lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PY1gn-0006ZX-5T@titan.mandriva.com>
Date: Wed, 29 Dec 2010 20:28:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:260 ] libxml2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:260
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libxml2
 Date    : December 29, 2010
 Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in libxml2:
 
 A double free vulnerability in libxml2 (xpath.c) allows remote
 attackers to cause a denial of service or possibly have unspecified
 other impact via vectors related to XPath handling (CVE-2010-4494).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4494
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 96c73cd0275bf62c4f55f8b3ced65276  2009.0/i586/libxml2_2-2.7.1-1.6mdv2009.0.i586.rpm
 d18337679504219933df364ff99654d1  2009.0/i586/libxml2-devel-2.7.1-1.6mdv2009.0.i586.rpm
 0b19bed229abf10f37a0c8e53a78a17c  2009.0/i586/libxml2-python-2.7.1-1.6mdv2009.0.i586.rpm
 6bf08a04ea7043f45701995a28a37e59  2009.0/i586/libxml2-utils-2.7.1-1.6mdv2009.0.i586.rpm 
 a025dd5329b18e0709d9085069345792  2009.0/SRPMS/libxml2-2.7.1-1.6mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 c024c8111a6d49dd066f770e70985f0f  2009.0/x86_64/lib64xml2_2-2.7.1-1.6mdv2009.0.x86_64.rpm
 b97952e8024f2de6a527170169d78950  2009.0/x86_64/lib64xml2-devel-2.7.1-1.6mdv2009.0.x86_64.rpm
 f9b44c5075667a92b63efbc37c3ab6d9  2009.0/x86_64/libxml2-python-2.7.1-1.6mdv2009.0.x86_64.rpm
 307af2c16cc1f8e2a8f33add4d9359e8  2009.0/x86_64/libxml2-utils-2.7.1-1.6mdv2009.0.x86_64.rpm 
 a025dd5329b18e0709d9085069345792  2009.0/SRPMS/libxml2-2.7.1-1.6mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 fb23076b91a89a6c30dfe0a13c60a3a0  2010.0/i586/libxml2_2-2.7.6-1.2mdv2010.0.i586.rpm
 2cfe197a520d50b7a4aacbe69e34d992  2010.0/i586/libxml2-devel-2.7.6-1.2mdv2010.0.i586.rpm
 11a27a4fbe756782839fc251a03d03c9  2010.0/i586/libxml2-python-2.7.6-1.2mdv2010.0.i586.rpm
 d63bf5a32e469c7c85ba8a0b32821375  2010.0/i586/libxml2-utils-2.7.6-1.2mdv2010.0.i586.rpm 
 86fe4255945ee8127d5a0377e8ac031f  2010.0/SRPMS/libxml2-2.7.6-1.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 6428ceadebd4b6244caef22abcb52364  2010.0/x86_64/lib64xml2_2-2.7.6-1.2mdv2010.0.x86_64.rpm
 7ca4a16224eb8cf414923d9364d12c2f  2010.0/x86_64/lib64xml2-devel-2.7.6-1.2mdv2010.0.x86_64.rpm
 381825a5af36865bb160ceccde4836b2  2010.0/x86_64/libxml2-python-2.7.6-1.2mdv2010.0.x86_64.rpm
 bb58d3474eb59b21e98828bc2b430dfa  2010.0/x86_64/libxml2-utils-2.7.6-1.2mdv2010.0.x86_64.rpm 
 86fe4255945ee8127d5a0377e8ac031f  2010.0/SRPMS/libxml2-2.7.6-1.2mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 c250b5329744ededca54f1698b36db45  2010.1/i586/libxml2_2-2.7.7-1.2mdv2010.2.i586.rpm
 646db4be689674625e8b834c4cb349bb  2010.1/i586/libxml2-devel-2.7.7-1.2mdv2010.2.i586.rpm
 a47f416a65258e3988865a69a36c0aa2  2010.1/i586/libxml2-python-2.7.7-1.2mdv2010.2.i586.rpm
 e9c0561f1d270470b2219fe2684f67a3  2010.1/i586/libxml2-utils-2.7.7-1.2mdv2010.2.i586.rpm 
 de403379ceefc94700f79c5b7b6600de  2010.1/SRPMS/libxml2-2.7.7-1.2mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 e95524d4092ef122d8e5af7dfba01738  2010.1/x86_64/lib64xml2_2-2.7.7-1.2mdv2010.2.x86_64.rpm
 0616718db2f04e2a11af911cd2dad430  2010.1/x86_64/lib64xml2-devel-2.7.7-1.2mdv2010.2.x86_64.rpm
 425b3c53f5b41b489c7c9a60eb999635  2010.1/x86_64/libxml2-python-2.7.7-1.2mdv2010.2.x86_64.rpm
 da99f4986439660369d6f7856b65adaa  2010.1/x86_64/libxml2-utils-2.7.7-1.2mdv2010.2.x86_64.rpm 
 de403379ceefc94700f79c5b7b6600de  2010.1/SRPMS/libxml2-2.7.7-1.2mdv2010.2.src.rpm

 Mandriva Enterprise Server 5:
 ffc17c14de2a11a726f25267d5f37206  mes5/i586/libxml2_2-2.7.1-1.6mdvmes5.1.i586.rpm
 df1dfe80537b71b903a8b9f0978722e6  mes5/i586/libxml2-devel-2.7.1-1.6mdvmes5.1.i586.rpm
 fe58d1dbf99b24a773bc444749473574  mes5/i586/libxml2-python-2.7.1-1.6mdvmes5.1.i586.rpm
 2d2205080bdf5d55534c91354f29f1b5  mes5/i586/libxml2-utils-2.7.1-1.6mdvmes5.1.i586.rpm 
 1eb0c0b6d274bd49a0209388fd25f2e1  mes5/SRPMS/libxml2-2.7.1-1.6mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 0f6ec86023a30d2ac2314b8fc79bf431  mes5/x86_64/lib64xml2_2-2.7.1-1.6mdvmes5.1.x86_64.rpm
 9cfac03d539b97a255e27e2038f607a9  mes5/x86_64/lib64xml2-devel-2.7.1-1.6mdvmes5.1.x86_64.rpm
 b44f5a18eba059dc3ed2ece4af0e604e  mes5/x86_64/libxml2-python-2.7.1-1.6mdvmes5.1.x86_64.rpm
 7f3c07d27e2b8fa08674f16b0b5e64ee  mes5/x86_64/libxml2-utils-2.7.1-1.6mdvmes5.1.x86_64.rpm 
 1eb0c0b6d274bd49a0209388fd25f2e1  mes5/SRPMS/libxml2-2.7.1-1.6mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNG1vlmqjQ0CJFipgRAk8hAJ4wwNOcgIDPvZpECml6UDoJAh7FbACgu/e5
KLbVXnunIbjMTSm3GPo/LxQ=
=xSaB
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ