This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
A vulnerability has been discovered and corrected in libxslt :
The XSL implementation in libxslt allows remote attackers to cause a
denial of service (incorrect read operation) via unspecified vectors
libxslt 1.1.26 and earlier does not properly manage memory, which
might allow remote attackers to cause a denial of service (application
crash) via a crafted XSLT expression that is not properly identified
during XPath navigation, related to (1) the
xsltCompileLocationPathPattern function in libxslt/pattern.c and (2)
the xsltGenerateIdFunction function in libxslt/functions.c
libxml2 2.9.0-rc1 and earlier does not properly support a cast of an
unspecified variable during handling of XSL transforms, which allows
remote attackers to cause a denial of service or possibly have unknown
other impact via a crafted document, related to the _xmlNs data
structure in include/libxml/tree.h (CVE-2012-2871).
Double free vulnerability in libxslt allows remote attackers to cause
a denial of service or possibly have unspecified other impact via
vectors related to XSL transforms (CVE-2012-2893).
The updated packages have been patched to correct these issues.
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false