/[advisories]/10563.adv
ViewVC logotype

Contents of /10563.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 122 - (show annotations) (download)
Mon Jul 1 19:11:43 2013 UTC (4 years, 5 months ago) by boklm
File size: 1520 byte(s)
MGASA-2013-0193
1 type: security
2 subject: Updated xml-security-c package fixes multiple security vulnerabilities
3 CVE:
4 - CVE-2013-2153
5 - CVE-2013-2154
6 - CVE-2013-2155
7 - CVE-2013-2156
8 - CVE-2013-2210
9 src:
10 2:
11 core:
12 - xml-security-c-1.6.1-1.2.mga2
13 3:
14 core:
15 - xml-security-c-1.7.0-2.2.mga3
16 description: |
17 The implementation of XML digital signatures in the Santuario-C++ library
18 is vulnerable to a spoofing issue allowing an attacker to reuse existing
19 signatures with arbitrary content (CVE-2013-2153).
20
21 A stack overflow, possibly leading to arbitrary code execution, exists in
22 the processing of malformed XPointer expressions in the XML Signature
23 Reference processing code (CVE-2013-2154).
24
25 A bug in the processing of the output length of an HMAC-based XML
26 Signature would cause a denial of service when processing specially chosen
27 input (CVE-2013-2155).
28
29 A heap overflow exists in the processing of the PrefixList attribute
30 optionally used in conjunction with Exclusive Canonicalization, potentially
31 allowing arbitrary code execution (CVE-2013-2156).
32
33 The attempted fix to address CVE-2013-2154 introduced the possibility of a
34 heap overflow, possibly leading to arbitrary code execution, in the
35 processing of malformed XPointer expressions in the XML Signature Reference
36 processing code (CVE-2013-2210).
37 references:
38 - http://santuario.apache.org/secadv.html
39 - http://www.debian.org/security/2013/dsa-2710
40 - https://bugs.mageia.org/show_bug.cgi?id=10563
41 ID: MGASA-2013-0193

  ViewVC Help
Powered by ViewVC 1.1.26