Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
89
security advisorymoderateupdateFedora 37: FEDORA-2022-a6812b0224 Moderate: xmlsec1 Integer Overflow Fix
Update to 2.10.3 * Fix CVE-2022-40303 * Fix CVE-2022-40304. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-a6812b0224 2022-11-13 01:11:59.258299 --------------------------------------------------------------------------------Name : xmlsec1 Product : Fedora 37 Version : 1.2.34 Release : 4.fc37 URL : https://www.aleksey.com/xmlsec/ Summary : Library providing support for "XML Signature" and "XML Encryption" standards Description : XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption". --------------------------------------------------------------------------------Update Information: Update to 2.10.3 * Fix CVE-2022-40303 * Fix CVE-2022-40304 --------------------------------------------------------------------------------ChangeLog: * Mon Oct 24 2022 David King - 1.2.34-4 - Rebuild against libxml2 (#2136800) * Mon Oct 24 2022 David King - 1.2.34-3 - Rebuild against libxml2 (#2136800) --------------------------------------------------------------------------------References: [ 1 ] Bug #2119077 - libxml2-2.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2119077 [ 2 ] Bug #2136274 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2136274 [ 3 ] Bug #2136293 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2136293 [ 4 ] Bug #2136800 - openconnect fails due to missing symbol xmlIOFTPRead https://bugzilla.redhat.com/show_bug.cgi?id=2136800 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-a6812b0224' at thecommand line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 12, 2022
•Important
Fedora
89
security advisorycritical issueFedoraFedora 36: FEDORA-2022-aeafd24818 Critical: xmlsec1 Integer Overflows
Update to 2.10.3 * Fix CVE-2022-40303 * Fix CVE-2022-40304. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-aeafd24818 2022-10-25 13:12:34.597448 --------------------------------------------------------------------------------Name : xmlsec1 Product : Fedora 36 Version : 1.2.33 Release : 3.fc36 URL : https://www.aleksey.com/xmlsec/ Summary : Library providing support for "XML Signature" and "XML Encryption" standards Description : XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption". --------------------------------------------------------------------------------Update Information: Update to 2.10.3 * Fix CVE-2022-40303 * Fix CVE-2022-40304 --------------------------------------------------------------------------------ChangeLog: * Mon Oct 24 2022 David King - 1.2.33-3 - Rebuild against libxml2 (#2136800) --------------------------------------------------------------------------------References: [ 1 ] Bug #2119077 - libxml2-2.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2119077 [ 2 ] Bug #2136274 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2136274 [ 3 ] Bug #2136293 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2136293 [ 4 ] Bug #2136800 - openconnect fails due to missing symbol xmlIOFTPRead https://bugzilla.redhat.com/show_bug.cgi?id=2136800 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-aeafd24818' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 25, 2022
•Critical
Fedora
172
security advisorydenial of servicesecurity issueUbuntu 16.04 ESM USN-5674-1: Critical XML Library DoS Issue
XML Security Library could be made to crash if it opened a specially crafted file.. =========================================================================Ubuntu Security Notice USN-5674-1 October 13, 2022 xmlsec1 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: XML Security Library could be made to crash if it opened a specially crafted file. Software Description: - xmlsec1: XML security command line processor Details: It was discovered that XML Security Library incorrectly handled certain input documents. An attacker could possibly use this issue to obtain sensitive information or cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libxmlsec1 1.2.20-2ubuntu4+esm1 xmlsec1 1.2.20-2ubuntu4+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5674-1 CVE-2017-1000061 . A critical vulnerability exists in the XML Security Library on Ubuntu 16.04 ESM. It can lead to system crashes and data leakage, requiring immediate patching and assessments.. Ubuntu XML Security, xmlsec1 Fix, Denial of Service. . Severity: Critical. LinuxSecurity.com Team
Oct 13, 2022
•Critical
Ubuntu
203
security advisorydenial of serviceinformation disclosureMageia: High Risk of Denial Of Service in xmlsec1 Found 2020-0104
Updated xmlsec1 packages fix security vulnerability: It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion (XXE) along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP . MGASA-2020-0104 - Updated xmlsec1 packages fix security vulnerability Publication date: 26 Feb 2020 URL: https://advisories.mageia.org/MGASA-2020-0104.html Type: security Affected Mageia releases: 7 CVE: CVE-2017-1000061 Updated xmlsec1 packages fix security vulnerability: It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion (XXE) along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service (CVE-2017-1000061). References: - https://bugs.mageia.org/show_bug.cgi?id=26174 - https://lists.fedoraproject.org/archives/list/
Feb 26, 2020
Mageia
200
security advisorydoSinformation disclosureScientific Linux SL7: SLSA-2017:2492-1 Moderate: xmlsec1 DoS Risk
It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion (XXE) along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service. (CVE-2017-1000061) SL7 x86_64 xmlsec1-1.2.20-7.el7_4.i686.rpm xmlsec1-1.2.20-7.el7_4.x86_64.rpm xm [More...]. Synopsis: Moderate: xmlsec1 security update Advisory ID: SLSA-2017:2492-1 Issue Date: 2017-08-21 CVE Numbers: CVE-2017-1000061 -- Security Fix(es): * It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion (XXE) along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service. (CVE-2017-1000061) -- SL7 x86_64 xmlsec1-1.2.20-7.el7_4.i686.rpm xmlsec1-1.2.20-7.el7_4.x86_64.rpm xmlsec1-debuginfo-1.2.20-7.el7_4.i686.rpm xmlsec1-debuginfo-1.2.20-7.el7_4.x86_64.rpm xmlsec1-openssl-1.2.20-7.el7_4.i686.rpm xmlsec1-openssl-1.2.20-7.el7_4.x86_64.rpm xmlsec1-devel-1.2.20-7.el7_4.i686.rpm xmlsec1-devel-1.2.20-7.el7_4.x86_64.rpm xmlsec1-gcrypt-1.2.20-7.el7_4.i686.rpm xmlsec1-gcrypt-1.2.20-7.el7_4.x86_64.rpm xmlsec1-gcrypt-devel-1.2.20-7.el7_4.i686.rpm xmlsec1-gcrypt-devel-1.2.20-7.el7_4.x86_64.rpm xmlsec1-gnutls-1.2.20-7.el7_4.i686.rpm xmlsec1-gnutls-1.2.20-7.el7_4.x86_64.rpm xmlsec1-gnutls-devel-1.2.20-7.el7_4.i686.rpm xmlsec1-gnutls-devel-1.2.20-7.el7_4.x86_64.rpm xmlsec1-nss-1.2.20-7.el7_4.i686.rpm xmlsec1-nss-1.2.20-7.el7_4.x86_64.rpm xmlsec1-nss-devel-1.2.20-7.el7_4.i686.rpm xmlsec1-nss-devel-1.2.20-7.el7_4.x86_64.rpm xmlsec1-openssl-devel-1.2.20-7.el7_4.i686.rpm xmlsec1-openssl-devel-1.2.20-7.el7_4.x86_64.rpm - Scientific Linux Development Team . A recent xmlsec1 update for Scientific Linux mitigates vulnerabilities related to external entity expansion thatcould result in data leakage.. xmlsec1, Scientific Linux, libxml2 security, external entity vulnerability, DoS risk. . LinuxSecurity.com Team
Aug 21, 2017
Scientific Linux
200
security advisorymoderateupdateScientific Linux: Moderate Xmlsec1 Update For i386/x86_64 Systems
Moderate: xmlsec1 security and bug fix update. Date: Thu, 5 May 2011 16:05:30 -0500 Reply-To:
May 05, 2011
•Important
Scientific Linux
98
security advisorysecurity fixRed Hat Enterprise LinuxRed Hat Enterprise Linux: RHSA-2011-0486 moderate: xmlsec1 file creation
Updated xmlsec1 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: xmlsec1 security and bug fix update Advisory ID: RHSA-2011:0486-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:0486.html Issue date: 2011-05-04 CVE Names: CVE-2011-1425 ==================================================================== 1. Summary: Updated xmlsec1 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The XML Security Library is a C library based on libxml2 and OpenSSL that implements the XML Digital Signature and XML Encryption standards. A flaw was found in the way xmlsec1 handled XML files that contain an XSLT transformation specification. A specially-crafted XML file could cause xmlsec1 to create or overwrite an arbitrary file while performing the verification of afile's digital signature. (CVE-2011-1425) Red Hat would like to thank Nicolas Grégoire and Aleksey Sanin for reporting this issue. This update also fixes the following bug: * xmlsec1 previously used an incorrect search path when searching for crypto plug-in libraries, possibly trying to access such libraries using a relative path. (BZ#558480, BZ#700467) Users of xmlsec1 should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all running applications that use the xmlsec1 library must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 558480 - xmlsec1: bogus lt_dlopen() search path [rhel-4] 692133 - CVE-2011-1425 xmlsec1: arbitrary file creation when verifying signatures 700467 - xmlsec1: bogus lt_dlopen() search path [rhel-5] 6. Package List: Red Hat Enterprise Linux AS version4: Source: i386: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-devel-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-devel-1.2.6-3.2.i386.rpm ia64: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-1.2.6-3.2.ia64.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.ia64.rpm xmlsec1-devel-1.2.6-3.2.ia64.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.ia64.rpm xmlsec1-openssl-devel-1.2.6-3.2.ia64.rpm ppc: xmlsec1-1.2.6-3.2.ppc.rpm xmlsec1-1.2.6-3.2.ppc64.rpm xmlsec1-debuginfo-1.2.6-3.2.ppc.rpm xmlsec1-debuginfo-1.2.6-3.2.ppc64.rpm xmlsec1-devel-1.2.6-3.2.ppc.rpm xmlsec1-openssl-1.2.6-3.2.ppc.rpm xmlsec1-openssl-1.2.6-3.2.ppc64.rpm xmlsec1-openssl-devel-1.2.6-3.2.ppc.rpm s390: xmlsec1-1.2.6-3.2.s390.rpm xmlsec1-debuginfo-1.2.6-3.2.s390.rpm xmlsec1-devel-1.2.6-3.2.s390.rpm xmlsec1-openssl-1.2.6-3.2.s390.rpm xmlsec1-openssl-devel-1.2.6-3.2.s390.rpm s390x: xmlsec1-1.2.6-3.2.s390.rpm xmlsec1-1.2.6-3.2.s390x.rpm xmlsec1-debuginfo-1.2.6-3.2.s390.rpm xmlsec1-debuginfo-1.2.6-3.2.s390x.rpm xmlsec1-devel-1.2.6-3.2.s390x.rpm xmlsec1-openssl-1.2.6-3.2.s390.rpm xmlsec1-openssl-1.2.6-3.2.s390x.rpm xmlsec1-openssl-devel-1.2.6-3.2.s390x.rpm x86_64: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-1.2.6-3.2.x86_64.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.x86_64.rpm xmlsec1-devel-1.2.6-3.2.x86_64.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.x86_64.rpm xmlsec1-openssl-devel-1.2.6-3.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-devel-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-devel-1.2.6-3.2.i386.rpm x86_64: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-1.2.6-3.2.x86_64.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.x86_64.rpm xmlsec1-devel-1.2.6-3.2.x86_64.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.x86_64.rpm xmlsec1-openssl-devel-1.2.6-3.2.x86_64.rpm Red Hat EnterpriseLinux ES version 4: Source: i386: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-devel-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-devel-1.2.6-3.2.i386.rpm ia64: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-1.2.6-3.2.ia64.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.ia64.rpm xmlsec1-devel-1.2.6-3.2.ia64.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.ia64.rpm xmlsec1-openssl-devel-1.2.6-3.2.ia64.rpm x86_64: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-1.2.6-3.2.x86_64.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.x86_64.rpm xmlsec1-devel-1.2.6-3.2.x86_64.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.x86_64.rpm xmlsec1-openssl-devel-1.2.6-3.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-devel-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-devel-1.2.6-3.2.i386.rpm ia64: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-1.2.6-3.2.ia64.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.ia64.rpm xmlsec1-devel-1.2.6-3.2.ia64.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.ia64.rpm xmlsec1-openssl-devel-1.2.6-3.2.ia64.rpm x86_64: xmlsec1-1.2.6-3.2.i386.rpm xmlsec1-1.2.6-3.2.x86_64.rpm xmlsec1-debuginfo-1.2.6-3.2.i386.rpm xmlsec1-debuginfo-1.2.6-3.2.x86_64.rpm xmlsec1-devel-1.2.6-3.2.x86_64.rpm xmlsec1-openssl-1.2.6-3.2.i386.rpm xmlsec1-openssl-1.2.6-3.2.x86_64.rpm xmlsec1-openssl-devel-1.2.6-3.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5client): Source: i386: xmlsec1-1.2.9-8.1.2.i386.rpm xmlsec1-debuginfo-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-1.2.9-8.1.2.i386.rpm xmlsec1-nss-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-1.2.9-8.1.2.i386.rpm x86_64: xmlsec1-1.2.9-8.1.2.i386.rpm xmlsec1-1.2.9-8.1.2.x86_64.rpm xmlsec1-debuginfo-1.2.9-8.1.2.i386.rpm xmlsec1-debuginfo-1.2.9-8.1.2.x86_64.rpm xmlsec1-gnutls-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-1.2.9-8.1.2.x86_64.rpm xmlsec1-nss-1.2.9-8.1.2.i386.rpm xmlsec1-nss-1.2.9-8.1.2.x86_64.rpm xmlsec1-openssl-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-1.2.9-8.1.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: xmlsec1-debuginfo-1.2.9-8.1.2.i386.rpm xmlsec1-devel-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.i386.rpm xmlsec1-nss-devel-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.i386.rpm x86_64: xmlsec1-debuginfo-1.2.9-8.1.2.i386.rpm xmlsec1-debuginfo-1.2.9-8.1.2.x86_64.rpm xmlsec1-devel-1.2.9-8.1.2.i386.rpm xmlsec1-devel-1.2.9-8.1.2.x86_64.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.x86_64.rpm xmlsec1-nss-devel-1.2.9-8.1.2.i386.rpm xmlsec1-nss-devel-1.2.9-8.1.2.x86_64.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: xmlsec1-1.2.9-8.1.2.i386.rpm xmlsec1-debuginfo-1.2.9-8.1.2.i386.rpm xmlsec1-devel-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.i386.rpm xmlsec1-nss-1.2.9-8.1.2.i386.rpm xmlsec1-nss-devel-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.i386.rpm ia64: xmlsec1-1.2.9-8.1.2.ia64.rpm xmlsec1-debuginfo-1.2.9-8.1.2.ia64.rpm xmlsec1-devel-1.2.9-8.1.2.ia64.rpm xmlsec1-gnutls-1.2.9-8.1.2.ia64.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.ia64.rpm xmlsec1-nss-1.2.9-8.1.2.ia64.rpm xmlsec1-nss-devel-1.2.9-8.1.2.ia64.rpm xmlsec1-openssl-1.2.9-8.1.2.ia64.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.ia64.rpm ppc: xmlsec1-1.2.9-8.1.2.ppc.rpm xmlsec1-1.2.9-8.1.2.ppc64.rpm xmlsec1-debuginfo-1.2.9-8.1.2.ppc.rpm xmlsec1-debuginfo-1.2.9-8.1.2.ppc64.rpm xmlsec1-devel-1.2.9-8.1.2.ppc.rpm xmlsec1-devel-1.2.9-8.1.2.ppc64.rpm xmlsec1-gnutls-1.2.9-8.1.2.ppc.rpm xmlsec1-gnutls-1.2.9-8.1.2.ppc64.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.ppc.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.ppc64.rpm xmlsec1-nss-1.2.9-8.1.2.ppc.rpm xmlsec1-nss-1.2.9-8.1.2.ppc64.rpm xmlsec1-nss-devel-1.2.9-8.1.2.ppc.rpm xmlsec1-nss-devel-1.2.9-8.1.2.ppc64.rpm xmlsec1-openssl-1.2.9-8.1.2.ppc.rpm xmlsec1-openssl-1.2.9-8.1.2.ppc64.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.ppc.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.ppc64.rpm s390x: xmlsec1-1.2.9-8.1.2.s390.rpm xmlsec1-1.2.9-8.1.2.s390x.rpm xmlsec1-debuginfo-1.2.9-8.1.2.s390.rpm xmlsec1-debuginfo-1.2.9-8.1.2.s390x.rpm xmlsec1-devel-1.2.9-8.1.2.s390.rpm xmlsec1-devel-1.2.9-8.1.2.s390x.rpm xmlsec1-gnutls-1.2.9-8.1.2.s390.rpm xmlsec1-gnutls-1.2.9-8.1.2.s390x.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.s390.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.s390x.rpm xmlsec1-nss-1.2.9-8.1.2.s390.rpm xmlsec1-nss-1.2.9-8.1.2.s390x.rpm xmlsec1-nss-devel-1.2.9-8.1.2.s390.rpm xmlsec1-nss-devel-1.2.9-8.1.2.s390x.rpm xmlsec1-openssl-1.2.9-8.1.2.s390.rpm xmlsec1-openssl-1.2.9-8.1.2.s390x.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.s390.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.s390x.rpm x86_64: xmlsec1-1.2.9-8.1.2.i386.rpm xmlsec1-1.2.9-8.1.2.x86_64.rpm xmlsec1-debuginfo-1.2.9-8.1.2.i386.rpm xmlsec1-debuginfo-1.2.9-8.1.2.x86_64.rpm xmlsec1-devel-1.2.9-8.1.2.i386.rpm xmlsec1-devel-1.2.9-8.1.2.x86_64.rpm xmlsec1-gnutls-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-1.2.9-8.1.2.x86_64.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.i386.rpm xmlsec1-gnutls-devel-1.2.9-8.1.2.x86_64.rpm xmlsec1-nss-1.2.9-8.1.2.i386.rpm xmlsec1-nss-1.2.9-8.1.2.x86_64.rpm xmlsec1-nss-devel-1.2.9-8.1.2.i386.rpm xmlsec1-nss-devel-1.2.9-8.1.2.x86_64.rpm xmlsec1-openssl-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-1.2.9-8.1.2.x86_64.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.i386.rpm xmlsec1-openssl-devel-1.2.9-8.1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2011-1425 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNwe6nXlSAg2UNWIIRAt03AJ9kIXZ9pSJD2MQvjEbjQf1frXFAWACgrV8L d75lCKqCYRNa7Kms5qwLLAc=5V8A -----END PGP SIGNATURE----- . xmlsec1 distributions for Red Hat address important security vulnerabilities and fix numerous bugs, affecting several OS versions. Discover more details.. xmlsec1 Security Update, Red Hat Advisory, Security Impact. . LinuxSecurity.com Team
May 05, 2011
Red Hat
98
security advisorysecurity issueRed HatRed Hat: 2011:0486-01 Moderate: Xmlsec1 Security Bug Fix Update
Updated xmlsec1 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: xmlsec1 security and bug fix update Advisory ID: RHSA-2011:0486-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:0486.html Issue date: 2011-05-04 CVE Names: CVE-2011-1425 ==================================================================== 1. Summary: Updated xmlsec1 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The XML Security Library is a C library based on libxml2 and OpenSSL that implements the XML Digital Signature and XML Encryption standards. A flaw was found in the way xmlsec1 handled XML files that contain an XSLT transformation specification. A specially-crafted XML file could cause xmlsec1 to create or overwrite an arbitrary file while performing the verification of a file's digital signature. (CVE-2011-1425) Red Hat would like to thank Nicolas Gr . Cautionary update for xmlsec1package addresses vulnerabilities on Red Hat Enterprise Linux 4 and 5 platforms.. xmlsec1 update, Red Hat advisory, security issue fix. . LinuxSecurity.com Team
May 04, 2011
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!