Scientific Linux Security Update : xmlsec1 on SL7.x x86_64

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security Fix(es) :

- It was discovered xmlsec1's use of libxml2 inadvertently
enabled external entity expansion (XXE) along with
validation. An attacker could craft an XML file that
would cause xmlsec1 to try and read local files or
HTTP/FTP URLs, leading to information disclosure or
denial of service. (CVE-2017-1000061)

See also :

http://www.nessus.org/u?075bd29d

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 102677 ()

Bugtraq ID:

CVE ID: CVE-2017-1000061

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now