This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been discovered and corrected in
A denial of service flaw was found in the way libxml2, a library
providing support to read, modify and write XML and HTML files,
performed string substitutions when entity values for external entity
references replacement (--noent option) was requested / enabled during
the XML file parsing. A remote attacker could provide a specially
crafted XML file containing an external entity expansion, when
processed would lead to excessive CPU consumption (denial of service)
(CVE-2013-0339). This a different flaw from CVE-2013-0338.
parser.c in libxml2 before 2.9.0, as used in Google Chrome before
28.0.1500.71 and other products, allows remote attackers to cause a
denial of service (out-of-bounds read) via a document that ends
abruptly, related to the lack of certain checks for the XML_PARSER_EOF
The updated packages have been patched to correct these issues.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false
Family: Mandriva Local Security Checks
Nessus Plugin ID: 69053 ()
Bugtraq ID: 5900061050
CVE ID: CVE-2013-0339CVE-2013-2877
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.