lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PN7OS-0000yW-T2@titan.mandriva.com>
Date: Mon, 29 Nov 2010 18:20:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:243 ] libxml2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:243
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libxml2
 Date    : November 29, 2010
 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in libxml2:
 
 libxml2 before 2.7.8 reads from invalid memory locations
 during processing of malformed XPath expressions, which allows
 context-dependent attackers to cause a denial of service (application
 crash) via a crafted XML document (CVE-2010-4008).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4008
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 cae85730aaa16e754195e18b2b128d48  2009.0/i586/libxml2_2-2.7.1-1.5mdv2009.0.i586.rpm
 f4edef0bd2539c874a4ee18dd3235495  2009.0/i586/libxml2-devel-2.7.1-1.5mdv2009.0.i586.rpm
 592bbd5ad884cb7f15626d8ec00a945c  2009.0/i586/libxml2-python-2.7.1-1.5mdv2009.0.i586.rpm
 abfc530fe15542acf77e3abee46c5348  2009.0/i586/libxml2-utils-2.7.1-1.5mdv2009.0.i586.rpm 
 51bdedc951b8bbb6bbc3748c6a4b5f1f  2009.0/SRPMS/libxml2-2.7.1-1.5mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 aab2482cab13939e3d0ce93cfdd2d1b2  2009.0/x86_64/lib64xml2_2-2.7.1-1.5mdv2009.0.x86_64.rpm
 bac2084ecea5fd9459bd90f34f853045  2009.0/x86_64/lib64xml2-devel-2.7.1-1.5mdv2009.0.x86_64.rpm
 418b6a3177323b782d9bb191f2d491e1  2009.0/x86_64/libxml2-python-2.7.1-1.5mdv2009.0.x86_64.rpm
 69fd3a07ad8ac5a5eb44e2d1414104db  2009.0/x86_64/libxml2-utils-2.7.1-1.5mdv2009.0.x86_64.rpm 
 51bdedc951b8bbb6bbc3748c6a4b5f1f  2009.0/SRPMS/libxml2-2.7.1-1.5mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 fb5c9604e47d24e09ad712a649fcc35c  2010.0/i586/libxml2_2-2.7.6-1.1mdv2010.0.i586.rpm
 6403c9bdaed960dbb3bcbe68666a52b7  2010.0/i586/libxml2-devel-2.7.6-1.1mdv2010.0.i586.rpm
 586212f51e0791a0f2a38c7be5d9716a  2010.0/i586/libxml2-python-2.7.6-1.1mdv2010.0.i586.rpm
 3be0dee356f402a507ad6b5d7a325a6d  2010.0/i586/libxml2-utils-2.7.6-1.1mdv2010.0.i586.rpm 
 145009255e759becf090ccbb7a222776  2010.0/SRPMS/libxml2-2.7.6-1.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 c63c714501a5b8ca2b9b6e9d5e937ddb  2010.0/x86_64/lib64xml2_2-2.7.6-1.1mdv2010.0.x86_64.rpm
 657be2ee648752464520066023bd30ea  2010.0/x86_64/lib64xml2-devel-2.7.6-1.1mdv2010.0.x86_64.rpm
 9d59d8f80191f2ed759de95958b4e0db  2010.0/x86_64/libxml2-python-2.7.6-1.1mdv2010.0.x86_64.rpm
 e2d0e7fdba10ad335bb9b58d0d8afb66  2010.0/x86_64/libxml2-utils-2.7.6-1.1mdv2010.0.x86_64.rpm 
 145009255e759becf090ccbb7a222776  2010.0/SRPMS/libxml2-2.7.6-1.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 e593d08acde951507fce73dbdf279b36  2010.1/i586/libxml2_2-2.7.7-1.1mdv2010.1.i586.rpm
 53b338fe99b6824cb6edb16e3d388b51  2010.1/i586/libxml2-devel-2.7.7-1.1mdv2010.1.i586.rpm
 139dacf78c8fb08030a5182784c112ec  2010.1/i586/libxml2-python-2.7.7-1.1mdv2010.1.i586.rpm
 8dda64f49b49952502c50bf245ebf678  2010.1/i586/libxml2-utils-2.7.7-1.1mdv2010.1.i586.rpm 
 199d8b8af1f42c409b18e51731baf896  2010.1/SRPMS/libxml2-2.7.7-1.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 75633f5ec4ef9eebdac70a9ecaab2449  2010.1/x86_64/lib64xml2_2-2.7.7-1.1mdv2010.1.x86_64.rpm
 e452646c112108d11d29a4ba78fba487  2010.1/x86_64/lib64xml2-devel-2.7.7-1.1mdv2010.1.x86_64.rpm
 688e113fc36a3d51ee099e0e2ecaa28a  2010.1/x86_64/libxml2-python-2.7.7-1.1mdv2010.1.x86_64.rpm
 493d57c4ec894516f11b69015b31ef5a  2010.1/x86_64/libxml2-utils-2.7.7-1.1mdv2010.1.x86_64.rpm 
 199d8b8af1f42c409b18e51731baf896  2010.1/SRPMS/libxml2-2.7.7-1.1mdv2010.1.src.rpm

 Corporate 4.0:
 0c4e8b2ac2a276d280b66b6fa8551450  corporate/4.0/i586/libxml2-2.6.21-3.7.20060mlcs4.i586.rpm
 53ccb20aea237421519e86d717a65369  corporate/4.0/i586/libxml2-devel-2.6.21-3.7.20060mlcs4.i586.rpm
 d08ff4980c6aca39516d1e726fbb974c  corporate/4.0/i586/libxml2-python-2.6.21-3.7.20060mlcs4.i586.rpm
 fb30f123c27a29bd1efe793cfc257f90  corporate/4.0/i586/libxml2-utils-2.6.21-3.7.20060mlcs4.i586.rpm 
 46e9c8c019741553dd345a4d4487eb49  corporate/4.0/SRPMS/libxml2-2.6.21-3.7.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 92bc21ac3d7d357222b563fcb324b3c3  corporate/4.0/x86_64/lib64xml2-2.6.21-3.7.20060mlcs4.x86_64.rpm
 eb0624c01c1c4d3252ddeaf8163134eb  corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.7.20060mlcs4.x86_64.rpm
 80b58173e21e7f9e57b88082eccbefdc  corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.7.20060mlcs4.x86_64.rpm
 5b7d80b623a1dc07e5dd319919a11fbc  corporate/4.0/x86_64/libxml2-utils-2.6.21-3.7.20060mlcs4.x86_64.rpm 
 46e9c8c019741553dd345a4d4487eb49  corporate/4.0/SRPMS/libxml2-2.6.21-3.7.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 4bc323f7bc1dab4927a7e8c4838ccc20  mes5/i586/libxml2_2-2.7.1-1.5mdvmes5.1.i586.rpm
 5a1d23b817beb1fe3f2e939b0d2909ad  mes5/i586/libxml2-devel-2.7.1-1.5mdvmes5.1.i586.rpm
 f53fd718b6f6e8e0e30b01aeb12b2f47  mes5/i586/libxml2-python-2.7.1-1.5mdvmes5.1.i586.rpm
 717dc7dee73859eb65f68195fa4f80bc  mes5/i586/libxml2-utils-2.7.1-1.5mdvmes5.1.i586.rpm 
 5fbf33c05587c8d4f1708737d52ffd58  mes5/SRPMS/libxml2-2.7.1-1.5mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 06e99ea43205f25da07f39ea5fcc9233  mes5/x86_64/lib64xml2_2-2.7.1-1.5mdvmes5.1.x86_64.rpm
 3ee19da3eebf29286a0543da82ba3707  mes5/x86_64/lib64xml2-devel-2.7.1-1.5mdvmes5.1.x86_64.rpm
 5f1d18dc754447947dd88a1b1cd7ab1d  mes5/x86_64/libxml2-python-2.7.1-1.5mdvmes5.1.x86_64.rpm
 ef5f8b03f8006957af1c289aa61600e1  mes5/x86_64/libxml2-utils-2.7.1-1.5mdvmes5.1.x86_64.rpm 
 5fbf33c05587c8d4f1708737d52ffd58  mes5/SRPMS/libxml2-2.7.1-1.5mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFM87BcmqjQ0CJFipgRAhtLAKDShPCQ/Gsm7qBzvcTZaIdAyTL0wQCfc7vl
ViUDiKySUb6P7eFnOzt8Eg8=
=8Sf0
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ