Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2016.0033
A vulnerability has been identified in the Tenable Log Correlation Engine
29 March 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Tenable Log Correlation Engine
Operating System: Red Hat
CentOS
Impact/Access: Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2015-8035
Member content until: Thursday, April 28 2016
Reference: ESB-2015.3240
OVERVIEW
A vulnerability has been identified in the Tenable Log Correlation
Engine prior to version 4.8.0. [1]
IMPACT
The vendor has provided the following information:
"CVE-2015-8035 - Libxml2 contains an infinite loop condition in the
xz_decomp() function in xzlib.c that is triggered when handling xz
compressed XML content. This may allow a context-dependent attacker
to exhaust available system resources." [1]
MITIGATION
The vendor recommends updating to the latest version. [1]
REFERENCES
[1] [R1] Log Correlation Engine (LCE) 4.8.0 Updates Libxml2
http://www.tenable.com/security/tns-2016-06
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVvocxH6ZAP0PgtI9AQIzHQ//QHwLb+hcBEGN7cQkkU7TxaAL9q94jrv+
6Uu2fnb9db+FdCcvBGRi22qgNo4PleujVITpgv0uEjRiL2M95Mc+fzs6vfDM24wA
bewQDHgrlHlmTfLu8MCWI+5opSnyBtKd2219W34Sd0OhsmIFtbdzEqvBpeQMo+dK
86WWjJl13GOhhjkckQGut5t9T8WIibv1MHXRHukRypM5yFDFb7C8bexPen7F9TYw
8+o+q2zruYSG1mYvlEjjjeyfGc82+h5Flyul3OarwIL1BQl7chlnBJ8x8IyKp/J+
ltyh1Ve0llsFe+cFjc6Ym1OJiA9Ll06on1tOQnF/cjS1hegzHwhlkikQUyqrwgM1
AX6CT8L///eklgGElrEBHlEeTnQ0Fc8dABR6HghQ3TOnaq2vOf2/slDrJ1VguMln
auu6hshniTQwmtXu+dYyipvbSdo8fYp/SkV2qilvZhHFVhN/tNFQxAQeELelcj2y
fR0JswZgJvycAx+K8KOJmNIrpGQeayXfFlNICCHQXrz2Oq43vFNeI2IzTbpImBnD
2GdAGUKt6/8iyq1j9559Ya+9s//HGBf8Yd8vhCoBlKJQWsvp3PC17RHo9bO76lSY
5EflmhZKhMTf3Mt9VUwPqTJDWg0Q9p8fFMgo0Uj69kENcwBq4McMufGonV3dQyyo
J5UDxEFHFRs=
=lPh3
-----END PGP SIGNATURE-----