[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PY1gn-0006ZX-5T@titan.mandriva.com>
Date: Wed, 29 Dec 2010 20:28:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:260 ] libxml2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:260
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libxml2
Date : December 29, 2010
Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in libxml2:
A double free vulnerability in libxml2 (xpath.c) allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via vectors related to XPath handling (CVE-2010-4494).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4494
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
96c73cd0275bf62c4f55f8b3ced65276 2009.0/i586/libxml2_2-2.7.1-1.6mdv2009.0.i586.rpm
d18337679504219933df364ff99654d1 2009.0/i586/libxml2-devel-2.7.1-1.6mdv2009.0.i586.rpm
0b19bed229abf10f37a0c8e53a78a17c 2009.0/i586/libxml2-python-2.7.1-1.6mdv2009.0.i586.rpm
6bf08a04ea7043f45701995a28a37e59 2009.0/i586/libxml2-utils-2.7.1-1.6mdv2009.0.i586.rpm
a025dd5329b18e0709d9085069345792 2009.0/SRPMS/libxml2-2.7.1-1.6mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
c024c8111a6d49dd066f770e70985f0f 2009.0/x86_64/lib64xml2_2-2.7.1-1.6mdv2009.0.x86_64.rpm
b97952e8024f2de6a527170169d78950 2009.0/x86_64/lib64xml2-devel-2.7.1-1.6mdv2009.0.x86_64.rpm
f9b44c5075667a92b63efbc37c3ab6d9 2009.0/x86_64/libxml2-python-2.7.1-1.6mdv2009.0.x86_64.rpm
307af2c16cc1f8e2a8f33add4d9359e8 2009.0/x86_64/libxml2-utils-2.7.1-1.6mdv2009.0.x86_64.rpm
a025dd5329b18e0709d9085069345792 2009.0/SRPMS/libxml2-2.7.1-1.6mdv2009.0.src.rpm
Mandriva Linux 2010.0:
fb23076b91a89a6c30dfe0a13c60a3a0 2010.0/i586/libxml2_2-2.7.6-1.2mdv2010.0.i586.rpm
2cfe197a520d50b7a4aacbe69e34d992 2010.0/i586/libxml2-devel-2.7.6-1.2mdv2010.0.i586.rpm
11a27a4fbe756782839fc251a03d03c9 2010.0/i586/libxml2-python-2.7.6-1.2mdv2010.0.i586.rpm
d63bf5a32e469c7c85ba8a0b32821375 2010.0/i586/libxml2-utils-2.7.6-1.2mdv2010.0.i586.rpm
86fe4255945ee8127d5a0377e8ac031f 2010.0/SRPMS/libxml2-2.7.6-1.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
6428ceadebd4b6244caef22abcb52364 2010.0/x86_64/lib64xml2_2-2.7.6-1.2mdv2010.0.x86_64.rpm
7ca4a16224eb8cf414923d9364d12c2f 2010.0/x86_64/lib64xml2-devel-2.7.6-1.2mdv2010.0.x86_64.rpm
381825a5af36865bb160ceccde4836b2 2010.0/x86_64/libxml2-python-2.7.6-1.2mdv2010.0.x86_64.rpm
bb58d3474eb59b21e98828bc2b430dfa 2010.0/x86_64/libxml2-utils-2.7.6-1.2mdv2010.0.x86_64.rpm
86fe4255945ee8127d5a0377e8ac031f 2010.0/SRPMS/libxml2-2.7.6-1.2mdv2010.0.src.rpm
Mandriva Linux 2010.1:
c250b5329744ededca54f1698b36db45 2010.1/i586/libxml2_2-2.7.7-1.2mdv2010.2.i586.rpm
646db4be689674625e8b834c4cb349bb 2010.1/i586/libxml2-devel-2.7.7-1.2mdv2010.2.i586.rpm
a47f416a65258e3988865a69a36c0aa2 2010.1/i586/libxml2-python-2.7.7-1.2mdv2010.2.i586.rpm
e9c0561f1d270470b2219fe2684f67a3 2010.1/i586/libxml2-utils-2.7.7-1.2mdv2010.2.i586.rpm
de403379ceefc94700f79c5b7b6600de 2010.1/SRPMS/libxml2-2.7.7-1.2mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
e95524d4092ef122d8e5af7dfba01738 2010.1/x86_64/lib64xml2_2-2.7.7-1.2mdv2010.2.x86_64.rpm
0616718db2f04e2a11af911cd2dad430 2010.1/x86_64/lib64xml2-devel-2.7.7-1.2mdv2010.2.x86_64.rpm
425b3c53f5b41b489c7c9a60eb999635 2010.1/x86_64/libxml2-python-2.7.7-1.2mdv2010.2.x86_64.rpm
da99f4986439660369d6f7856b65adaa 2010.1/x86_64/libxml2-utils-2.7.7-1.2mdv2010.2.x86_64.rpm
de403379ceefc94700f79c5b7b6600de 2010.1/SRPMS/libxml2-2.7.7-1.2mdv2010.2.src.rpm
Mandriva Enterprise Server 5:
ffc17c14de2a11a726f25267d5f37206 mes5/i586/libxml2_2-2.7.1-1.6mdvmes5.1.i586.rpm
df1dfe80537b71b903a8b9f0978722e6 mes5/i586/libxml2-devel-2.7.1-1.6mdvmes5.1.i586.rpm
fe58d1dbf99b24a773bc444749473574 mes5/i586/libxml2-python-2.7.1-1.6mdvmes5.1.i586.rpm
2d2205080bdf5d55534c91354f29f1b5 mes5/i586/libxml2-utils-2.7.1-1.6mdvmes5.1.i586.rpm
1eb0c0b6d274bd49a0209388fd25f2e1 mes5/SRPMS/libxml2-2.7.1-1.6mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
0f6ec86023a30d2ac2314b8fc79bf431 mes5/x86_64/lib64xml2_2-2.7.1-1.6mdvmes5.1.x86_64.rpm
9cfac03d539b97a255e27e2038f607a9 mes5/x86_64/lib64xml2-devel-2.7.1-1.6mdvmes5.1.x86_64.rpm
b44f5a18eba059dc3ed2ece4af0e604e mes5/x86_64/libxml2-python-2.7.1-1.6mdvmes5.1.x86_64.rpm
7f3c07d27e2b8fa08674f16b0b5e64ee mes5/x86_64/libxml2-utils-2.7.1-1.6mdvmes5.1.x86_64.rpm
1eb0c0b6d274bd49a0209388fd25f2e1 mes5/SRPMS/libxml2-2.7.1-1.6mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNG1vlmqjQ0CJFipgRAk8hAJ4wwNOcgIDPvZpECml6UDoJAh7FbACgu/e5
KLbVXnunIbjMTSm3GPo/LxQ=
=xSaB
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists