[Security Announce] [ MDVSA-2008:231 ] libxml2

[news 28]

This is a multi-part message in MIME format...

 

------------=_1227055810-14940-3621

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2008:231

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : libxml2

Date : November 18, 2008

Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0

_______________________________________________________________________

 

Problem Description:

 

Drew Yaro of the Apple Product Security Team found two flaws in

libxml2. The first is a denial of service flaw in libxml2's XML

parser. If an application linked against libxml2 were to process

certain malformed XML content, it cause the application to enter an

infinite loop (CVE-2008-4225).

 

The second is an integer overflow that caused a heap-based buffer

overflow in libxml2's XML parser. If an application linked against

libxml2 were to process certain malformed XML content, it could

cause the application to crash or possibly execute arbitrary code

(CVE-2008-4226).

 

The updated packages have been patched to correct these issues.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.0:

71a9b4c8f5248b988ca008c213196640 2008.0/i586/libxml2_2-2.6.30-1.5mdv2008.0.i586.rpm

163076d3b60d4bf08174d0a270588021 2008.0/i586/libxml2-devel-2.6.30-1.5mdv2008.0.i586.rpm

7b25013141a60bb5d858f5df395fa0bf 2008.0/i586/libxml2-python-2.6.30-1.5mdv2008.0.i586.rpm

db1cd5648e65f1d0f91c17e5ea2eec03 2008.0/i586/libxml2-utils-2.6.30-1.5mdv2008.0.i586.rpm

7c3f9222ad55cfa0fb31817f32eb4985 2008.0/SRPMS/libxml2-2.6.30-1.5mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

67b39168175be18091dfb82cb024e513 2008.0/x86_64/lib64xml2_2-2.6.30-1.5mdv2008.0.x86_64.rpm

c1240bde112946c6bd76cd70b949ad11 2008.0/x86_64/lib64xml2-devel-2.6.30-1.5mdv2008.0.x86_64.rpm

df89b0508f0c0767c13e66af3d1c2036 2008.0/x86_64/libxml2-python-2.6.30-1.5mdv2008.0.x86_64.rpm

fd8ba653d5ed001e6b2e1240576087e4 2008.0/x86_64/libxml2-utils-2.6.30-1.5mdv2008.0.x86_64.rpm

7c3f9222ad55cfa0fb31817f32eb4985 2008.0/SRPMS/libxml2-2.6.30-1.5mdv2008.0.src.rpm

 

Mandriva Linux 2008.1:

d1d556acfd6359e7b0744f5031debc4e 2008.1/i586/libxml2_2-2.6.31-1.4mdv2008.1.i586.rpm

151a4fa3c3157fe5e1454bf731f6127e 2008.1/i586/libxml2-devel-2.6.31-1.4mdv2008.1.i586.rpm

b751e039a46257e84f2e4fe4c3317073 2008.1/i586/libxml2-python-2.6.31-1.4mdv2008.1.i586.rpm

718b49035deee4c364a6f57fee63e56f 2008.1/i586/libxml2-utils-2.6.31-1.4mdv2008.1.i586.rpm

42f39fe32cffebaf6131084eca88078e 2008.1/SRPMS/libxml2-2.6.31-1.4mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

a094032ece09aeaa09a3f2df2e6456a7 2008.1/x86_64/lib64xml2_2-2.6.31-1.4mdv2008.1.x86_64.rpm

072e110afb79c6c30c75c575cdd1f5a6 2008.1/x86_64/lib64xml2-devel-2.6.31-1.4mdv2008.1.x86_64.rpm

ef29f5cea22893d86c6a931314da13e3 2008.1/x86_64/libxml2-python-2.6.31-1.4mdv2008.1.x86_64.rpm

418799ac3809b5a5f669934aa239785a 2008.1/x86_64/libxml2-utils-2.6.31-1.4mdv2008.1.x86_64.rpm

42f39fe32cffebaf6131084eca88078e 2008.1/SRPMS/libxml2-2.6.31-1.4mdv2008.1.src.rpm

 

Mandriva Linux 2009.0:

83880aaa23cb8733fe8f22994eb60307 2009.0/i586/libxml2_2-2.7.1-1.2mdv2009.0.i586.rpm

2e0bef0124aa53ad92db2d0d405482d8 2009.0/i586/libxml2-devel-2.7.1-1.2mdv2009.0.i586.rpm

7e876ac1082e4bae1636d5c14191523a 2009.0/i586/libxml2-python-2.7.1-1.2mdv2009.0.i586.rpm

a59ed2ad792a6abb3f39e35f27c79e02 2009.0/i586/libxml2-utils-2.7.1-1.2mdv2009.0.i586.rpm

a559631e1c75f2f970a22afe32f5e5bd 2009.0/SRPMS/libxml2-2.7.1-1.2mdv2009.0.src.rpm

 

Mandriva Linux 2009.0/X86_64:

feabb6613a0f1d0df75c4a57ed000494 2009.0/x86_64/lib64xml2_2-2.7.1-1.2mdv2009.0.x86_64.rpm

43e173c2b5214d139e802674e4bc1fd1 2009.0/x86_64/lib64xml2-devel-2.7.1-1.2mdv2009.0.x86_64.rpm

ecdb43a0277011f31d1bd228f1df080f 2009.0/x86_64/libxml2-python-2.7.1-1.2mdv2009.0.x86_64.rpm

c7dc1480b3db4b0f10bc41061e9ca513 2009.0/x86_64/libxml2-utils-2.7.1-1.2mdv2009.0.x86_64.rpm

a559631e1c75f2f970a22afe32f5e5bd 2009.0/SRPMS/libxml2-2.7.1-1.2mdv2009.0.src.rpm

 

Corporate 3.0:

974d88697726c14617528f4ed84c5608 corporate/3.0/i586/libxml2-2.6.6-1.6.C30mdk.i586.rpm

72f9e2fc81d89796c13300fefea98e99 corporate/3.0/i586/libxml2-devel-2.6.6-1.6.C30mdk.i586.rpm

e5c6a6f29343d80767524408dd102862 corporate/3.0/i586/libxml2-python-2.6.6-1.6.C30mdk.i586.rpm

72a18b737d538e2d230f08aca82b5c5e corporate/3.0/i586/libxml2-utils-2.6.6-1.6.C30mdk.i586.rpm

8f6860070e152e5edaac7bfa86fc875f corporate/3.0/SRPMS/libxml2-2.6.6-1.6.C30mdk.src.rpm

 

Corporate 3.0/X86_64:

98b4b68e8aa4ce9a3e2060118153f439 corporate/3.0/x86_64/lib64xml2-2.6.6-1.6.C30mdk.x86_64.rpm

33e2c8678bab516a5d48a6973e7b1cfe corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.6.C30mdk.x86_64.rpm

92eddeb37ff21bec085e6f54e44c88dd corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.6.C30mdk.x86_64.rpm

1138b99907d100b83cdfffcfce35be4b corporate/3.0/x86_64/libxml2-utils-2.6.6-1.6.C30mdk.x86_64.rpm

8f6860070e152e5edaac7bfa86fc875f corporate/3.0/SRPMS/libxml2-2.6.6-1.6.C30mdk.src.rpm

 

Corporate 4.0:

60ec0660197f4aff533b41baa28bcf75 corporate/4.0/i586/libxml2-2.6.21-3.5.20060mlcs4.i586.rpm

9b081c51f489920a806e1f220ec84093 corporate/4.0/i586/libxml2-devel-2.6.21-3.5.20060mlcs4.i586.rpm

9170a2fc6453bb760a189a0ef43eea8b corporate/4.0/i586/libxml2-python-2.6.21-3.5.20060mlcs4.i586.rpm

f29d2ee1dc29c74afad720b82d07d632 corporate/4.0/i586/libxml2-utils-2.6.21-3.5.20060mlcs4.i586.rpm

574023fc66ddd864ba92102e82072f70 corporate/4.0/SRPMS/libxml2-2.6.21-3.5.20060mlcs4.src.rpm

 

Corporate 4.0/X86_64:

76e14470992b30d82531480c8bdefe80 corporate/4.0/x86_64/lib64xml2-2.6.21-3.5.20060mlcs4.x86_64.rpm

e03fef73317cee0661edcf9d3bcf2b00 corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.5.20060mlcs4.x86_64.rpm

b245be7c27e1d4a6631e9de44a716ddd corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.5.20060mlcs4.x86_64.rpm

5c3e8747a73062af824d70b83818e45a corporate/4.0/x86_64/libxml2-utils-2.6.21-3.5.20060mlcs4.x86_64.rpm

574023fc66ddd864ba92102e82072f70 corporate/4.0/SRPMS/libxml2-2.6.21-3.5.20060mlcs4.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFJIzXHmqjQ0CJFipgRAgtNAJ40LimLCYlxGCjTHtM6bCkshDIHSACgvafV

W4LARM7xlten6xCJYA69G6Q=

=s6JH

-----END PGP SIGNATURE-----

 

 

------------=_1227055810-14940-3621

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1227055810-14940-3621--