Scientific Linux Security Update : raptor on SL6.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Raptor provides parsers for Resource Description Framework (RDF)
files.

An XML External Entity expansion flaw was found in the way Raptor
processed RDF files. If an application linked against Raptor were to
open a specially-crafted RDF file, it could possibly allow a remote
attacker to obtain a copy of an arbitrary local file that the user
running the application had access to. A bug in the way Raptor handled
external entities could cause that application to crash or, possibly,
execute arbitrary code with the privileges of the user running the
application. (CVE-2012-0037)

All Raptor users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. All running
applications linked against Raptor must be restarted for this update
to take effect.

See also :

http://www.nessus.org/u?7bbd6f62

Solution :

Update the affected raptor, raptor-debuginfo and / or raptor-devel
packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 61288 ()

Bugtraq ID:

CVE ID: CVE-2012-0037