Mandriva Update For Xmlsec1 MDVSA-2011:063 (xmlsec1) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered and corrected in xmlsec1: xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification (CVE-2011-1425). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp amp products_id=490 The updated packages have been patched to correct this issue.

Affected

xmlsec1 on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2011-1425

CVSS	Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:119 (kernel)
Mandrake Security Advisory MDVSA-2009:145 (php)
Mandrake Security Advisory MDVSA-2009:056 (net-snmp)
Mandrake Security Advisory MDVSA-2009:122 (squirrelmail)
Mandrake Security Advisory MDVSA-2009:163 (tomcat5)

Mandriva Update for xmlsec1 MDVSA-2011:063 (xmlsec1)

Take action and discover your vulnerabilities