Debian DSA-5318-1 : lava – security update
Discription

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5318 advisory.

– In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. (CVE-2022-44641)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More

Back to Main

Subscribe for the latest news: