var-201104-0096
Vulnerability from variot
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification. Remote attackers can exploit this issue to read or write to arbitrary XML files. This may lead to further attacks. Versions prior to XML Security Library 1.2.17 are vulnerable.
For the oldstable distribution (lenny), this problem has been fixed in version 1.2.9-5+lenny1.
For the stable distribution (squeeze), this problem has been fixed in version 1.2.14-1+squeeze1.
For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in version 1.2.14-1.1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
For more information: SA43920
SOLUTION: Apply updated packages via the apt-get package manager. ----------------------------------------------------------------------
Secunia Research and vulnerability disclosures coordinated by Secunia:
http://secunia.com/research/
TITLE: XML Security Library XSLT File Access Vulnerability
SECUNIA ADVISORY ID: SA43920
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43920/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43920
RELEASE DATE: 2011-04-02
DISCUSS ADVISORY: http://secunia.com/advisories/43920/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43920/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43920
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in the XML Security Library, which can be exploited by malicious people to compromise a vulnerable system.
SOLUTION: Update to version 1.2.17.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Nicolas Gregoire.
ORIGINAL ADVISORY: http://www.aleksey.com/pipermail/xmlsec/2011/009120.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-09
http://security.gentoo.org/
Severity: High Title: Multiple packages, Multiple vulnerabilities fixed in 2011 Date: December 11, 2014 Bugs: #194151, #294253, #294256, #334087, #344059, #346897, #350598, #352608, #354209, #355207, #356893, #358611, #358785, #358789, #360891, #361397, #362185, #366697, #366699, #369069, #370839, #372971, #376793, #381169, #386321, #386361 ID: 201412-09
Synopsis
This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information.
Background
For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 games-sports/racer-bin >= 0.5.0-r1 Vulnerable! 2 media-libs/fmod < 4.38.00 >= 4.38.00 3 dev-php/PEAR-Mail < 1.2.0 >= 1.2.0 4 sys-fs/lvm2 < 2.02.72 >= 2.02.72 5 app-office/gnucash < 2.4.4 >= 2.4.4 6 media-libs/xine-lib < 1.1.19 >= 1.1.19 7 media-sound/lastfmplayer < 1.5.4.26862-r3 >= 1.5.4.26862-r3 8 net-libs/webkit-gtk < 1.2.7 >= 1.2.7 9 sys-apps/shadow < 4.1.4.3 >= 4.1.4.3 10 dev-php/PEAR-PEAR < 1.9.2-r1 >= 1.9.2-r1 11 dev-db/unixODBC < 2.3.0-r1 >= 2.3.0-r1 12 sys-cluster/resource-agents < 1.0.4-r1 >= 1.0.4-r1 13 net-misc/mrouted < 3.9.5 >= 3.9.5 14 net-misc/rsync < 3.0.8 >= 3.0.8 15 dev-libs/xmlsec < 1.2.17 >= 1.2.17 16 x11-apps/xrdb < 1.0.9 >= 1.0.9 17 net-misc/vino < 2.32.2 >= 2.32.2 18 dev-util/oprofile < 0.9.6-r1 >= 0.9.6-r1 19 app-admin/syslog-ng < 3.2.4 >= 3.2.4 20 net-analyzer/sflowtool < 3.20 >= 3.20 21 gnome-base/gdm < 3.8.4-r3 >= 3.8.4-r3 22 net-libs/libsoup < 2.34.3 >= 2.34.3 23 app-misc/ca-certificates < 20110502-r1 >= 20110502-r1 24 dev-vcs/gitolite < 1.5.9.1 >= 1.5.9.1 25 dev-util/qt-creator < 2.1.0 >= 2.1.0 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 25 affected packages
Description
Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details.
- FMOD Studio
- PEAR Mail
- LVM2
- GnuCash
- xine-lib
- Last.fm Scrobbler
- WebKitGTK+
- shadow tool suite
- PEAR
- unixODBC
- Resource Agents
- mrouted
- rsync
- XML Security Library
- xrdb
- Vino
- OProfile
- syslog-ng
- sFlow Toolkit
- GNOME Display Manager
- libsoup
- CA Certificates
- Gitolite
- QtCreator
- Racer
Impact
A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions.
Workaround
There are no known workarounds at this time.
Resolution
All FMOD Studio users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/fmod-4.38.00"
All PEAR Mail users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Mail-1.2.0"
All LVM2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/lvm2-2.02.72"
All GnuCash users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-office/gnucash-2.4.4"
All xine-lib users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.19"
All Last.fm Scrobbler users should upgrade to the latest version:
# emerge --sync # emerge -a --oneshot -v ">=media-sound/lastfmplayer-1.5.4.26862-r3"
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-1.2.7"
All shadow tool suite users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.4.3"
All PEAR users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-PEAR-1.9.2-r1"
All unixODBC users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/unixODBC-2.3.0-r1"
All Resource Agents users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=sys-cluster/resource-agents-1.0.4-r1"
All mrouted users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/mrouted-3.9.5"
All rsync users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.0.8"
All XML Security Library users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/xmlsec-1.2.17"
All xrdb users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xrdb-1.0.9"
All Vino users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/vino-2.32.2"
All OProfile users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/oprofile-0.9.6-r1"
All syslog-ng users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.2.4"
All sFlow Toolkit users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/sflowtool-3.20"
All GNOME Display Manager users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=gnome-base/gdm-3.8.4-r3"
All libsoup users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/libsoup-2.34.3"
All CA Certificates users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=app-misc/ca-certificates-20110502-r1"
All Gitolite users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/gitolite-1.5.9.1"
All QtCreator users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/qt-creator-2.1.0"
Gentoo has discontinued support for Racer. We recommend that users unmerge Racer:
# emerge --unmerge "games-sports/racer-bin"
NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues.
References
[ 1 ] CVE-2007-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370 [ 2 ] CVE-2009-4023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023 [ 3 ] CVE-2009-4111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111 [ 4 ] CVE-2010-0778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778 [ 5 ] CVE-2010-1780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780 [ 6 ] CVE-2010-1782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782 [ 7 ] CVE-2010-1783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783 [ 8 ] CVE-2010-1784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784 [ 9 ] CVE-2010-1785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785 [ 10 ] CVE-2010-1786 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786 [ 11 ] CVE-2010-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787 [ 12 ] CVE-2010-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788 [ 13 ] CVE-2010-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790 [ 14 ] CVE-2010-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791 [ 15 ] CVE-2010-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792 [ 16 ] CVE-2010-1793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793 [ 17 ] CVE-2010-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807 [ 18 ] CVE-2010-1812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812 [ 19 ] CVE-2010-1814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814 [ 20 ] CVE-2010-1815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815 [ 21 ] CVE-2010-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526 [ 22 ] CVE-2010-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901 [ 23 ] CVE-2010-3255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255 [ 24 ] CVE-2010-3257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257 [ 25 ] CVE-2010-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259 [ 26 ] CVE-2010-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362 [ 27 ] CVE-2010-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374 [ 28 ] CVE-2010-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389 [ 29 ] CVE-2010-3812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812 [ 30 ] CVE-2010-3813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813 [ 31 ] CVE-2010-3999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999 [ 32 ] CVE-2010-4042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042 [ 33 ] CVE-2010-4197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197 [ 34 ] CVE-2010-4198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198 [ 35 ] CVE-2010-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204 [ 36 ] CVE-2010-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206 [ 37 ] CVE-2010-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492 [ 38 ] CVE-2010-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493 [ 39 ] CVE-2010-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577 [ 40 ] CVE-2010-4578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578 [ 41 ] CVE-2011-0007 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007 [ 42 ] CVE-2011-0465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465 [ 43 ] CVE-2011-0482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482 [ 44 ] CVE-2011-0721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721 [ 45 ] CVE-2011-0727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727 [ 46 ] CVE-2011-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904 [ 47 ] CVE-2011-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905 [ 48 ] CVE-2011-1072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072 [ 49 ] CVE-2011-1097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097 [ 50 ] CVE-2011-1144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144 [ 51 ] CVE-2011-1425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425 [ 52 ] CVE-2011-1572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572 [ 53 ] CVE-2011-1760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760 [ 54 ] CVE-2011-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951 [ 55 ] CVE-2011-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471 [ 56 ] CVE-2011-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472 [ 57 ] CVE-2011-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473 [ 58 ] CVE-2011-2524 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524 [ 59 ] CVE-2011-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365 [ 60 ] CVE-2011-3366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366 [ 61 ] CVE-2011-3367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-09.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1425
Updated Packages:
Mandriva Linux 2009.0: ab2caef2b723f8a627f4682e9b9b295c 2009.0/i586/libxmlsec1-1-1.2.10-7.3mdv2009.0.i586.rpm a82fe9a2eb07213a40d5b062d0c5a230 2009.0/i586/libxmlsec1-devel-1.2.10-7.3mdv2009.0.i586.rpm 2cec5cb556b742bcc87d10a14ded022c 2009.0/i586/libxmlsec1-gnutls1-1.2.10-7.3mdv2009.0.i586.rpm 7169d872a13bb5da168cad113ca3c9cb 2009.0/i586/libxmlsec1-gnutls-devel-1.2.10-7.3mdv2009.0.i586.rpm d9c9fe192a991bb7937fce742acac213 2009.0/i586/libxmlsec1-nss1-1.2.10-7.3mdv2009.0.i586.rpm c412b1cf110d47b6c9848a2718394e83 2009.0/i586/libxmlsec1-nss-devel-1.2.10-7.3mdv2009.0.i586.rpm fb3fcd72027a0c4707d185c03d7e6ffe 2009.0/i586/libxmlsec1-openssl1-1.2.10-7.3mdv2009.0.i586.rpm ee2375b5ce6b80fb0a37f8a298df8ffc 2009.0/i586/libxmlsec1-openssl-devel-1.2.10-7.3mdv2009.0.i586.rpm 45ec8c67b589d6874c265c316f0ef715 2009.0/i586/xmlsec1-1.2.10-7.3mdv2009.0.i586.rpm 00a18a237c5aee09d3de790df4ee8d0b 2009.0/SRPMS/xmlsec1-1.2.10-7.3mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: ab200f5369469e19e89743b23a097764 2009.0/x86_64/lib64xmlsec1-1-1.2.10-7.3mdv2009.0.x86_64.rpm 15eb2c4424a6d91b68f5caef8db2fdff 2009.0/x86_64/lib64xmlsec1-devel-1.2.10-7.3mdv2009.0.x86_64.rpm ad73f2e06650f4b76b482a1bf7532eac 2009.0/x86_64/lib64xmlsec1-gnutls1-1.2.10-7.3mdv2009.0.x86_64.rpm 7c60997091a4214148c77d2d14c01a94 2009.0/x86_64/lib64xmlsec1-gnutls-devel-1.2.10-7.3mdv2009.0.x86_64.rpm 22ac198274c38732b3f0a65e5814ffc7 2009.0/x86_64/lib64xmlsec1-nss1-1.2.10-7.3mdv2009.0.x86_64.rpm ddb61026f298b57254192f25398498d6 2009.0/x86_64/lib64xmlsec1-nss-devel-1.2.10-7.3mdv2009.0.x86_64.rpm a965cb539117930426efb7b6dbf8553d 2009.0/x86_64/lib64xmlsec1-openssl1-1.2.10-7.3mdv2009.0.x86_64.rpm a2853268d49f512f660b0c85f32f3b98 2009.0/x86_64/lib64xmlsec1-openssl-devel-1.2.10-7.3mdv2009.0.x86_64.rpm cfcb56269c2b2e79ea2701839fa93090 2009.0/x86_64/xmlsec1-1.2.10-7.3mdv2009.0.x86_64.rpm 00a18a237c5aee09d3de790df4ee8d0b 2009.0/SRPMS/xmlsec1-1.2.10-7.3mdv2009.0.src.rpm
Mandriva Linux 2010.0: bdc91e075985a73525da8a27c50f3e4d 2010.0/i586/libxmlsec1-1-1.2.13-1.2mdv2010.0.i586.rpm a8cf6ac42e0ae7df962f3b6e1abd0a27 2010.0/i586/libxmlsec1-devel-1.2.13-1.2mdv2010.0.i586.rpm 50e1f9b8c2b36781b5597c37756f0a27 2010.0/i586/libxmlsec1-gnutls1-1.2.13-1.2mdv2010.0.i586.rpm 94b518a20f8d6a99033be5c7fa9a561c 2010.0/i586/libxmlsec1-gnutls-devel-1.2.13-1.2mdv2010.0.i586.rpm b5e93f5674d8b2065e64f2e53ba05605 2010.0/i586/libxmlsec1-nss1-1.2.13-1.2mdv2010.0.i586.rpm 880fe166f23413733c3c3c118d816387 2010.0/i586/libxmlsec1-nss-devel-1.2.13-1.2mdv2010.0.i586.rpm 21b46e66c6b78df3fbcd86064cf30e7c 2010.0/i586/libxmlsec1-openssl1-1.2.13-1.2mdv2010.0.i586.rpm 6620368f5cc3bcbb857b4a23eac3c8ca 2010.0/i586/libxmlsec1-openssl-devel-1.2.13-1.2mdv2010.0.i586.rpm c2ea73966298d29fdfdc34c7c2a2f1c2 2010.0/i586/xmlsec1-1.2.13-1.2mdv2010.0.i586.rpm 877a15d6552bedb5763df240f4d82d84 2010.0/SRPMS/xmlsec1-1.2.13-1.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: a62d421d4fd1899fbba01309dbaf1896 2010.0/x86_64/lib64xmlsec1-1-1.2.13-1.2mdv2010.0.x86_64.rpm 2f537e7a96421519da35174c233ce595 2010.0/x86_64/lib64xmlsec1-devel-1.2.13-1.2mdv2010.0.x86_64.rpm 7a8b160fe2e6034be36f6eae79085ace 2010.0/x86_64/lib64xmlsec1-gnutls1-1.2.13-1.2mdv2010.0.x86_64.rpm 0a6294fd609fc0852648a497a88483c0 2010.0/x86_64/lib64xmlsec1-gnutls-devel-1.2.13-1.2mdv2010.0.x86_64.rpm 29db3a07cccce7ad181397aad0cc8d0d 2010.0/x86_64/lib64xmlsec1-nss1-1.2.13-1.2mdv2010.0.x86_64.rpm fbbf15dc907548874aa56a0a60288c44 2010.0/x86_64/lib64xmlsec1-nss-devel-1.2.13-1.2mdv2010.0.x86_64.rpm 91cde9b85b74ee50ca22063395776ad5 2010.0/x86_64/lib64xmlsec1-openssl1-1.2.13-1.2mdv2010.0.x86_64.rpm 48200b7dbaf54a0f3b773fe838bba047 2010.0/x86_64/lib64xmlsec1-openssl-devel-1.2.13-1.2mdv2010.0.x86_64.rpm 959b3952c7246d48878bd70d51966a8e 2010.0/x86_64/xmlsec1-1.2.13-1.2mdv2010.0.x86_64.rpm 877a15d6552bedb5763df240f4d82d84 2010.0/SRPMS/xmlsec1-1.2.13-1.2mdv2010.0.src.rpm
Mandriva Enterprise Server 5: 319b4ab924dbbbf82f4614d148f14804 mes5/i586/libxmlsec1-1-1.2.10-7.3mdvmes5.2.i586.rpm 9278a1efe02a044e5ff7a1a37ffa36d4 mes5/i586/libxmlsec1-devel-1.2.10-7.3mdvmes5.2.i586.rpm cb993560c51e070393b7e2e0861900ff mes5/i586/libxmlsec1-gnutls1-1.2.10-7.3mdvmes5.2.i586.rpm 293f8773291935a45d76908db7825384 mes5/i586/libxmlsec1-gnutls-devel-1.2.10-7.3mdvmes5.2.i586.rpm aab3eb1ab4455876a2339e9863fa7935 mes5/i586/libxmlsec1-nss1-1.2.10-7.3mdvmes5.2.i586.rpm 2ff66c74e00e7dd79d6037162dde87b8 mes5/i586/libxmlsec1-nss-devel-1.2.10-7.3mdvmes5.2.i586.rpm f2f5866fd188473eb74e33c5b78c2d9a mes5/i586/libxmlsec1-openssl1-1.2.10-7.3mdvmes5.2.i586.rpm c41b9570228f06d39b91d87a8538728c mes5/i586/libxmlsec1-openssl-devel-1.2.10-7.3mdvmes5.2.i586.rpm 308bc571cc766753f0c07a44ca80181c mes5/i586/xmlsec1-1.2.10-7.3mdvmes5.2.i586.rpm d07141a9abde87df9f330093acd2d59f mes5/SRPMS/xmlsec1-1.2.10-7.3mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: 327e47c32620609fd4245c32475938c7 mes5/x86_64/lib64xmlsec1-1-1.2.10-7.3mdvmes5.2.x86_64.rpm 033b408efc5436eb5d6e09a9582760a5 mes5/x86_64/lib64xmlsec1-devel-1.2.10-7.3mdvmes5.2.x86_64.rpm 814d8c33a387f72d855f7bfc250f74e3 mes5/x86_64/lib64xmlsec1-gnutls1-1.2.10-7.3mdvmes5.2.x86_64.rpm 2883ed21f25132b542780bd1dfccfb17 mes5/x86_64/lib64xmlsec1-gnutls-devel-1.2.10-7.3mdvmes5.2.x86_64.rpm 3409c185fdbcb57c45a1883752ade7c3 mes5/x86_64/lib64xmlsec1-nss1-1.2.10-7.3mdvmes5.2.x86_64.rpm f781e2d050e0c19945c783dc86745e08 mes5/x86_64/lib64xmlsec1-nss-devel-1.2.10-7.3mdvmes5.2.x86_64.rpm cc9fc7fcd1d32d4877689486e424875e mes5/x86_64/lib64xmlsec1-openssl1-1.2.10-7.3mdvmes5.2.x86_64.rpm a5315ce478dda5fd0af55a1acf043288 mes5/x86_64/lib64xmlsec1-openssl-devel-1.2.10-7.3mdvmes5.2.x86_64.rpm 1a153d8d6af32724260f029205cd0a54 mes5/x86_64/xmlsec1-1.2.10-7.3mdvmes5.2.x86_64.rpm d07141a9abde87df9f330093acd2d59f mes5/SRPMS/xmlsec1-1.2.10-7.3mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFNmXaUmqjQ0CJFipgRAgs3AKCLIc162L+edW3LKFOx7G/U4GkynwCgpJ7j SEMdD/0Sj9XbDDepzFsOW3o= =Kuyv -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201104-0096",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.2.1"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.0.2"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.2.11"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.2.9"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "0.0.13"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "0.0.2a"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.2.14"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.2.6"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "0.0.7"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.0.3"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.2.8"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "0.1.1"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "0.0.4"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.0.4"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "0.0.10"
},
{
"model": "xml security library",
"scope": "lte",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.2.16"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "0.0.9"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "0.0.2"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "0.0.6"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.2.3"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.1.2"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.2.15"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "0.0.3"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.2.4"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "0.0.8"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "0.0.1"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "0.0.15"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "0.0.5"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "0.0.14"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.2.2"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.2.5"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.2.7"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.1.0"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.2.0"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.2.13"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "0.1.0"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.0.1"
},
{
"model": "webkit",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "0.0.12"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.2.10"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "0.0.11"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.1.1"
},
{
"model": "xml security library",
"scope": "eq",
"trust": 1.0,
"vendor": "aleksey",
"version": "1.0.0"
},
{
"model": "xml security library",
"scope": "lt",
"trust": 0.8,
"vendor": "aleksey",
"version": "1.2.17"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.6.z (server)"
},
{
"model": "enterprise linux long life",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 5.6 server)"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "webkit",
"scope": null,
"trust": 0.6,
"vendor": "apple",
"version": null
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20110"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.8"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "messaging storage server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "messaging storage server",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "message networking sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "ip deskphone",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "96x16"
},
{
"model": "sanin xml security library",
"scope": "eq",
"trust": 0.3,
"vendor": "aleksey",
"version": "1.2.16"
},
{
"model": "sanin xml security library",
"scope": "ne",
"trust": 0.3,
"vendor": "aleksey",
"version": "1.2.17"
}
],
"sources": [
{
"db": "BID",
"id": "47135"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001622"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-019"
},
{
"db": "NVD",
"id": "CVE-2011-1425"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:aleksey:xml_security_library",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_eus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_long_life",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001622"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reported by the vendor",
"sources": [
{
"db": "BID",
"id": "47135"
}
],
"trust": 0.3
},
"cve": "CVE-2011-1425",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2011-1425",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-49370",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-1425",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-1425",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201104-019",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-49370",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49370"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001622"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-019"
},
{
"db": "NVD",
"id": "CVE-2011-1425"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification. \nRemote attackers can exploit this issue to read or write to arbitrary XML files. This may lead to further attacks. \nVersions prior to XML Security Library 1.2.17 are vulnerable. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.2.9-5+lenny1. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.14-1+squeeze1. \n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 1.2.14-1.1. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. This fixes a vulnerability,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\nFor more information:\nSA43920\n\nSOLUTION:\nApply updated packages via the apt-get package manager. ----------------------------------------------------------------------\n\n\nSecunia Research and vulnerability disclosures coordinated by Secunia:\n\nhttp://secunia.com/research/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nXML Security Library XSLT File Access Vulnerability\n\nSECUNIA ADVISORY ID:\nSA43920\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43920/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43920\n\nRELEASE DATE:\n2011-04-02\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43920/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43920/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43920\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in the XML Security Library, which\ncan be exploited by malicious people to compromise a vulnerable\nsystem. \n\nSOLUTION:\nUpdate to version 1.2.17. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Nicolas Gregoire. \n\nORIGINAL ADVISORY:\nhttp://www.aleksey.com/pipermail/xmlsec/2011/009120.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-09\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Multiple packages, Multiple vulnerabilities fixed in 2011\n Date: December 11, 2014\n Bugs: #194151, #294253, #294256, #334087, #344059, #346897,\n #350598, #352608, #354209, #355207, #356893, #358611,\n #358785, #358789, #360891, #361397, #362185, #366697,\n #366699, #369069, #370839, #372971, #376793, #381169,\n #386321, #386361\n ID: 201412-09\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nThis GLSA contains notification of vulnerabilities found in several\nGentoo packages which have been fixed prior to January 1, 2012. The\nworst of these vulnerabilities could lead to local privilege escalation\nand remote code execution. Please see the package list and CVE\nidentifiers below for more information. \n\nBackground\n==========\n\nFor more information on the packages listed in this GLSA, please see\ntheir homepage referenced in the ebuild. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 games-sports/racer-bin \u003e= 0.5.0-r1 Vulnerable!\n 2 media-libs/fmod \u003c 4.38.00 \u003e= 4.38.00\n 3 dev-php/PEAR-Mail \u003c 1.2.0 \u003e= 1.2.0\n 4 sys-fs/lvm2 \u003c 2.02.72 \u003e= 2.02.72\n 5 app-office/gnucash \u003c 2.4.4 \u003e= 2.4.4\n 6 media-libs/xine-lib \u003c 1.1.19 \u003e= 1.1.19\n 7 media-sound/lastfmplayer\n \u003c 1.5.4.26862-r3 \u003e= 1.5.4.26862-r3\n 8 net-libs/webkit-gtk \u003c 1.2.7 \u003e= 1.2.7\n 9 sys-apps/shadow \u003c 4.1.4.3 \u003e= 4.1.4.3\n 10 dev-php/PEAR-PEAR \u003c 1.9.2-r1 \u003e= 1.9.2-r1\n 11 dev-db/unixODBC \u003c 2.3.0-r1 \u003e= 2.3.0-r1\n 12 sys-cluster/resource-agents\n \u003c 1.0.4-r1 \u003e= 1.0.4-r1\n 13 net-misc/mrouted \u003c 3.9.5 \u003e= 3.9.5\n 14 net-misc/rsync \u003c 3.0.8 \u003e= 3.0.8\n 15 dev-libs/xmlsec \u003c 1.2.17 \u003e= 1.2.17\n 16 x11-apps/xrdb \u003c 1.0.9 \u003e= 1.0.9\n 17 net-misc/vino \u003c 2.32.2 \u003e= 2.32.2\n 18 dev-util/oprofile \u003c 0.9.6-r1 \u003e= 0.9.6-r1\n 19 app-admin/syslog-ng \u003c 3.2.4 \u003e= 3.2.4\n 20 net-analyzer/sflowtool \u003c 3.20 \u003e= 3.20\n 21 gnome-base/gdm \u003c 3.8.4-r3 \u003e= 3.8.4-r3\n 22 net-libs/libsoup \u003c 2.34.3 \u003e= 2.34.3\n 23 app-misc/ca-certificates\n \u003c 20110502-r1 \u003e= 20110502-r1\n 24 dev-vcs/gitolite \u003c 1.5.9.1 \u003e= 1.5.9.1\n 25 dev-util/qt-creator \u003c 2.1.0 \u003e= 2.1.0\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n -------------------------------------------------------------------\n 25 affected packages\n\nDescription\n===========\n\nVulnerabilities have been discovered in the packages listed below. \nPlease review the CVE identifiers in the Reference section for details. \n\n* FMOD Studio\n* PEAR Mail\n* LVM2\n* GnuCash\n* xine-lib\n* Last.fm Scrobbler\n* WebKitGTK+\n* shadow tool suite\n* PEAR\n* unixODBC\n* Resource Agents\n* mrouted\n* rsync\n* XML Security Library\n* xrdb\n* Vino\n* OProfile\n* syslog-ng\n* sFlow Toolkit\n* GNOME Display Manager\n* libsoup\n* CA Certificates\n* Gitolite\n* QtCreator\n* Racer\n\nImpact\n======\n\nA context-dependent attacker may be able to gain escalated privileges,\nexecute arbitrary code, cause Denial of Service, obtain sensitive\ninformation, or otherwise bypass security restrictions. \n\nWorkaround\n==========\n\nThere are no known workarounds at this time. \n\nResolution\n==========\n\nAll FMOD Studio users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/fmod-4.38.00\"\n\nAll PEAR Mail users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-php/PEAR-Mail-1.2.0\"\n\nAll LVM2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-fs/lvm2-2.02.72\"\n\nAll GnuCash users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-office/gnucash-2.4.4\"\n\nAll xine-lib users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/xine-lib-1.1.19\"\n\nAll Last.fm Scrobbler users should upgrade to the latest version:\n\n # emerge --sync\n # emerge -a --oneshot -v \"\u003e=media-sound/lastfmplayer-1.5.4.26862-r3\"\n\nAll WebKitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-1.2.7\"\n\nAll shadow tool suite users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-apps/shadow-4.1.4.3\"\n\nAll PEAR users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-php/PEAR-PEAR-1.9.2-r1\"\n\nAll unixODBC users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-db/unixODBC-2.3.0-r1\"\n\nAll Resource Agents users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=sys-cluster/resource-agents-1.0.4-r1\"\n\nAll mrouted users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/mrouted-3.9.5\"\n\nAll rsync users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/rsync-3.0.8\"\n\nAll XML Security Library users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/xmlsec-1.2.17\"\n\nAll xrdb users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=x11-apps/xrdb-1.0.9\"\n\nAll Vino users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/vino-2.32.2\"\n\nAll OProfile users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-util/oprofile-0.9.6-r1\"\n\nAll syslog-ng users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-admin/syslog-ng-3.2.4\"\n\nAll sFlow Toolkit users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-analyzer/sflowtool-3.20\"\n\nAll GNOME Display Manager users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=gnome-base/gdm-3.8.4-r3\"\n\nAll libsoup users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/libsoup-2.34.3\"\n\nAll CA Certificates users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=app-misc/ca-certificates-20110502-r1\"\n\nAll Gitolite users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-vcs/gitolite-1.5.9.1\"\n\nAll QtCreator users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-util/qt-creator-2.1.0\"\n\nGentoo has discontinued support for Racer. We recommend that users\nunmerge Racer:\n\n # emerge --unmerge \"games-sports/racer-bin\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures\nhave been available since 2012. It is likely that your system is\nalready no longer affected by these issues. \n\nReferences\n==========\n\n[ 1 ] CVE-2007-4370\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370\n[ 2 ] CVE-2009-4023\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023\n[ 3 ] CVE-2009-4111\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111\n[ 4 ] CVE-2010-0778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778\n[ 5 ] CVE-2010-1780\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780\n[ 6 ] CVE-2010-1782\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782\n[ 7 ] CVE-2010-1783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783\n[ 8 ] CVE-2010-1784\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784\n[ 9 ] CVE-2010-1785\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785\n[ 10 ] CVE-2010-1786\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786\n[ 11 ] CVE-2010-1787\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787\n[ 12 ] CVE-2010-1788\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788\n[ 13 ] CVE-2010-1790\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790\n[ 14 ] CVE-2010-1791\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791\n[ 15 ] CVE-2010-1792\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792\n[ 16 ] CVE-2010-1793\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793\n[ 17 ] CVE-2010-1807\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807\n[ 18 ] CVE-2010-1812\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812\n[ 19 ] CVE-2010-1814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814\n[ 20 ] CVE-2010-1815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815\n[ 21 ] CVE-2010-2526\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526\n[ 22 ] CVE-2010-2901\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901\n[ 23 ] CVE-2010-3255\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255\n[ 24 ] CVE-2010-3257\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257\n[ 25 ] CVE-2010-3259\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259\n[ 26 ] CVE-2010-3362\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362\n[ 27 ] CVE-2010-3374\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374\n[ 28 ] CVE-2010-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389\n[ 29 ] CVE-2010-3812\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812\n[ 30 ] CVE-2010-3813\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813\n[ 31 ] CVE-2010-3999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999\n[ 32 ] CVE-2010-4042\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042\n[ 33 ] CVE-2010-4197\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197\n[ 34 ] CVE-2010-4198\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198\n[ 35 ] CVE-2010-4204\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204\n[ 36 ] CVE-2010-4206\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206\n[ 37 ] CVE-2010-4492\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492\n[ 38 ] CVE-2010-4493\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493\n[ 39 ] CVE-2010-4577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577\n[ 40 ] CVE-2010-4578\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578\n[ 41 ] CVE-2011-0007\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007\n[ 42 ] CVE-2011-0465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465\n[ 43 ] CVE-2011-0482\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482\n[ 44 ] CVE-2011-0721\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721\n[ 45 ] CVE-2011-0727\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727\n[ 46 ] CVE-2011-0904\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904\n[ 47 ] CVE-2011-0905\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905\n[ 48 ] CVE-2011-1072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072\n[ 49 ] CVE-2011-1097\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097\n[ 50 ] CVE-2011-1144\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144\n[ 51 ] CVE-2011-1425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425\n[ 52 ] CVE-2011-1572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572\n[ 53 ] CVE-2011-1760\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760\n[ 54 ] CVE-2011-1951\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951\n[ 55 ] CVE-2011-2471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471\n[ 56 ] CVE-2011-2472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472\n[ 57 ] CVE-2011-2473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473\n[ 58 ] CVE-2011-2524\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524\n[ 59 ] CVE-2011-3365\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365\n[ 60 ] CVE-2011-3366\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366\n[ 61 ] CVE-2011-3367\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026amp;products_id=490\n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1425\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n ab2caef2b723f8a627f4682e9b9b295c 2009.0/i586/libxmlsec1-1-1.2.10-7.3mdv2009.0.i586.rpm\n a82fe9a2eb07213a40d5b062d0c5a230 2009.0/i586/libxmlsec1-devel-1.2.10-7.3mdv2009.0.i586.rpm\n 2cec5cb556b742bcc87d10a14ded022c 2009.0/i586/libxmlsec1-gnutls1-1.2.10-7.3mdv2009.0.i586.rpm\n 7169d872a13bb5da168cad113ca3c9cb 2009.0/i586/libxmlsec1-gnutls-devel-1.2.10-7.3mdv2009.0.i586.rpm\n d9c9fe192a991bb7937fce742acac213 2009.0/i586/libxmlsec1-nss1-1.2.10-7.3mdv2009.0.i586.rpm\n c412b1cf110d47b6c9848a2718394e83 2009.0/i586/libxmlsec1-nss-devel-1.2.10-7.3mdv2009.0.i586.rpm\n fb3fcd72027a0c4707d185c03d7e6ffe 2009.0/i586/libxmlsec1-openssl1-1.2.10-7.3mdv2009.0.i586.rpm\n ee2375b5ce6b80fb0a37f8a298df8ffc 2009.0/i586/libxmlsec1-openssl-devel-1.2.10-7.3mdv2009.0.i586.rpm\n 45ec8c67b589d6874c265c316f0ef715 2009.0/i586/xmlsec1-1.2.10-7.3mdv2009.0.i586.rpm \n 00a18a237c5aee09d3de790df4ee8d0b 2009.0/SRPMS/xmlsec1-1.2.10-7.3mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n ab200f5369469e19e89743b23a097764 2009.0/x86_64/lib64xmlsec1-1-1.2.10-7.3mdv2009.0.x86_64.rpm\n 15eb2c4424a6d91b68f5caef8db2fdff 2009.0/x86_64/lib64xmlsec1-devel-1.2.10-7.3mdv2009.0.x86_64.rpm\n ad73f2e06650f4b76b482a1bf7532eac 2009.0/x86_64/lib64xmlsec1-gnutls1-1.2.10-7.3mdv2009.0.x86_64.rpm\n 7c60997091a4214148c77d2d14c01a94 2009.0/x86_64/lib64xmlsec1-gnutls-devel-1.2.10-7.3mdv2009.0.x86_64.rpm\n 22ac198274c38732b3f0a65e5814ffc7 2009.0/x86_64/lib64xmlsec1-nss1-1.2.10-7.3mdv2009.0.x86_64.rpm\n ddb61026f298b57254192f25398498d6 2009.0/x86_64/lib64xmlsec1-nss-devel-1.2.10-7.3mdv2009.0.x86_64.rpm\n a965cb539117930426efb7b6dbf8553d 2009.0/x86_64/lib64xmlsec1-openssl1-1.2.10-7.3mdv2009.0.x86_64.rpm\n a2853268d49f512f660b0c85f32f3b98 2009.0/x86_64/lib64xmlsec1-openssl-devel-1.2.10-7.3mdv2009.0.x86_64.rpm\n cfcb56269c2b2e79ea2701839fa93090 2009.0/x86_64/xmlsec1-1.2.10-7.3mdv2009.0.x86_64.rpm \n 00a18a237c5aee09d3de790df4ee8d0b 2009.0/SRPMS/xmlsec1-1.2.10-7.3mdv2009.0.src.rpm\n\n Mandriva Linux 2010.0:\n bdc91e075985a73525da8a27c50f3e4d 2010.0/i586/libxmlsec1-1-1.2.13-1.2mdv2010.0.i586.rpm\n a8cf6ac42e0ae7df962f3b6e1abd0a27 2010.0/i586/libxmlsec1-devel-1.2.13-1.2mdv2010.0.i586.rpm\n 50e1f9b8c2b36781b5597c37756f0a27 2010.0/i586/libxmlsec1-gnutls1-1.2.13-1.2mdv2010.0.i586.rpm\n 94b518a20f8d6a99033be5c7fa9a561c 2010.0/i586/libxmlsec1-gnutls-devel-1.2.13-1.2mdv2010.0.i586.rpm\n b5e93f5674d8b2065e64f2e53ba05605 2010.0/i586/libxmlsec1-nss1-1.2.13-1.2mdv2010.0.i586.rpm\n 880fe166f23413733c3c3c118d816387 2010.0/i586/libxmlsec1-nss-devel-1.2.13-1.2mdv2010.0.i586.rpm\n 21b46e66c6b78df3fbcd86064cf30e7c 2010.0/i586/libxmlsec1-openssl1-1.2.13-1.2mdv2010.0.i586.rpm\n 6620368f5cc3bcbb857b4a23eac3c8ca 2010.0/i586/libxmlsec1-openssl-devel-1.2.13-1.2mdv2010.0.i586.rpm\n c2ea73966298d29fdfdc34c7c2a2f1c2 2010.0/i586/xmlsec1-1.2.13-1.2mdv2010.0.i586.rpm \n 877a15d6552bedb5763df240f4d82d84 2010.0/SRPMS/xmlsec1-1.2.13-1.2mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n a62d421d4fd1899fbba01309dbaf1896 2010.0/x86_64/lib64xmlsec1-1-1.2.13-1.2mdv2010.0.x86_64.rpm\n 2f537e7a96421519da35174c233ce595 2010.0/x86_64/lib64xmlsec1-devel-1.2.13-1.2mdv2010.0.x86_64.rpm\n 7a8b160fe2e6034be36f6eae79085ace 2010.0/x86_64/lib64xmlsec1-gnutls1-1.2.13-1.2mdv2010.0.x86_64.rpm\n 0a6294fd609fc0852648a497a88483c0 2010.0/x86_64/lib64xmlsec1-gnutls-devel-1.2.13-1.2mdv2010.0.x86_64.rpm\n 29db3a07cccce7ad181397aad0cc8d0d 2010.0/x86_64/lib64xmlsec1-nss1-1.2.13-1.2mdv2010.0.x86_64.rpm\n fbbf15dc907548874aa56a0a60288c44 2010.0/x86_64/lib64xmlsec1-nss-devel-1.2.13-1.2mdv2010.0.x86_64.rpm\n 91cde9b85b74ee50ca22063395776ad5 2010.0/x86_64/lib64xmlsec1-openssl1-1.2.13-1.2mdv2010.0.x86_64.rpm\n 48200b7dbaf54a0f3b773fe838bba047 2010.0/x86_64/lib64xmlsec1-openssl-devel-1.2.13-1.2mdv2010.0.x86_64.rpm\n 959b3952c7246d48878bd70d51966a8e 2010.0/x86_64/xmlsec1-1.2.13-1.2mdv2010.0.x86_64.rpm \n 877a15d6552bedb5763df240f4d82d84 2010.0/SRPMS/xmlsec1-1.2.13-1.2mdv2010.0.src.rpm\n\n Mandriva Enterprise Server 5:\n 319b4ab924dbbbf82f4614d148f14804 mes5/i586/libxmlsec1-1-1.2.10-7.3mdvmes5.2.i586.rpm\n 9278a1efe02a044e5ff7a1a37ffa36d4 mes5/i586/libxmlsec1-devel-1.2.10-7.3mdvmes5.2.i586.rpm\n cb993560c51e070393b7e2e0861900ff mes5/i586/libxmlsec1-gnutls1-1.2.10-7.3mdvmes5.2.i586.rpm\n 293f8773291935a45d76908db7825384 mes5/i586/libxmlsec1-gnutls-devel-1.2.10-7.3mdvmes5.2.i586.rpm\n aab3eb1ab4455876a2339e9863fa7935 mes5/i586/libxmlsec1-nss1-1.2.10-7.3mdvmes5.2.i586.rpm\n 2ff66c74e00e7dd79d6037162dde87b8 mes5/i586/libxmlsec1-nss-devel-1.2.10-7.3mdvmes5.2.i586.rpm\n f2f5866fd188473eb74e33c5b78c2d9a mes5/i586/libxmlsec1-openssl1-1.2.10-7.3mdvmes5.2.i586.rpm\n c41b9570228f06d39b91d87a8538728c mes5/i586/libxmlsec1-openssl-devel-1.2.10-7.3mdvmes5.2.i586.rpm\n 308bc571cc766753f0c07a44ca80181c mes5/i586/xmlsec1-1.2.10-7.3mdvmes5.2.i586.rpm \n d07141a9abde87df9f330093acd2d59f mes5/SRPMS/xmlsec1-1.2.10-7.3mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 327e47c32620609fd4245c32475938c7 mes5/x86_64/lib64xmlsec1-1-1.2.10-7.3mdvmes5.2.x86_64.rpm\n 033b408efc5436eb5d6e09a9582760a5 mes5/x86_64/lib64xmlsec1-devel-1.2.10-7.3mdvmes5.2.x86_64.rpm\n 814d8c33a387f72d855f7bfc250f74e3 mes5/x86_64/lib64xmlsec1-gnutls1-1.2.10-7.3mdvmes5.2.x86_64.rpm\n 2883ed21f25132b542780bd1dfccfb17 mes5/x86_64/lib64xmlsec1-gnutls-devel-1.2.10-7.3mdvmes5.2.x86_64.rpm\n 3409c185fdbcb57c45a1883752ade7c3 mes5/x86_64/lib64xmlsec1-nss1-1.2.10-7.3mdvmes5.2.x86_64.rpm\n f781e2d050e0c19945c783dc86745e08 mes5/x86_64/lib64xmlsec1-nss-devel-1.2.10-7.3mdvmes5.2.x86_64.rpm\n cc9fc7fcd1d32d4877689486e424875e mes5/x86_64/lib64xmlsec1-openssl1-1.2.10-7.3mdvmes5.2.x86_64.rpm\n a5315ce478dda5fd0af55a1acf043288 mes5/x86_64/lib64xmlsec1-openssl-devel-1.2.10-7.3mdvmes5.2.x86_64.rpm\n 1a153d8d6af32724260f029205cd0a54 mes5/x86_64/xmlsec1-1.2.10-7.3mdvmes5.2.x86_64.rpm \n d07141a9abde87df9f330093acd2d59f mes5/SRPMS/xmlsec1-1.2.10-7.3mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFNmXaUmqjQ0CJFipgRAgs3AKCLIc162L+edW3LKFOx7G/U4GkynwCgpJ7j\nSEMdD/0Sj9XbDDepzFsOW3o=\n=Kuyv\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1425"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001622"
},
{
"db": "BID",
"id": "47135"
},
{
"db": "VULHUB",
"id": "VHN-49370"
},
{
"db": "PACKETSTORM",
"id": "100561"
},
{
"db": "PACKETSTORM",
"id": "101158"
},
{
"db": "PACKETSTORM",
"id": "100587"
},
{
"db": "PACKETSTORM",
"id": "99973"
},
{
"db": "PACKETSTORM",
"id": "129522"
},
{
"db": "PACKETSTORM",
"id": "100044"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-49370",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49370"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-1425",
"trust": 3.1
},
{
"db": "BID",
"id": "47135",
"trust": 2.2
},
{
"db": "SECUNIA",
"id": "43920",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "44167",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "44423",
"trust": 1.2
},
{
"db": "VUPEN",
"id": "ADV-2011-0855",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-1172",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0858",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-1010",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1025284",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001622",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201104-019",
"trust": 0.7
},
{
"db": "MLIST",
"id": "[XMLSEC] 20110331 NEW XMLSEC 1.2.17 RELEASE",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "16803",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "100561",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "100044",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "17993",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-72233",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-49370",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101158",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100587",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99973",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129522",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49370"
},
{
"db": "BID",
"id": "47135"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001622"
},
{
"db": "PACKETSTORM",
"id": "100561"
},
{
"db": "PACKETSTORM",
"id": "101158"
},
{
"db": "PACKETSTORM",
"id": "100587"
},
{
"db": "PACKETSTORM",
"id": "99973"
},
{
"db": "PACKETSTORM",
"id": "129522"
},
{
"db": "PACKETSTORM",
"id": "100044"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-019"
},
{
"db": "NVD",
"id": "CVE-2011-1425"
}
]
},
"id": "VAR-201104-0096",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-49370"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:09:49.850000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RHSA-2011:0486",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2011-0486.html"
},
{
"title": "Download_The latest stable XML Security Library version is 1.2.18",
"trust": 0.8,
"url": "http://www.aleksey.com/xmlsec/download.html"
},
{
"title": "New xmlsec 1.2.17 release",
"trust": 0.8,
"url": "http://www.aleksey.com/pipermail/xmlsec/2011/009120.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001622"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49370"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001622"
},
{
"db": "NVD",
"id": "CVE-2011-1425"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.aleksey.com/pipermail/xmlsec/2011/009120.html"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/47135"
},
{
"trust": 1.7,
"url": "http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780"
},
{
"trust": 1.7,
"url": "http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa"
},
{
"trust": 1.7,
"url": "http://trac.webkit.org/changeset/79159"
},
{
"trust": 1.7,
"url": "https://bugs.webkit.org/show_bug.cgi?id=52688"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=692133"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/43920"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2011/dsa-2219"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:063"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0486.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1025284"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/44167"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/44423"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0855"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/0858"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/1010"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2011/1172"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66506"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1425"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1425"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/16803"
},
{
"trust": 0.3,
"url": "http://www.aleksey.com/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100134942"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100151369"
},
{
"trust": 0.3,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.3,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.3,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1425"
},
{
"trust": 0.2,
"url": "http://secunia.com/research/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44423/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44423/"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2011-0486.html"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44423"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44167"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44167/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44167/"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/open_positions/reverse_engineer"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43920"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43920/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43920/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3259"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1791"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3374"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1785"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1793"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4493"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1760"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3257"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3365"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1787"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1791"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1785"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1814"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1784"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3257"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1788"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0721"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0007"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2471"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4111"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3812"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2473"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4577"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1815"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3259"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4370"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1812"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1951"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4198"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1814"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0904"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2526"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1792"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0482"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1144"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0778"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4578"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1572"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1786"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3255"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4023"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1815"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1787"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0905"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4111"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3367"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1782"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3389"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2526"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1807"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3389"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2901"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2472"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1784"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3374"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1780"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1790"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2524"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4204"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3255"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0465"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1780"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1783"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3813"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4197"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1097"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1793"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2901"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3366"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1072"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201412-09.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0727"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1812"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://store.mandriva.com/product_info.php?cpath=149\u0026amp;products_id=490"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49370"
},
{
"db": "BID",
"id": "47135"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001622"
},
{
"db": "PACKETSTORM",
"id": "100561"
},
{
"db": "PACKETSTORM",
"id": "101158"
},
{
"db": "PACKETSTORM",
"id": "100587"
},
{
"db": "PACKETSTORM",
"id": "99973"
},
{
"db": "PACKETSTORM",
"id": "129522"
},
{
"db": "PACKETSTORM",
"id": "100044"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-019"
},
{
"db": "NVD",
"id": "CVE-2011-1425"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-49370"
},
{
"db": "BID",
"id": "47135"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001622"
},
{
"db": "PACKETSTORM",
"id": "100561"
},
{
"db": "PACKETSTORM",
"id": "101158"
},
{
"db": "PACKETSTORM",
"id": "100587"
},
{
"db": "PACKETSTORM",
"id": "99973"
},
{
"db": "PACKETSTORM",
"id": "129522"
},
{
"db": "PACKETSTORM",
"id": "100044"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-019"
},
{
"db": "NVD",
"id": "CVE-2011-1425"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-49370"
},
{
"date": "2011-04-04T00:00:00",
"db": "BID",
"id": "47135"
},
{
"date": "2011-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001622"
},
{
"date": "2011-04-19T03:58:00",
"db": "PACKETSTORM",
"id": "100561"
},
{
"date": "2011-05-06T06:57:52",
"db": "PACKETSTORM",
"id": "101158"
},
{
"date": "2011-04-19T03:35:09",
"db": "PACKETSTORM",
"id": "100587"
},
{
"date": "2011-04-01T05:46:06",
"db": "PACKETSTORM",
"id": "99973"
},
{
"date": "2014-12-12T17:42:13",
"db": "PACKETSTORM",
"id": "129522"
},
{
"date": "2011-04-04T18:31:00",
"db": "PACKETSTORM",
"id": "100044"
},
{
"date": "2011-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201104-019"
},
{
"date": "2011-04-04T12:27:57.437000",
"db": "NVD",
"id": "CVE-2011-1425"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-49370"
},
{
"date": "2014-12-19T00:56:00",
"db": "BID",
"id": "47135"
},
{
"date": "2011-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001622"
},
{
"date": "2011-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201104-019"
},
{
"date": "2024-11-21T01:26:16.960000",
"db": "NVD",
"id": "CVE-2011-1425"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "100561"
},
{
"db": "PACKETSTORM",
"id": "100044"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-019"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WebKit Used in xslt.c Vulnerable to arbitrary file creation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001622"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201104-019"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.