[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] [ MDVSA-2009:200 ] libxml
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] [ MDVSA-2009:200 ] libxml
- From: security@xxxxxxxxxxxx
- Date: Wed, 12 Aug 2009 16:43:01 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:200
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libxml
Date : August 12, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in libxml:
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26,
2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent
attackers to cause a denial of service (application crash) via a
large depth of element declarations in a DTD, related to a function
recursion, as demonstrated by the Codenomicon XML fuzzing framework
(CVE-2009-2414).
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16,
2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent
attackers to cause a denial of service (application crash) via crafted
(1) Notation or (2) Enumeration attribute types in an XML file, as
demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416).
This update provides a solution to these vulnerabilities.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
ec71ff138073a7cf353bcce7625fa34d
2008.1/i586/libxml1-1.8.17-12.1mdv2008.1.i586.rpm
e874ff3d0080218acabe7643feda81c1
2008.1/i586/libxml1-devel-1.8.17-12.1mdv2008.1.i586.rpm
5c1a0ccdee2b9aeeb1f5e5fa7de6057f
2008.1/i586/libxml2_2-2.6.31-1.5mdv2008.1.i586.rpm
32ea7ae22fa685a4cb0c587bfd4b3b36
2008.1/i586/libxml2-devel-2.6.31-1.5mdv2008.1.i586.rpm
10760afdcf20e4dde32e6c8a4e5a867c
2008.1/i586/libxml2-python-2.6.31-1.5mdv2008.1.i586.rpm
3d1a814b0a0bc21c979b7f00700e8a18
2008.1/i586/libxml2-utils-2.6.31-1.5mdv2008.1.i586.rpm
3d147ed8f8dc4339052b01d8946308cb
2008.1/SRPMS/libxml-1.8.17-12.1mdv2008.1.src.rpm
5a6196a9d7fca0125dd92476760a53c9
2008.1/SRPMS/libxml2-2.6.31-1.5mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
de2508e271af10e169bd60c0ae274648
2008.1/x86_64/lib64xml1-1.8.17-12.1mdv2008.1.x86_64.rpm
f2abb57de6c2e31cc04c874f767557bf
2008.1/x86_64/lib64xml1-devel-1.8.17-12.1mdv2008.1.x86_64.rpm
aa7298bebadbf3741dd326ffecd0a6bd
2008.1/x86_64/lib64xml2_2-2.6.31-1.5mdv2008.1.x86_64.rpm
794046be2a350c7cc21619744d564ea4
2008.1/x86_64/lib64xml2-devel-2.6.31-1.5mdv2008.1.x86_64.rpm
06e24a5e289dfdb2f9be2ff3a5e9aeb0
2008.1/x86_64/libxml2-python-2.6.31-1.5mdv2008.1.x86_64.rpm
51e387ead59ad68fa412084db153b797
2008.1/x86_64/libxml2-utils-2.6.31-1.5mdv2008.1.x86_64.rpm
3d147ed8f8dc4339052b01d8946308cb
2008.1/SRPMS/libxml-1.8.17-12.1mdv2008.1.src.rpm
5a6196a9d7fca0125dd92476760a53c9
2008.1/SRPMS/libxml2-2.6.31-1.5mdv2008.1.src.rpm
Mandriva Linux 2009.0:
15cf90933e50a77a9ff0d6df4d6afd22
2009.0/i586/libxml1-1.8.17-14.1mdv2009.0.i586.rpm
b0f916f0450d5f6b87592258501fd51f
2009.0/i586/libxml1-devel-1.8.17-14.1mdv2009.0.i586.rpm
7ca430bbb84e7b81c00a324b238e68c2
2009.0/i586/libxml2_2-2.7.1-1.4mdv2009.0.i586.rpm
77bcc5c9d205655e0612394e5d046481
2009.0/i586/libxml2-devel-2.7.1-1.4mdv2009.0.i586.rpm
2fba8076ef0f6625eab5eedea5991d23
2009.0/i586/libxml2-python-2.7.1-1.4mdv2009.0.i586.rpm
a2e954480d6b7871bd01e897f896a789
2009.0/i586/libxml2-utils-2.7.1-1.4mdv2009.0.i586.rpm
0bbeefea1851b41c678106bfa2a6bdd3
2009.0/SRPMS/libxml-1.8.17-14.1mdv2009.0.src.rpm
df446d9556752356d368c823e7363cf0
2009.0/SRPMS/libxml2-2.7.1-1.4mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
4b2016588f0a6ad13fc41f1a2055eea6
2009.0/x86_64/lib64xml1-1.8.17-14.1mdv2009.0.x86_64.rpm
7d7625200234b3158011d1a1e762b0f6
2009.0/x86_64/lib64xml1-devel-1.8.17-14.1mdv2009.0.x86_64.rpm
1363994d60c9eae163bcba6b0cfbadc1
2009.0/x86_64/lib64xml2_2-2.7.1-1.4mdv2009.0.x86_64.rpm
79b90aeb82f98ddde58c15a49637a527
2009.0/x86_64/lib64xml2-devel-2.7.1-1.4mdv2009.0.x86_64.rpm
6fc40c41bbeb817906dbbd56aa64b022
2009.0/x86_64/libxml2-python-2.7.1-1.4mdv2009.0.x86_64.rpm
dfba70e56b5ece2fa5a0104aa45ac3b9
2009.0/x86_64/libxml2-utils-2.7.1-1.4mdv2009.0.x86_64.rpm
0bbeefea1851b41c678106bfa2a6bdd3
2009.0/SRPMS/libxml-1.8.17-14.1mdv2009.0.src.rpm
df446d9556752356d368c823e7363cf0
2009.0/SRPMS/libxml2-2.7.1-1.4mdv2009.0.src.rpm
Mandriva Linux 2009.1:
786f12149d425965e793b72a0ea290a1
2009.1/i586/libxml1-1.8.17-14.1mdv2009.1.i586.rpm
5773e74ebcb040245db8f30f4612e4f6
2009.1/i586/libxml1-devel-1.8.17-14.1mdv2009.1.i586.rpm
8c8dde768de51eeec2a6a99da8ba7946
2009.1/i586/libxml2_2-2.7.3-2.1mdv2009.1.i586.rpm
a95e30fef1398f0ed167dbac5eaf1a5e
2009.1/i586/libxml2-devel-2.7.3-2.1mdv2009.1.i586.rpm
924f37d6815c5f8e32e6e2c46c8c0aff
2009.1/i586/libxml2-python-2.7.3-2.1mdv2009.1.i586.rpm
210210942796703d0ef005c85638dbae
2009.1/i586/libxml2-utils-2.7.3-2.1mdv2009.1.i586.rpm
bd1a66810023d2522563232c22ad1647
2009.1/SRPMS/libxml-1.8.17-14.1mdv2009.1.src.rpm
90caf02b9ee30ed7459e295fffb428be
2009.1/SRPMS/libxml2-2.7.3-2.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
0d6c814f92faba670d21a8a725b6b155
2009.1/x86_64/lib64xml1-1.8.17-14.1mdv2009.1.x86_64.rpm
5391b1885f9e6465c7b9883c1d47865a
2009.1/x86_64/lib64xml1-devel-1.8.17-14.1mdv2009.1.x86_64.rpm
4ea44f9c3b952a778ca9e7115bad4e20
2009.1/x86_64/lib64xml2_2-2.7.3-2.1mdv2009.1.x86_64.rpm
3461436d0f68ff3d380516e855f59023
2009.1/x86_64/lib64xml2-devel-2.7.3-2.1mdv2009.1.x86_64.rpm
293f1ce76f6f0b61d5db6b71091c845d
2009.1/x86_64/libxml2-python-2.7.3-2.1mdv2009.1.x86_64.rpm
c31155abb3cd4f0c2bbfa434f15c1f89
2009.1/x86_64/libxml2-utils-2.7.3-2.1mdv2009.1.x86_64.rpm
bd1a66810023d2522563232c22ad1647
2009.1/SRPMS/libxml-1.8.17-14.1mdv2009.1.src.rpm
90caf02b9ee30ed7459e295fffb428be
2009.1/SRPMS/libxml2-2.7.3-2.1mdv2009.1.src.rpm
Corporate 3.0:
55bea4ed1ccf8998329695d214eed3f4
corporate/3.0/i586/libxml1-1.8.17-6.2.C30mdk.i586.rpm
6cdf4ccf8bbf8489aa6b6c083de9866f
corporate/3.0/i586/libxml1-devel-1.8.17-6.2.C30mdk.i586.rpm
90226f7c8ca6fc5753d4f5c5a45bc9f9
corporate/3.0/i586/libxml2-2.6.6-1.7.C30mdk.i586.rpm
baf476404ec5b46b4b9a516f252c62e2
corporate/3.0/i586/libxml2-devel-2.6.6-1.7.C30mdk.i586.rpm
1fdb4e516be71162eb67c74503eb8d64
corporate/3.0/i586/libxml2-python-2.6.6-1.7.C30mdk.i586.rpm
1b881370a164f8014609bcc9855713c5
corporate/3.0/i586/libxml2-utils-2.6.6-1.7.C30mdk.i586.rpm
d5e6e7048b60eb9cca4c171158409e7b
corporate/3.0/SRPMS/libxml-1.8.17-6.2.C30mdk.src.rpm
a13bb44f2221d5de604c9500132b2e64
corporate/3.0/SRPMS/libxml2-2.6.6-1.7.C30mdk.src.rpm
Corporate 3.0/X86_64:
c5f6cb81379099eb5d8254f42a5db4ef
corporate/3.0/x86_64/lib64xml1-1.8.17-6.2.C30mdk.x86_64.rpm
ae08e3b1320fd49d1d41f36ab13fb440
corporate/3.0/x86_64/lib64xml1-devel-1.8.17-6.2.C30mdk.x86_64.rpm
0845a459d22e45d7902465fd5df5a361
corporate/3.0/x86_64/lib64xml2-2.6.6-1.7.C30mdk.x86_64.rpm
ca24eb598c9a3bedf53b8f74196f7bdf
corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.7.C30mdk.x86_64.rpm
8ca0989b8943c1a05e3a4a11392b0543
corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.7.C30mdk.x86_64.rpm
e5878e8e2e27db391ccb8a69e9321d84
corporate/3.0/x86_64/libxml2-utils-2.6.6-1.7.C30mdk.x86_64.rpm
d5e6e7048b60eb9cca4c171158409e7b
corporate/3.0/SRPMS/libxml-1.8.17-6.2.C30mdk.src.rpm
a13bb44f2221d5de604c9500132b2e64
corporate/3.0/SRPMS/libxml2-2.6.6-1.7.C30mdk.src.rpm
Corporate 4.0:
412c4b51b880011a26ab4ed7c7ba45e5
corporate/4.0/i586/libxml1-1.8.17-8.1.20060mlcs4.i586.rpm
717ab09ebd147def3c413dfe116aad33
corporate/4.0/i586/libxml1-devel-1.8.17-8.1.20060mlcs4.i586.rpm
dfe231232039ab50f666264fb66c439e
corporate/4.0/i586/libxml2-2.6.21-3.6.20060mlcs4.i586.rpm
880e1bbcac9dd948c2dd90f220f85429
corporate/4.0/i586/libxml2-devel-2.6.21-3.6.20060mlcs4.i586.rpm
06b7ec5829b29c0cd072744e411b1740
corporate/4.0/i586/libxml2-python-2.6.21-3.6.20060mlcs4.i586.rpm
952e3eca8ee6b3fc86a79b92d4cfae0e
corporate/4.0/i586/libxml2-utils-2.6.21-3.6.20060mlcs4.i586.rpm
3d76cf04c5867a8c6627d8df60ff0a3f
corporate/4.0/SRPMS/libxml-1.8.17-8.1.20060mlcs4.src.rpm
4d89f2fba99486313347f090290120ad
corporate/4.0/SRPMS/libxml2-2.6.21-3.6.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
8c6409125fea5e84672f989ef5281c65
corporate/4.0/x86_64/lib64xml1-1.8.17-8.1.20060mlcs4.x86_64.rpm
b2cf7f0230514512c0ac42e808064bf8
corporate/4.0/x86_64/lib64xml1-devel-1.8.17-8.1.20060mlcs4.x86_64.rpm
e36877b3cfbe3b8b1f955c0114cadc65
corporate/4.0/x86_64/lib64xml2-2.6.21-3.6.20060mlcs4.x86_64.rpm
3ff20f0a038aa002aa1b20b50fb2cc45
corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.6.20060mlcs4.x86_64.rpm
bc6e87ea0b3e12cb13fb349b81e2558c
corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.6.20060mlcs4.x86_64.rpm
1796de87a058f06fa650a6e3d67f0faf
corporate/4.0/x86_64/libxml2-utils-2.6.21-3.6.20060mlcs4.x86_64.rpm
3d76cf04c5867a8c6627d8df60ff0a3f
corporate/4.0/SRPMS/libxml-1.8.17-8.1.20060mlcs4.src.rpm
4d89f2fba99486313347f090290120ad
corporate/4.0/SRPMS/libxml2-2.6.21-3.6.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
f269a0a57f5347fd9293f0b194f61dbc mes5/i586/libxml1-1.8.17-14.1mdvmes5.i586.rpm
8631d0318ad49d6b7245f9f9e77145e9
mes5/i586/libxml1-devel-1.8.17-14.1mdvmes5.i586.rpm
d0be142d69350afacf40232d812298dd mes5/i586/libxml2_2-2.7.1-1.4mdvmes5.i586.rpm
a36d6df6a51cba73a66a3a4b3587b598
mes5/i586/libxml2-devel-2.7.1-1.4mdvmes5.i586.rpm
96b792dec7704086e169a7ecf1896bcd
mes5/i586/libxml2-python-2.7.1-1.4mdvmes5.i586.rpm
29084105c1871c37ffa7d161215e046d
mes5/i586/libxml2-utils-2.7.1-1.4mdvmes5.i586.rpm
51a4bd39e933d1730c0526b7137a09a1 mes5/SRPMS/libxml-1.8.17-14.1mdvmes5.src.rpm
2db7556af99cb87fe9a79b9c39d79078 mes5/SRPMS/libxml2-2.7.1-1.4mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
15c32f4df8da09c7934e4e48c0acac81
mes5/x86_64/lib64xml1-1.8.17-14.1mdvmes5.x86_64.rpm
f9e8709a1c2583f0fb05bc67cf46984b
mes5/x86_64/lib64xml1-devel-1.8.17-14.1mdvmes5.x86_64.rpm
a76619fd6f4265fcee97c5edd6d297f1
mes5/x86_64/lib64xml2_2-2.7.1-1.4mdvmes5.x86_64.rpm
a423f559e1d3cf1b47e423cda3f1ce11
mes5/x86_64/lib64xml2-devel-2.7.1-1.4mdvmes5.x86_64.rpm
531581c91ad257314b1e79f267c9ed4d
mes5/x86_64/libxml2-python-2.7.1-1.4mdvmes5.x86_64.rpm
1ec223693612986097c0680e636d3b97
mes5/x86_64/libxml2-utils-2.7.1-1.4mdvmes5.x86_64.rpm
51a4bd39e933d1730c0526b7137a09a1 mes5/SRPMS/libxml-1.8.17-14.1mdvmes5.src.rpm
2db7556af99cb87fe9a79b9c39d79078 mes5/SRPMS/libxml2-2.7.1-1.4mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKgqawmqjQ0CJFipgRAm1xAJ9Wo3Q3XMebdp9VpjzOyNUvcdrawQCgzqtC
ccwi7/SlR5v5jRK/Vs3QEFo=
=SpMF
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/