Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.892498
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for xerces-c (DLA-2498-1)
Summary:The remote host is missing an update for the 'xerces-c'; package(s) announced via the DLA-2498-1 advisory.
Description:Summary:
The remote host is missing an update for the 'xerces-c'
package(s) announced via the DLA-2498-1 advisory.

Vulnerability Insight:
The UK's National Cyber Security Centre (NCSC) discovered that
Xerces-C, a validating XML parser library for C++, contains a
use-after-free error triggered during the scanning of external
DTDs. An attacker could cause a Denial of Service (DoS) and possibly
achieve remote code execution. This flaw has not been addressed in the
maintained version of the library and has no complete mitigation. The
first is provided by this update which fixes the use-after-free
vulnerability at the expense of a memory leak. The other is to disable
DTD processing, which can be accomplished via the DOM using a standard
parser feature, or via SAX using the XERCES_DISABLE_DTD environment
variable.

Affected Software/OS:
'xerces-c' package(s) on Debian Linux.

Solution:
For Debian 9 stretch, this problem has been fixed in version
3.1.4+debian-2+deb9u2.

We recommend that you upgrade your xerces-c packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-1311
Debian Security Information: DSA-4814 (Google Search)
https://www.debian.org/security/2020/dsa-4814
https://lists.debian.org/debian-lts-announce/2020/12/msg00025.html
https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b@%3Cc-dev.xerces.apache.org%3E
https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625@%3Cc-users.xerces.apache.org%3E
https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35@%3Cc-users.xerces.apache.org%3E
https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646@%3Cc-users.xerces.apache.org%3E
RedHat Security Advisories: RHSA-2020:0702
https://access.redhat.com/errata/RHSA-2020:0702
RedHat Security Advisories: RHSA-2020:0704
https://access.redhat.com/errata/RHSA-2020:0704
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.