Scientific Linux Security Update : xmlsec1 on SL4.x, SL5.x i386/x86_64
Medium Nessus Plugin ID 61032
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA flaw was found in the way xmlsec1 handled XML files that contain an XSLT transformation specification. A specially crafted XML file could cause xmlsec1 to create or overwrite an arbitrary file while performing the verification of a file's digital signature.
After installing the update, all running applications that use the xmlsec1 library must be restarted for the update to take effect.
SolutionUpdate the affected packages.