[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ MDVSA-2009:200 ] libxml



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:200
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libxml
 Date    : August 12, 2009
 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
           Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in libxml:
 
 Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26,
 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent
 attackers to cause a denial of service (application crash) via a
 large depth of element declarations in a DTD, related to a function
 recursion, as demonstrated by the Codenomicon XML fuzzing framework
 (CVE-2009-2414).
 
 Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16,
 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent
 attackers to cause a denial of service (application crash) via crafted
 (1) Notation or (2) Enumeration attribute types in an XML file, as
 demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416).
 
 This update provides a solution to these vulnerabilities.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 ec71ff138073a7cf353bcce7625fa34d  
2008.1/i586/libxml1-1.8.17-12.1mdv2008.1.i586.rpm
 e874ff3d0080218acabe7643feda81c1  
2008.1/i586/libxml1-devel-1.8.17-12.1mdv2008.1.i586.rpm
 5c1a0ccdee2b9aeeb1f5e5fa7de6057f  
2008.1/i586/libxml2_2-2.6.31-1.5mdv2008.1.i586.rpm
 32ea7ae22fa685a4cb0c587bfd4b3b36  
2008.1/i586/libxml2-devel-2.6.31-1.5mdv2008.1.i586.rpm
 10760afdcf20e4dde32e6c8a4e5a867c  
2008.1/i586/libxml2-python-2.6.31-1.5mdv2008.1.i586.rpm
 3d1a814b0a0bc21c979b7f00700e8a18  
2008.1/i586/libxml2-utils-2.6.31-1.5mdv2008.1.i586.rpm 
 3d147ed8f8dc4339052b01d8946308cb  
2008.1/SRPMS/libxml-1.8.17-12.1mdv2008.1.src.rpm
 5a6196a9d7fca0125dd92476760a53c9  
2008.1/SRPMS/libxml2-2.6.31-1.5mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 de2508e271af10e169bd60c0ae274648  
2008.1/x86_64/lib64xml1-1.8.17-12.1mdv2008.1.x86_64.rpm
 f2abb57de6c2e31cc04c874f767557bf  
2008.1/x86_64/lib64xml1-devel-1.8.17-12.1mdv2008.1.x86_64.rpm
 aa7298bebadbf3741dd326ffecd0a6bd  
2008.1/x86_64/lib64xml2_2-2.6.31-1.5mdv2008.1.x86_64.rpm
 794046be2a350c7cc21619744d564ea4  
2008.1/x86_64/lib64xml2-devel-2.6.31-1.5mdv2008.1.x86_64.rpm
 06e24a5e289dfdb2f9be2ff3a5e9aeb0  
2008.1/x86_64/libxml2-python-2.6.31-1.5mdv2008.1.x86_64.rpm
 51e387ead59ad68fa412084db153b797  
2008.1/x86_64/libxml2-utils-2.6.31-1.5mdv2008.1.x86_64.rpm 
 3d147ed8f8dc4339052b01d8946308cb  
2008.1/SRPMS/libxml-1.8.17-12.1mdv2008.1.src.rpm
 5a6196a9d7fca0125dd92476760a53c9  
2008.1/SRPMS/libxml2-2.6.31-1.5mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 15cf90933e50a77a9ff0d6df4d6afd22  
2009.0/i586/libxml1-1.8.17-14.1mdv2009.0.i586.rpm
 b0f916f0450d5f6b87592258501fd51f  
2009.0/i586/libxml1-devel-1.8.17-14.1mdv2009.0.i586.rpm
 7ca430bbb84e7b81c00a324b238e68c2  
2009.0/i586/libxml2_2-2.7.1-1.4mdv2009.0.i586.rpm
 77bcc5c9d205655e0612394e5d046481  
2009.0/i586/libxml2-devel-2.7.1-1.4mdv2009.0.i586.rpm
 2fba8076ef0f6625eab5eedea5991d23  
2009.0/i586/libxml2-python-2.7.1-1.4mdv2009.0.i586.rpm
 a2e954480d6b7871bd01e897f896a789  
2009.0/i586/libxml2-utils-2.7.1-1.4mdv2009.0.i586.rpm 
 0bbeefea1851b41c678106bfa2a6bdd3  
2009.0/SRPMS/libxml-1.8.17-14.1mdv2009.0.src.rpm
 df446d9556752356d368c823e7363cf0  
2009.0/SRPMS/libxml2-2.7.1-1.4mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 4b2016588f0a6ad13fc41f1a2055eea6  
2009.0/x86_64/lib64xml1-1.8.17-14.1mdv2009.0.x86_64.rpm
 7d7625200234b3158011d1a1e762b0f6  
2009.0/x86_64/lib64xml1-devel-1.8.17-14.1mdv2009.0.x86_64.rpm
 1363994d60c9eae163bcba6b0cfbadc1  
2009.0/x86_64/lib64xml2_2-2.7.1-1.4mdv2009.0.x86_64.rpm
 79b90aeb82f98ddde58c15a49637a527  
2009.0/x86_64/lib64xml2-devel-2.7.1-1.4mdv2009.0.x86_64.rpm
 6fc40c41bbeb817906dbbd56aa64b022  
2009.0/x86_64/libxml2-python-2.7.1-1.4mdv2009.0.x86_64.rpm
 dfba70e56b5ece2fa5a0104aa45ac3b9  
2009.0/x86_64/libxml2-utils-2.7.1-1.4mdv2009.0.x86_64.rpm 
 0bbeefea1851b41c678106bfa2a6bdd3  
2009.0/SRPMS/libxml-1.8.17-14.1mdv2009.0.src.rpm
 df446d9556752356d368c823e7363cf0  
2009.0/SRPMS/libxml2-2.7.1-1.4mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 786f12149d425965e793b72a0ea290a1  
2009.1/i586/libxml1-1.8.17-14.1mdv2009.1.i586.rpm
 5773e74ebcb040245db8f30f4612e4f6  
2009.1/i586/libxml1-devel-1.8.17-14.1mdv2009.1.i586.rpm
 8c8dde768de51eeec2a6a99da8ba7946  
2009.1/i586/libxml2_2-2.7.3-2.1mdv2009.1.i586.rpm
 a95e30fef1398f0ed167dbac5eaf1a5e  
2009.1/i586/libxml2-devel-2.7.3-2.1mdv2009.1.i586.rpm
 924f37d6815c5f8e32e6e2c46c8c0aff  
2009.1/i586/libxml2-python-2.7.3-2.1mdv2009.1.i586.rpm
 210210942796703d0ef005c85638dbae  
2009.1/i586/libxml2-utils-2.7.3-2.1mdv2009.1.i586.rpm 
 bd1a66810023d2522563232c22ad1647  
2009.1/SRPMS/libxml-1.8.17-14.1mdv2009.1.src.rpm
 90caf02b9ee30ed7459e295fffb428be  
2009.1/SRPMS/libxml2-2.7.3-2.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 0d6c814f92faba670d21a8a725b6b155  
2009.1/x86_64/lib64xml1-1.8.17-14.1mdv2009.1.x86_64.rpm
 5391b1885f9e6465c7b9883c1d47865a  
2009.1/x86_64/lib64xml1-devel-1.8.17-14.1mdv2009.1.x86_64.rpm
 4ea44f9c3b952a778ca9e7115bad4e20  
2009.1/x86_64/lib64xml2_2-2.7.3-2.1mdv2009.1.x86_64.rpm
 3461436d0f68ff3d380516e855f59023  
2009.1/x86_64/lib64xml2-devel-2.7.3-2.1mdv2009.1.x86_64.rpm
 293f1ce76f6f0b61d5db6b71091c845d  
2009.1/x86_64/libxml2-python-2.7.3-2.1mdv2009.1.x86_64.rpm
 c31155abb3cd4f0c2bbfa434f15c1f89  
2009.1/x86_64/libxml2-utils-2.7.3-2.1mdv2009.1.x86_64.rpm 
 bd1a66810023d2522563232c22ad1647  
2009.1/SRPMS/libxml-1.8.17-14.1mdv2009.1.src.rpm
 90caf02b9ee30ed7459e295fffb428be  
2009.1/SRPMS/libxml2-2.7.3-2.1mdv2009.1.src.rpm

 Corporate 3.0:
 55bea4ed1ccf8998329695d214eed3f4  
corporate/3.0/i586/libxml1-1.8.17-6.2.C30mdk.i586.rpm
 6cdf4ccf8bbf8489aa6b6c083de9866f  
corporate/3.0/i586/libxml1-devel-1.8.17-6.2.C30mdk.i586.rpm
 90226f7c8ca6fc5753d4f5c5a45bc9f9  
corporate/3.0/i586/libxml2-2.6.6-1.7.C30mdk.i586.rpm
 baf476404ec5b46b4b9a516f252c62e2  
corporate/3.0/i586/libxml2-devel-2.6.6-1.7.C30mdk.i586.rpm
 1fdb4e516be71162eb67c74503eb8d64  
corporate/3.0/i586/libxml2-python-2.6.6-1.7.C30mdk.i586.rpm
 1b881370a164f8014609bcc9855713c5  
corporate/3.0/i586/libxml2-utils-2.6.6-1.7.C30mdk.i586.rpm 
 d5e6e7048b60eb9cca4c171158409e7b  
corporate/3.0/SRPMS/libxml-1.8.17-6.2.C30mdk.src.rpm
 a13bb44f2221d5de604c9500132b2e64  
corporate/3.0/SRPMS/libxml2-2.6.6-1.7.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 c5f6cb81379099eb5d8254f42a5db4ef  
corporate/3.0/x86_64/lib64xml1-1.8.17-6.2.C30mdk.x86_64.rpm
 ae08e3b1320fd49d1d41f36ab13fb440  
corporate/3.0/x86_64/lib64xml1-devel-1.8.17-6.2.C30mdk.x86_64.rpm
 0845a459d22e45d7902465fd5df5a361  
corporate/3.0/x86_64/lib64xml2-2.6.6-1.7.C30mdk.x86_64.rpm
 ca24eb598c9a3bedf53b8f74196f7bdf  
corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.7.C30mdk.x86_64.rpm
 8ca0989b8943c1a05e3a4a11392b0543  
corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.7.C30mdk.x86_64.rpm
 e5878e8e2e27db391ccb8a69e9321d84  
corporate/3.0/x86_64/libxml2-utils-2.6.6-1.7.C30mdk.x86_64.rpm 
 d5e6e7048b60eb9cca4c171158409e7b  
corporate/3.0/SRPMS/libxml-1.8.17-6.2.C30mdk.src.rpm
 a13bb44f2221d5de604c9500132b2e64  
corporate/3.0/SRPMS/libxml2-2.6.6-1.7.C30mdk.src.rpm

 Corporate 4.0:
 412c4b51b880011a26ab4ed7c7ba45e5  
corporate/4.0/i586/libxml1-1.8.17-8.1.20060mlcs4.i586.rpm
 717ab09ebd147def3c413dfe116aad33  
corporate/4.0/i586/libxml1-devel-1.8.17-8.1.20060mlcs4.i586.rpm
 dfe231232039ab50f666264fb66c439e  
corporate/4.0/i586/libxml2-2.6.21-3.6.20060mlcs4.i586.rpm
 880e1bbcac9dd948c2dd90f220f85429  
corporate/4.0/i586/libxml2-devel-2.6.21-3.6.20060mlcs4.i586.rpm
 06b7ec5829b29c0cd072744e411b1740  
corporate/4.0/i586/libxml2-python-2.6.21-3.6.20060mlcs4.i586.rpm
 952e3eca8ee6b3fc86a79b92d4cfae0e  
corporate/4.0/i586/libxml2-utils-2.6.21-3.6.20060mlcs4.i586.rpm 
 3d76cf04c5867a8c6627d8df60ff0a3f  
corporate/4.0/SRPMS/libxml-1.8.17-8.1.20060mlcs4.src.rpm
 4d89f2fba99486313347f090290120ad  
corporate/4.0/SRPMS/libxml2-2.6.21-3.6.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 8c6409125fea5e84672f989ef5281c65  
corporate/4.0/x86_64/lib64xml1-1.8.17-8.1.20060mlcs4.x86_64.rpm
 b2cf7f0230514512c0ac42e808064bf8  
corporate/4.0/x86_64/lib64xml1-devel-1.8.17-8.1.20060mlcs4.x86_64.rpm
 e36877b3cfbe3b8b1f955c0114cadc65  
corporate/4.0/x86_64/lib64xml2-2.6.21-3.6.20060mlcs4.x86_64.rpm
 3ff20f0a038aa002aa1b20b50fb2cc45  
corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.6.20060mlcs4.x86_64.rpm
 bc6e87ea0b3e12cb13fb349b81e2558c  
corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.6.20060mlcs4.x86_64.rpm
 1796de87a058f06fa650a6e3d67f0faf  
corporate/4.0/x86_64/libxml2-utils-2.6.21-3.6.20060mlcs4.x86_64.rpm 
 3d76cf04c5867a8c6627d8df60ff0a3f  
corporate/4.0/SRPMS/libxml-1.8.17-8.1.20060mlcs4.src.rpm
 4d89f2fba99486313347f090290120ad  
corporate/4.0/SRPMS/libxml2-2.6.21-3.6.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 f269a0a57f5347fd9293f0b194f61dbc  mes5/i586/libxml1-1.8.17-14.1mdvmes5.i586.rpm
 8631d0318ad49d6b7245f9f9e77145e9  
mes5/i586/libxml1-devel-1.8.17-14.1mdvmes5.i586.rpm
 d0be142d69350afacf40232d812298dd  mes5/i586/libxml2_2-2.7.1-1.4mdvmes5.i586.rpm
 a36d6df6a51cba73a66a3a4b3587b598  
mes5/i586/libxml2-devel-2.7.1-1.4mdvmes5.i586.rpm
 96b792dec7704086e169a7ecf1896bcd  
mes5/i586/libxml2-python-2.7.1-1.4mdvmes5.i586.rpm
 29084105c1871c37ffa7d161215e046d  
mes5/i586/libxml2-utils-2.7.1-1.4mdvmes5.i586.rpm 
 51a4bd39e933d1730c0526b7137a09a1  mes5/SRPMS/libxml-1.8.17-14.1mdvmes5.src.rpm
 2db7556af99cb87fe9a79b9c39d79078  mes5/SRPMS/libxml2-2.7.1-1.4mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 15c32f4df8da09c7934e4e48c0acac81  
mes5/x86_64/lib64xml1-1.8.17-14.1mdvmes5.x86_64.rpm
 f9e8709a1c2583f0fb05bc67cf46984b  
mes5/x86_64/lib64xml1-devel-1.8.17-14.1mdvmes5.x86_64.rpm
 a76619fd6f4265fcee97c5edd6d297f1  
mes5/x86_64/lib64xml2_2-2.7.1-1.4mdvmes5.x86_64.rpm
 a423f559e1d3cf1b47e423cda3f1ce11  
mes5/x86_64/lib64xml2-devel-2.7.1-1.4mdvmes5.x86_64.rpm
 531581c91ad257314b1e79f267c9ed4d  
mes5/x86_64/libxml2-python-2.7.1-1.4mdvmes5.x86_64.rpm
 1ec223693612986097c0680e636d3b97  
mes5/x86_64/libxml2-utils-2.7.1-1.4mdvmes5.x86_64.rpm 
 51a4bd39e933d1730c0526b7137a09a1  mes5/SRPMS/libxml-1.8.17-14.1mdvmes5.src.rpm
 2db7556af99cb87fe9a79b9c39d79078  mes5/SRPMS/libxml2-2.7.1-1.4mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKgqawmqjQ0CJFipgRAm1xAJ9Wo3Q3XMebdp9VpjzOyNUvcdrawQCgzqtC
ccwi7/SlR5v5jRK/Vs3QEFo=
=SpMF
-----END PGP SIGNATURE-----