Mandriva Linux Security Advisory : raptor (MDVSA-2012:061)

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

An XML External Entity expansion flaw was found in the way Raptor
processed RDF files. If an application linked against Raptor were to
open a specially crafted RDF file, it could possibly allow a remote
attacker to obtain a copy of an arbitrary local file that the user
running the application had access to. A bug in the way Raptor handled
external entities could cause that application to crash or, possibly,
execute arbitrary code with the privileges of the user running the
application (CVE-2012-0037).

The updated packages have been patched to correct this issue.

raptor2 for Mandriva Linux 2011 has been upgraded to the 2.0.7 version
which is not vulnerable to this issue.

See also :

http://www.libreoffice.org/advisories/CVE-2012-0037/

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 58830 ()

Bugtraq ID:

CVE ID: CVE-2012-0037

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now