[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JDUoP-0007ib-59@artemis.annvix.ca>
Date: Fri, 11 Jan 2008 18:05:25 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:010 ] - Updated libxml2 packages fix
DoS vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:010
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libxml2
Date : January 11, 2008
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A denial of service flaw was discovered by the Google Security Team
in the way libxml2 processes malformed XML content. This flaw could
cause the application to stop responding.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6284
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
77dacb3f7ceed6b154d13b2230993f6a 2007.0/i586/libxml2-2.6.26-2.1mdv2007.0.i586.rpm
b65bd8c95b4cb202ad9c6ee0b0bd240a 2007.0/i586/libxml2-devel-2.6.26-2.1mdv2007.0.i586.rpm
783aa1a2d3e7e8f7e1d97a656606e1c0 2007.0/i586/libxml2-python-2.6.26-2.1mdv2007.0.i586.rpm
fc8a74a258531db13fa948d95f4c2b0f 2007.0/i586/libxml2-utils-2.6.26-2.1mdv2007.0.i586.rpm
213917a525e29b1be556eaa909ae70b8 2007.0/SRPMS/libxml2-2.6.26-2.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
39239bd612197276042a12756b12f25a 2007.0/x86_64/lib64xml2-2.6.26-2.1mdv2007.0.x86_64.rpm
8559d17572b7ecf59c322fd5e24a32ac 2007.0/x86_64/lib64xml2-devel-2.6.26-2.1mdv2007.0.x86_64.rpm
9be60ad740a273022ba6f0ac63242d4e 2007.0/x86_64/lib64xml2-python-2.6.26-2.1mdv2007.0.x86_64.rpm
6d455daad1c6043033535790f6891a03 2007.0/x86_64/libxml2-utils-2.6.26-2.1mdv2007.0.x86_64.rpm
213917a525e29b1be556eaa909ae70b8 2007.0/SRPMS/libxml2-2.6.26-2.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
39a6f6fd2ebed09f57fb448d5608254d 2007.1/i586/libxml2-2.6.27-3.1mdv2007.1.i586.rpm
85dd4f3000b2d7a1b3ec6d7c0a839481 2007.1/i586/libxml2-devel-2.6.27-3.1mdv2007.1.i586.rpm
04d59c5ceb87225b3da6b31a76c6e5a2 2007.1/i586/libxml2-python-2.6.27-3.1mdv2007.1.i586.rpm
87814c987e3c1f58c722a3ea3a8e310c 2007.1/i586/libxml2-utils-2.6.27-3.1mdv2007.1.i586.rpm
fb22892957a80ffd6f6a3679dda1ff3a 2007.1/SRPMS/libxml2-2.6.27-3.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
fe616f34b82ffd18e15e34c33efbac7a 2007.1/x86_64/lib64xml2-2.6.27-3.1mdv2007.1.x86_64.rpm
77b4273b2b847dc93430288b313effe1 2007.1/x86_64/lib64xml2-devel-2.6.27-3.1mdv2007.1.x86_64.rpm
7256a9e600ba1ccffe8263b7ca79ca9f 2007.1/x86_64/lib64xml2-python-2.6.27-3.1mdv2007.1.x86_64.rpm
ba8ef3136d30fc8df4ab560eb6ed8d07 2007.1/x86_64/libxml2-utils-2.6.27-3.1mdv2007.1.x86_64.rpm
fb22892957a80ffd6f6a3679dda1ff3a 2007.1/SRPMS/libxml2-2.6.27-3.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
3c20ada83e676e7746b79f1a31727dbc 2008.0/i586/libxml2-devel-2.6.30-1.1mdv2008.0.i586.rpm
6d48ec5ab06b9c9da52f09ac30dc9c80 2008.0/i586/libxml2-python-2.6.30-1.1mdv2008.0.i586.rpm
ab3b8931c36ab441c50bd807c7c1f178 2008.0/i586/libxml2-utils-2.6.30-1.1mdv2008.0.i586.rpm
e830e8a3ff3be74baca3b6d6e08048db 2008.0/i586/libxml2_2-2.6.30-1.1mdv2008.0.i586.rpm
95a1741cd2ffc9aea77525d3f4ce1032 2008.0/SRPMS/libxml2-2.6.30-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
b906a3f182b4c263e6866469b7830d37 2008.0/x86_64/lib64xml2-devel-2.6.30-1.1mdv2008.0.x86_64.rpm
938706227bb990215af729038959499e 2008.0/x86_64/lib64xml2_2-2.6.30-1.1mdv2008.0.x86_64.rpm
dc73b6975441524b039e168e471d4a4a 2008.0/x86_64/libxml2-python-2.6.30-1.1mdv2008.0.x86_64.rpm
0388308a1a1bc7286112023204048c30 2008.0/x86_64/libxml2-utils-2.6.30-1.1mdv2008.0.x86_64.rpm
95a1741cd2ffc9aea77525d3f4ce1032 2008.0/SRPMS/libxml2-2.6.30-1.1mdv2008.0.src.rpm
Corporate 3.0:
0922b67b2e1f8731f72e4ca3b5585d92 corporate/3.0/i586/libxml2-2.6.6-1.2.C30mdk.i586.rpm
dda560864d31455db52e8f00dc2aa43f corporate/3.0/i586/libxml2-devel-2.6.6-1.2.C30mdk.i586.rpm
e6f5fd59e95a74c09cdd57deed498c9a corporate/3.0/i586/libxml2-python-2.6.6-1.2.C30mdk.i586.rpm
7dac1af99fa5eda79e8b9d471d86c55d corporate/3.0/i586/libxml2-utils-2.6.6-1.2.C30mdk.i586.rpm
56183137289bcf9c11699e891dac442a corporate/3.0/SRPMS/libxml2-2.6.6-1.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
186a08bf1f0110bfaa5bd884934b2fac corporate/3.0/x86_64/lib64xml2-2.6.6-1.2.C30mdk.x86_64.rpm
05cf4c50a781c706c020854971160934 corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.2.C30mdk.x86_64.rpm
b636186a1473f4a45fecc396e9cd5be4 corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.2.C30mdk.x86_64.rpm
ba733e52ff5a7bf0662d6ad4cf4f4db5 corporate/3.0/x86_64/libxml2-utils-2.6.6-1.2.C30mdk.x86_64.rpm
56183137289bcf9c11699e891dac442a corporate/3.0/SRPMS/libxml2-2.6.6-1.2.C30mdk.src.rpm
Corporate 4.0:
a9dfe938313ea3d1a8d7eabe81109e82 corporate/4.0/i586/libxml2-2.6.21-3.1.20060mlcs4.i586.rpm
81242f717837d167804a74c133aca257 corporate/4.0/i586/libxml2-devel-2.6.21-3.1.20060mlcs4.i586.rpm
4f72201469336da9fba2b2a2237f454d corporate/4.0/i586/libxml2-python-2.6.21-3.1.20060mlcs4.i586.rpm
b50e445cab3dfb2eef5d6870fcb0e389 corporate/4.0/i586/libxml2-utils-2.6.21-3.1.20060mlcs4.i586.rpm
b6aba6be396f65fa83ed0bc129b26e39 corporate/4.0/SRPMS/libxml2-2.6.21-3.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
1e842a7e72843912858d308ae9d1e15b corporate/4.0/x86_64/lib64xml2-2.6.21-3.1.20060mlcs4.x86_64.rpm
d129d0911beee47ebfc84d635825c907 corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.1.20060mlcs4.x86_64.rpm
6e74fb611a915fe3ee14e4425257e1e8 corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.1.20060mlcs4.x86_64.rpm
cafcc6d6ccbe9fb2ea58051de8261d2d corporate/4.0/x86_64/libxml2-utils-2.6.21-3.1.20060mlcs4.x86_64.rpm
b6aba6be396f65fa83ed0bc129b26e39 corporate/4.0/SRPMS/libxml2-2.6.21-3.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHh+bFmqjQ0CJFipgRArjjAKDLhZbdha52orVNoyDU7FdnBVJHPwCgkYJa
kwbUo0ByhybOZevM9pHc078=
=CeNP
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists