855f7bfc250f74e3 mes5/x86_64/lib64xmlsec1-gnutls1-1.2.10-7.3mdvmes5.2.x86_64.rpm 2883ed21f25132b542780bd1dfccfb17 mes5/x86_64/lib64xmlsec1-gnutls-devel-1.2.10-7.3mdvmes5.2.x86_64.rpm 3409c185fdbcb57c45a1883752ade7c3 mes5/x86_64/lib64xmlsec1-nss1-1.2.10-7.3mdvmes5.2.x86_64.rpm f781e2d050e0c19945c783dc86745e08 mes5/x86_64/lib64xmlsec1-nss-devel-1.2.10-7.3mdvmes5.2.x86_64.rpm cc9fc7fcd1d32d4877689486e424875e mes5/x86_64/lib64xmlsec1-openssl1-1.2.10-7.3mdvmes5.2.x86_64.rpm a5315ce478dda5fd0af55a1acf043288 mes5/x86_64/lib64xmlsec1-openssl-devel-1.2.10-7.3mdvmes5.2.x86_64.rpm 1a153d8d6af32724260f029205cd0a54 mes5/x86_64/xmlsec1-1.2.10-7.3mdvmes5.2.x86_64.rpm d07141a9abde87df9f330093acd2d59f mes5/SRPMS/xmlsec1-1.2.10-7.3mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNmXaUmqjQ0CJFipgRAgs3AKCLIc162L+edW3LKFOx7G/U4GkynwCgpJ7j SEMdD/0Sj9XbDDepzFsOW3o= =Kuyv -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

permissions and access control

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Reported by the vendor

SOURCES

LAST UPDATE DATE

2024-11-23T20:09:49.850000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE