Mandriva Linux Security Advisory : perl-XML-LibXML (MDVSA-2015:231)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Updated perl-XML-LibXML package fixes security vulnerability :

Tilmann Haak from xing.com discovered that XML::LibXML did not respect
the expand_entities parameter to disable processing of external
entities in some circumstances. This may allow attackers to gain read
access to otherwise protected ressources, depending on how the library
is used (CVE-2015-3451).

See also :

http://advisories.mageia.org/MGASA-2015-0199.html

Solution :

Update the affected perl-XML-LibXML package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 83284 ()

Bugtraq ID:

CVE ID: CVE-2015-3451

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now