Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2016.0033 A vulnerability has been identified in the Tenable Log Correlation Engine 29 March 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Tenable Log Correlation Engine Operating System: Red Hat CentOS Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2015-8035 Member content until: Thursday, April 28 2016 Reference: ESB-2015.3240 OVERVIEW A vulnerability has been identified in the Tenable Log Correlation Engine prior to version 4.8.0. [1] IMPACT The vendor has provided the following information: "CVE-2015-8035 - Libxml2 contains an infinite loop condition in the xz_decomp() function in xzlib.c that is triggered when handling xz compressed XML content. This may allow a context-dependent attacker to exhaust available system resources." [1] MITIGATION The vendor recommends updating to the latest version. [1] REFERENCES [1] [R1] Log Correlation Engine (LCE) 4.8.0 Updates Libxml2 http://www.tenable.com/security/tns-2016-06 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVvocxH6ZAP0PgtI9AQIzHQ//QHwLb+hcBEGN7cQkkU7TxaAL9q94jrv+ 6Uu2fnb9db+FdCcvBGRi22qgNo4PleujVITpgv0uEjRiL2M95Mc+fzs6vfDM24wA bewQDHgrlHlmTfLu8MCWI+5opSnyBtKd2219W34Sd0OhsmIFtbdzEqvBpeQMo+dK 86WWjJl13GOhhjkckQGut5t9T8WIibv1MHXRHukRypM5yFDFb7C8bexPen7F9TYw 8+o+q2zruYSG1mYvlEjjjeyfGc82+h5Flyul3OarwIL1BQl7chlnBJ8x8IyKp/J+ ltyh1Ve0llsFe+cFjc6Ym1OJiA9Ll06on1tOQnF/cjS1hegzHwhlkikQUyqrwgM1 AX6CT8L///eklgGElrEBHlEeTnQ0Fc8dABR6HghQ3TOnaq2vOf2/slDrJ1VguMln auu6hshniTQwmtXu+dYyipvbSdo8fYp/SkV2qilvZhHFVhN/tNFQxAQeELelcj2y fR0JswZgJvycAx+K8KOJmNIrpGQeayXfFlNICCHQXrz2Oq43vFNeI2IzTbpImBnD 2GdAGUKt6/8iyq1j9559Ya+9s//HGBf8Yd8vhCoBlKJQWsvp3PC17RHo9bO76lSY 5EflmhZKhMTf3Mt9VUwPqTJDWg0Q9p8fFMgo0Uj69kENcwBq4McMufGonV3dQyyo J5UDxEFHFRs= =lPh3 -----END PGP SIGNATURE-----