lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1KY4ZB-0000wi-53@titan.mandriva.com>
Date: Tue, 26 Aug 2008 13:51:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:180-1 ] libxml2


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2008:180-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libxml2
 Date    : August 26, 2008
 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Andreas Solberg found a denial of service flaw in how libxml2 processed
 certain content.  If an application linked against libxml2 processed
 such malformed XML content, it could cause the application to stop
 responding (CVE-2008-3281).

 Update:

 The original fix used to correct this issue caused some applications
 that used the libxml2 library to crash.  These new updated packages
 use a different fix that does not cause certain linked applications
 to crash as the old packages did.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2007.1:
 0e7e7f12391a30bcad97148156c4021e  2007.1/i586/libxml2-2.6.27-3.3mdv2007.1.i586.rpm
 0b5ac70ca6d0c4629b55f22de5b4cfe1  2007.1/i586/libxml2-devel-2.6.27-3.3mdv2007.1.i586.rpm
 7f0f963039543e0c355ed6bc265b892d  2007.1/i586/libxml2-python-2.6.27-3.3mdv2007.1.i586.rpm
 f838395420a606ff99506083d7724446  2007.1/i586/libxml2-utils-2.6.27-3.3mdv2007.1.i586.rpm 
 13c600c7dc6b122382e4954dd6f860d9  2007.1/SRPMS/libxml2-2.6.27-3.3mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 d870241070ef7910492520f3d82e7ac4  2007.1/x86_64/lib64xml2-2.6.27-3.3mdv2007.1.x86_64.rpm
 a80401388080f9edfe7c18cb5e7546a4  2007.1/x86_64/lib64xml2-devel-2.6.27-3.3mdv2007.1.x86_64.rpm
 74a8562ab17245e69d2aedc7caee0cbe  2007.1/x86_64/lib64xml2-python-2.6.27-3.3mdv2007.1.x86_64.rpm
 bc2205dbc15c0a79823bc194ec44239b  2007.1/x86_64/libxml2-utils-2.6.27-3.3mdv2007.1.x86_64.rpm 
 13c600c7dc6b122382e4954dd6f860d9  2007.1/SRPMS/libxml2-2.6.27-3.3mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 74c2de7a4de03821464265c2fa92ff31  2008.0/i586/libxml2_2-2.6.30-1.3mdv2008.0.i586.rpm
 d65194af9740f35526643d57a17cfe09  2008.0/i586/libxml2-devel-2.6.30-1.3mdv2008.0.i586.rpm
 74be68dc85fbced68366d4d98dd892fe  2008.0/i586/libxml2-python-2.6.30-1.3mdv2008.0.i586.rpm
 5f0bcfb876ab3f3dd2f6a77445c69c32  2008.0/i586/libxml2-utils-2.6.30-1.3mdv2008.0.i586.rpm 
 f01b8b581b2f7169d1fda3b981fbeb47  2008.0/SRPMS/libxml2-2.6.30-1.3mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 5d8132763cbdf5d4413b8745a72861d0  2008.0/x86_64/lib64xml2_2-2.6.30-1.3mdv2008.0.x86_64.rpm
 28403f0cdb42beb96ea462da49eb2acf  2008.0/x86_64/lib64xml2-devel-2.6.30-1.3mdv2008.0.x86_64.rpm
 efe6ca94eed2d71ef250fca9debe9398  2008.0/x86_64/libxml2-python-2.6.30-1.3mdv2008.0.x86_64.rpm
 5aab5928d06cb2c83062ffe8ee735c32  2008.0/x86_64/libxml2-utils-2.6.30-1.3mdv2008.0.x86_64.rpm 
 f01b8b581b2f7169d1fda3b981fbeb47  2008.0/SRPMS/libxml2-2.6.30-1.3mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 293f299a02310a9983b10af19feff376  2008.1/i586/libxml2_2-2.6.31-1.2mdv2008.1.i586.rpm
 80f545767f13d8fd4932dacacee20a33  2008.1/i586/libxml2-devel-2.6.31-1.2mdv2008.1.i586.rpm
 454e8ddd1c1992d246c79c753b8223ee  2008.1/i586/libxml2-python-2.6.31-1.2mdv2008.1.i586.rpm
 1c6c58c30f702a2bb0728ebe0e1b6419  2008.1/i586/libxml2-utils-2.6.31-1.2mdv2008.1.i586.rpm 
 83b3d77f4c2670c122dac49be9f881ad  2008.1/SRPMS/libxml2-2.6.31-1.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 6ae456ff0cbb8807b3e4410f125a3d13  2008.1/x86_64/lib64xml2_2-2.6.31-1.2mdv2008.1.x86_64.rpm
 a34fa905949d6e6a7a075b1973972969  2008.1/x86_64/lib64xml2-devel-2.6.31-1.2mdv2008.1.x86_64.rpm
 f5c0f33902c572af1e410d05132c48d5  2008.1/x86_64/libxml2-python-2.6.31-1.2mdv2008.1.x86_64.rpm
 e77f3c3294711f26776aab859f4766e8  2008.1/x86_64/libxml2-utils-2.6.31-1.2mdv2008.1.x86_64.rpm 
 83b3d77f4c2670c122dac49be9f881ad  2008.1/SRPMS/libxml2-2.6.31-1.2mdv2008.1.src.rpm

 Corporate 3.0:
 7d5936c9d0511ed95f6fcf08a5294cfe  corporate/3.0/i586/libxml2-2.6.6-1.4.C30mdk.i586.rpm
 f28230a8224650d5b39bd58d3f4622b1  corporate/3.0/i586/libxml2-devel-2.6.6-1.4.C30mdk.i586.rpm
 843c80943883b90d12ad32cda2d83326  corporate/3.0/i586/libxml2-python-2.6.6-1.4.C30mdk.i586.rpm
 3bc2ec50ad15487d061dafd6d9f531c3  corporate/3.0/i586/libxml2-utils-2.6.6-1.4.C30mdk.i586.rpm 
 92810ebaa102c5cb0ff668c71618324f  corporate/3.0/SRPMS/libxml2-2.6.6-1.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 071e045bc41c2ef21a9f84fbc370b0ad  corporate/3.0/x86_64/lib64xml2-2.6.6-1.4.C30mdk.x86_64.rpm
 8acdbcbd8e6e627da9ef9f5cbc8f4376  corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.4.C30mdk.x86_64.rpm
 8d6996f11cfcb04f40f2683b4130c8ae  corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.4.C30mdk.x86_64.rpm
 951f1f1e387b5e7532692bd8995ceb6b  corporate/3.0/x86_64/libxml2-utils-2.6.6-1.4.C30mdk.x86_64.rpm 
 92810ebaa102c5cb0ff668c71618324f  corporate/3.0/SRPMS/libxml2-2.6.6-1.4.C30mdk.src.rpm

 Corporate 4.0:
 a567e8e1be2bac04e0d195a664b6d19e  corporate/4.0/i586/libxml2-2.6.21-3.3.20060mlcs4.i586.rpm
 22166fa3ef87d411aaecc65b91865b16  corporate/4.0/i586/libxml2-devel-2.6.21-3.3.20060mlcs4.i586.rpm
 528badeb9e54049b50bba71340e3d746  corporate/4.0/i586/libxml2-python-2.6.21-3.3.20060mlcs4.i586.rpm
 0f2112cd522c42c0a0f37e650c73f5fe  corporate/4.0/i586/libxml2-utils-2.6.21-3.3.20060mlcs4.i586.rpm 
 635d80e411a9879305e3680d8ae580e2  corporate/4.0/SRPMS/libxml2-2.6.21-3.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 5ce85e1e45a61879aae403d14f1855c9  corporate/4.0/x86_64/lib64xml2-2.6.21-3.3.20060mlcs4.x86_64.rpm
 7f62f9b30269146108dcbdb6739bcfcf  corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.3.20060mlcs4.x86_64.rpm
 0d036dfba5b6f6b3808da1990c81a052  corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.3.20060mlcs4.x86_64.rpm
 a14d4aece647e7cec6b6c908d6c2ac90  corporate/4.0/x86_64/libxml2-utils-2.6.21-3.3.20060mlcs4.x86_64.rpm 
 635d80e411a9879305e3680d8ae580e2  corporate/4.0/SRPMS/libxml2-2.6.21-3.3.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFItC/5mqjQ0CJFipgRAlesAKDq85G8chg50h+EYLX2LK+MbloC0ACg41N/
fJXUFBHHfBMi906u+AYxz9A=
=FsWf
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ