[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MbF2b-0000j9-NW@titan.mandriva.com>
Date: Wed, 12 Aug 2009 16:43:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:200 ] libxml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:200
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libxml
Date : August 12, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in libxml:
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26,
2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent
attackers to cause a denial of service (application crash) via a
large depth of element declarations in a DTD, related to a function
recursion, as demonstrated by the Codenomicon XML fuzzing framework
(CVE-2009-2414).
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16,
2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent
attackers to cause a denial of service (application crash) via crafted
(1) Notation or (2) Enumeration attribute types in an XML file, as
demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416).
This update provides a solution to these vulnerabilities.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
ec71ff138073a7cf353bcce7625fa34d 2008.1/i586/libxml1-1.8.17-12.1mdv2008.1.i586.rpm
e874ff3d0080218acabe7643feda81c1 2008.1/i586/libxml1-devel-1.8.17-12.1mdv2008.1.i586.rpm
5c1a0ccdee2b9aeeb1f5e5fa7de6057f 2008.1/i586/libxml2_2-2.6.31-1.5mdv2008.1.i586.rpm
32ea7ae22fa685a4cb0c587bfd4b3b36 2008.1/i586/libxml2-devel-2.6.31-1.5mdv2008.1.i586.rpm
10760afdcf20e4dde32e6c8a4e5a867c 2008.1/i586/libxml2-python-2.6.31-1.5mdv2008.1.i586.rpm
3d1a814b0a0bc21c979b7f00700e8a18 2008.1/i586/libxml2-utils-2.6.31-1.5mdv2008.1.i586.rpm
3d147ed8f8dc4339052b01d8946308cb 2008.1/SRPMS/libxml-1.8.17-12.1mdv2008.1.src.rpm
5a6196a9d7fca0125dd92476760a53c9 2008.1/SRPMS/libxml2-2.6.31-1.5mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
de2508e271af10e169bd60c0ae274648 2008.1/x86_64/lib64xml1-1.8.17-12.1mdv2008.1.x86_64.rpm
f2abb57de6c2e31cc04c874f767557bf 2008.1/x86_64/lib64xml1-devel-1.8.17-12.1mdv2008.1.x86_64.rpm
aa7298bebadbf3741dd326ffecd0a6bd 2008.1/x86_64/lib64xml2_2-2.6.31-1.5mdv2008.1.x86_64.rpm
794046be2a350c7cc21619744d564ea4 2008.1/x86_64/lib64xml2-devel-2.6.31-1.5mdv2008.1.x86_64.rpm
06e24a5e289dfdb2f9be2ff3a5e9aeb0 2008.1/x86_64/libxml2-python-2.6.31-1.5mdv2008.1.x86_64.rpm
51e387ead59ad68fa412084db153b797 2008.1/x86_64/libxml2-utils-2.6.31-1.5mdv2008.1.x86_64.rpm
3d147ed8f8dc4339052b01d8946308cb 2008.1/SRPMS/libxml-1.8.17-12.1mdv2008.1.src.rpm
5a6196a9d7fca0125dd92476760a53c9 2008.1/SRPMS/libxml2-2.6.31-1.5mdv2008.1.src.rpm
Mandriva Linux 2009.0:
15cf90933e50a77a9ff0d6df4d6afd22 2009.0/i586/libxml1-1.8.17-14.1mdv2009.0.i586.rpm
b0f916f0450d5f6b87592258501fd51f 2009.0/i586/libxml1-devel-1.8.17-14.1mdv2009.0.i586.rpm
7ca430bbb84e7b81c00a324b238e68c2 2009.0/i586/libxml2_2-2.7.1-1.4mdv2009.0.i586.rpm
77bcc5c9d205655e0612394e5d046481 2009.0/i586/libxml2-devel-2.7.1-1.4mdv2009.0.i586.rpm
2fba8076ef0f6625eab5eedea5991d23 2009.0/i586/libxml2-python-2.7.1-1.4mdv2009.0.i586.rpm
a2e954480d6b7871bd01e897f896a789 2009.0/i586/libxml2-utils-2.7.1-1.4mdv2009.0.i586.rpm
0bbeefea1851b41c678106bfa2a6bdd3 2009.0/SRPMS/libxml-1.8.17-14.1mdv2009.0.src.rpm
df446d9556752356d368c823e7363cf0 2009.0/SRPMS/libxml2-2.7.1-1.4mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
4b2016588f0a6ad13fc41f1a2055eea6 2009.0/x86_64/lib64xml1-1.8.17-14.1mdv2009.0.x86_64.rpm
7d7625200234b3158011d1a1e762b0f6 2009.0/x86_64/lib64xml1-devel-1.8.17-14.1mdv2009.0.x86_64.rpm
1363994d60c9eae163bcba6b0cfbadc1 2009.0/x86_64/lib64xml2_2-2.7.1-1.4mdv2009.0.x86_64.rpm
79b90aeb82f98ddde58c15a49637a527 2009.0/x86_64/lib64xml2-devel-2.7.1-1.4mdv2009.0.x86_64.rpm
6fc40c41bbeb817906dbbd56aa64b022 2009.0/x86_64/libxml2-python-2.7.1-1.4mdv2009.0.x86_64.rpm
dfba70e56b5ece2fa5a0104aa45ac3b9 2009.0/x86_64/libxml2-utils-2.7.1-1.4mdv2009.0.x86_64.rpm
0bbeefea1851b41c678106bfa2a6bdd3 2009.0/SRPMS/libxml-1.8.17-14.1mdv2009.0.src.rpm
df446d9556752356d368c823e7363cf0 2009.0/SRPMS/libxml2-2.7.1-1.4mdv2009.0.src.rpm
Mandriva Linux 2009.1:
786f12149d425965e793b72a0ea290a1 2009.1/i586/libxml1-1.8.17-14.1mdv2009.1.i586.rpm
5773e74ebcb040245db8f30f4612e4f6 2009.1/i586/libxml1-devel-1.8.17-14.1mdv2009.1.i586.rpm
8c8dde768de51eeec2a6a99da8ba7946 2009.1/i586/libxml2_2-2.7.3-2.1mdv2009.1.i586.rpm
a95e30fef1398f0ed167dbac5eaf1a5e 2009.1/i586/libxml2-devel-2.7.3-2.1mdv2009.1.i586.rpm
924f37d6815c5f8e32e6e2c46c8c0aff 2009.1/i586/libxml2-python-2.7.3-2.1mdv2009.1.i586.rpm
210210942796703d0ef005c85638dbae 2009.1/i586/libxml2-utils-2.7.3-2.1mdv2009.1.i586.rpm
bd1a66810023d2522563232c22ad1647 2009.1/SRPMS/libxml-1.8.17-14.1mdv2009.1.src.rpm
90caf02b9ee30ed7459e295fffb428be 2009.1/SRPMS/libxml2-2.7.3-2.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
0d6c814f92faba670d21a8a725b6b155 2009.1/x86_64/lib64xml1-1.8.17-14.1mdv2009.1.x86_64.rpm
5391b1885f9e6465c7b9883c1d47865a 2009.1/x86_64/lib64xml1-devel-1.8.17-14.1mdv2009.1.x86_64.rpm
4ea44f9c3b952a778ca9e7115bad4e20 2009.1/x86_64/lib64xml2_2-2.7.3-2.1mdv2009.1.x86_64.rpm
3461436d0f68ff3d380516e855f59023 2009.1/x86_64/lib64xml2-devel-2.7.3-2.1mdv2009.1.x86_64.rpm
293f1ce76f6f0b61d5db6b71091c845d 2009.1/x86_64/libxml2-python-2.7.3-2.1mdv2009.1.x86_64.rpm
c31155abb3cd4f0c2bbfa434f15c1f89 2009.1/x86_64/libxml2-utils-2.7.3-2.1mdv2009.1.x86_64.rpm
bd1a66810023d2522563232c22ad1647 2009.1/SRPMS/libxml-1.8.17-14.1mdv2009.1.src.rpm
90caf02b9ee30ed7459e295fffb428be 2009.1/SRPMS/libxml2-2.7.3-2.1mdv2009.1.src.rpm
Corporate 3.0:
55bea4ed1ccf8998329695d214eed3f4 corporate/3.0/i586/libxml1-1.8.17-6.2.C30mdk.i586.rpm
6cdf4ccf8bbf8489aa6b6c083de9866f corporate/3.0/i586/libxml1-devel-1.8.17-6.2.C30mdk.i586.rpm
90226f7c8ca6fc5753d4f5c5a45bc9f9 corporate/3.0/i586/libxml2-2.6.6-1.7.C30mdk.i586.rpm
baf476404ec5b46b4b9a516f252c62e2 corporate/3.0/i586/libxml2-devel-2.6.6-1.7.C30mdk.i586.rpm
1fdb4e516be71162eb67c74503eb8d64 corporate/3.0/i586/libxml2-python-2.6.6-1.7.C30mdk.i586.rpm
1b881370a164f8014609bcc9855713c5 corporate/3.0/i586/libxml2-utils-2.6.6-1.7.C30mdk.i586.rpm
d5e6e7048b60eb9cca4c171158409e7b corporate/3.0/SRPMS/libxml-1.8.17-6.2.C30mdk.src.rpm
a13bb44f2221d5de604c9500132b2e64 corporate/3.0/SRPMS/libxml2-2.6.6-1.7.C30mdk.src.rpm
Corporate 3.0/X86_64:
c5f6cb81379099eb5d8254f42a5db4ef corporate/3.0/x86_64/lib64xml1-1.8.17-6.2.C30mdk.x86_64.rpm
ae08e3b1320fd49d1d41f36ab13fb440 corporate/3.0/x86_64/lib64xml1-devel-1.8.17-6.2.C30mdk.x86_64.rpm
0845a459d22e45d7902465fd5df5a361 corporate/3.0/x86_64/lib64xml2-2.6.6-1.7.C30mdk.x86_64.rpm
ca24eb598c9a3bedf53b8f74196f7bdf corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.7.C30mdk.x86_64.rpm
8ca0989b8943c1a05e3a4a11392b0543 corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.7.C30mdk.x86_64.rpm
e5878e8e2e27db391ccb8a69e9321d84 corporate/3.0/x86_64/libxml2-utils-2.6.6-1.7.C30mdk.x86_64.rpm
d5e6e7048b60eb9cca4c171158409e7b corporate/3.0/SRPMS/libxml-1.8.17-6.2.C30mdk.src.rpm
a13bb44f2221d5de604c9500132b2e64 corporate/3.0/SRPMS/libxml2-2.6.6-1.7.C30mdk.src.rpm
Corporate 4.0:
412c4b51b880011a26ab4ed7c7ba45e5 corporate/4.0/i586/libxml1-1.8.17-8.1.20060mlcs4.i586.rpm
717ab09ebd147def3c413dfe116aad33 corporate/4.0/i586/libxml1-devel-1.8.17-8.1.20060mlcs4.i586.rpm
dfe231232039ab50f666264fb66c439e corporate/4.0/i586/libxml2-2.6.21-3.6.20060mlcs4.i586.rpm
880e1bbcac9dd948c2dd90f220f85429 corporate/4.0/i586/libxml2-devel-2.6.21-3.6.20060mlcs4.i586.rpm
06b7ec5829b29c0cd072744e411b1740 corporate/4.0/i586/libxml2-python-2.6.21-3.6.20060mlcs4.i586.rpm
952e3eca8ee6b3fc86a79b92d4cfae0e corporate/4.0/i586/libxml2-utils-2.6.21-3.6.20060mlcs4.i586.rpm
3d76cf04c5867a8c6627d8df60ff0a3f corporate/4.0/SRPMS/libxml-1.8.17-8.1.20060mlcs4.src.rpm
4d89f2fba99486313347f090290120ad corporate/4.0/SRPMS/libxml2-2.6.21-3.6.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
8c6409125fea5e84672f989ef5281c65 corporate/4.0/x86_64/lib64xml1-1.8.17-8.1.20060mlcs4.x86_64.rpm
b2cf7f0230514512c0ac42e808064bf8 corporate/4.0/x86_64/lib64xml1-devel-1.8.17-8.1.20060mlcs4.x86_64.rpm
e36877b3cfbe3b8b1f955c0114cadc65 corporate/4.0/x86_64/lib64xml2-2.6.21-3.6.20060mlcs4.x86_64.rpm
3ff20f0a038aa002aa1b20b50fb2cc45 corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.6.20060mlcs4.x86_64.rpm
bc6e87ea0b3e12cb13fb349b81e2558c corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.6.20060mlcs4.x86_64.rpm
1796de87a058f06fa650a6e3d67f0faf corporate/4.0/x86_64/libxml2-utils-2.6.21-3.6.20060mlcs4.x86_64.rpm
3d76cf04c5867a8c6627d8df60ff0a3f corporate/4.0/SRPMS/libxml-1.8.17-8.1.20060mlcs4.src.rpm
4d89f2fba99486313347f090290120ad corporate/4.0/SRPMS/libxml2-2.6.21-3.6.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
f269a0a57f5347fd9293f0b194f61dbc mes5/i586/libxml1-1.8.17-14.1mdvmes5.i586.rpm
8631d0318ad49d6b7245f9f9e77145e9 mes5/i586/libxml1-devel-1.8.17-14.1mdvmes5.i586.rpm
d0be142d69350afacf40232d812298dd mes5/i586/libxml2_2-2.7.1-1.4mdvmes5.i586.rpm
a36d6df6a51cba73a66a3a4b3587b598 mes5/i586/libxml2-devel-2.7.1-1.4mdvmes5.i586.rpm
96b792dec7704086e169a7ecf1896bcd mes5/i586/libxml2-python-2.7.1-1.4mdvmes5.i586.rpm
29084105c1871c37ffa7d161215e046d mes5/i586/libxml2-utils-2.7.1-1.4mdvmes5.i586.rpm
51a4bd39e933d1730c0526b7137a09a1 mes5/SRPMS/libxml-1.8.17-14.1mdvmes5.src.rpm
2db7556af99cb87fe9a79b9c39d79078 mes5/SRPMS/libxml2-2.7.1-1.4mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
15c32f4df8da09c7934e4e48c0acac81 mes5/x86_64/lib64xml1-1.8.17-14.1mdvmes5.x86_64.rpm
f9e8709a1c2583f0fb05bc67cf46984b mes5/x86_64/lib64xml1-devel-1.8.17-14.1mdvmes5.x86_64.rpm
a76619fd6f4265fcee97c5edd6d297f1 mes5/x86_64/lib64xml2_2-2.7.1-1.4mdvmes5.x86_64.rpm
a423f559e1d3cf1b47e423cda3f1ce11 mes5/x86_64/lib64xml2-devel-2.7.1-1.4mdvmes5.x86_64.rpm
531581c91ad257314b1e79f267c9ed4d mes5/x86_64/libxml2-python-2.7.1-1.4mdvmes5.x86_64.rpm
1ec223693612986097c0680e636d3b97 mes5/x86_64/libxml2-utils-2.7.1-1.4mdvmes5.x86_64.rpm
51a4bd39e933d1730c0526b7137a09a1 mes5/SRPMS/libxml-1.8.17-14.1mdvmes5.src.rpm
2db7556af99cb87fe9a79b9c39d79078 mes5/SRPMS/libxml2-2.7.1-1.4mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKgqawmqjQ0CJFipgRAm1xAJ9Wo3Q3XMebdp9VpjzOyNUvcdrawQCgzqtC
ccwi7/SlR5v5jRK/Vs3QEFo=
=SpMF
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists