lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1RCzSe-0006oZ-HX@titan.mandriva.com>
Date: Sun, 09 Oct 2011 21:55:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:145 ] libxml2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:145
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libxml2
 Date    : October 9, 2011
 Affected: 2009.0, 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Double free vulnerabilities in libxml2 allows remote attackers to cause
 a denial of service or possibly have unspecified other impact via a
 crafted XPath expression and via vectors related to XPath handling
 (CVE-2011-2821, CVE-2011-2834).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2821
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2834
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 209b07b6de051ff5aec516f90d0422f4  2009.0/i586/libxml2_2-2.7.1-1.8mdv2009.0.i586.rpm
 79a2f6e4f012fdd417f379e0b0036d54  2009.0/i586/libxml2-devel-2.7.1-1.8mdv2009.0.i586.rpm
 cb0134183154b0014b08aad4b37ea73a  2009.0/i586/libxml2-python-2.7.1-1.8mdv2009.0.i586.rpm
 118448ed71392dd8c2684277b49e4b74  2009.0/i586/libxml2-utils-2.7.1-1.8mdv2009.0.i586.rpm 
 b684a79602cb5e1bbf368642d85f68fa  2009.0/SRPMS/libxml2-2.7.1-1.8mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 998b5bb8b7d018f03136b646e1b06fdb  2009.0/x86_64/lib64xml2_2-2.7.1-1.8mdv2009.0.x86_64.rpm
 b1df1cc7c73c6e8d5b3bc0d39f43fa8d  2009.0/x86_64/lib64xml2-devel-2.7.1-1.8mdv2009.0.x86_64.rpm
 b2e99d7897c1bd6263017f02e98623ae  2009.0/x86_64/libxml2-python-2.7.1-1.8mdv2009.0.x86_64.rpm
 b7dcd0efbe0280e34fe007e278932a77  2009.0/x86_64/libxml2-utils-2.7.1-1.8mdv2009.0.x86_64.rpm 
 b684a79602cb5e1bbf368642d85f68fa  2009.0/SRPMS/libxml2-2.7.1-1.8mdv2009.0.src.rpm

 Mandriva Linux 2010.1:
 b390da9668b76bcf7ffcc8a7bbb53cb5  2010.1/i586/libxml2_2-2.7.7-1.4mdv2010.2.i586.rpm
 be6fd2244124176aabf9f89b051f7542  2010.1/i586/libxml2-devel-2.7.7-1.4mdv2010.2.i586.rpm
 dceee4844d365d68c4fe84c69bdd45cc  2010.1/i586/libxml2-python-2.7.7-1.4mdv2010.2.i586.rpm
 0e45e718e4ef244cb3da314d7d5fe170  2010.1/i586/libxml2-utils-2.7.7-1.4mdv2010.2.i586.rpm 
 a1f749d4ef5dc23d760d2d8dc79b7e80  2010.1/SRPMS/libxml2-2.7.7-1.4mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 8e9c6a2893459d61c8987a4791838c7f  2010.1/x86_64/lib64xml2_2-2.7.7-1.4mdv2010.2.x86_64.rpm
 5a65bad0467ce6c6bccadedbd6ba7300  2010.1/x86_64/lib64xml2-devel-2.7.7-1.4mdv2010.2.x86_64.rpm
 4b4add103bd98bfb13d92a83bd69d232  2010.1/x86_64/libxml2-python-2.7.7-1.4mdv2010.2.x86_64.rpm
 67c5b1c6e287b153c521c125d7f4c40a  2010.1/x86_64/libxml2-utils-2.7.7-1.4mdv2010.2.x86_64.rpm 
 a1f749d4ef5dc23d760d2d8dc79b7e80  2010.1/SRPMS/libxml2-2.7.7-1.4mdv2010.2.src.rpm

 Mandriva Linux 2011:
 a06dd522b3cac6eb67be595b34edab80  2011/i586/libxml2_2-2.7.8-6.2-mdv2011.0.i586.rpm
 d5356190d0ca32bb10d7df3bf4b53626  2011/i586/libxml2-devel-2.7.8-6.2-mdv2011.0.i586.rpm
 c536fdef7c40640e2c22442ca17c2685  2011/i586/libxml2-python-2.7.8-6.2-mdv2011.0.i586.rpm
 d414c5f632c4fb9ccf8452269548c5d4  2011/i586/libxml2-utils-2.7.8-6.2-mdv2011.0.i586.rpm 
 cae1d275c88bbb8f2d4ea3bc62c15066  2011/SRPMS/libxml2-2.7.8-6.2.src.rpm

 Mandriva Linux 2011/X86_64:
 2335fd4f854387849e11cbb3a373f619  2011/x86_64/lib64xml2_2-2.7.8-6.2-mdv2011.0.x86_64.rpm
 64e6582b9f726f4eaa9a5d79f3277081  2011/x86_64/lib64xml2-devel-2.7.8-6.2-mdv2011.0.x86_64.rpm
 9d35412e2549537879ea108350d7a252  2011/x86_64/libxml2-python-2.7.8-6.2-mdv2011.0.x86_64.rpm
 8adc79ebc7ce22b78677467a64fd9074  2011/x86_64/libxml2-utils-2.7.8-6.2-mdv2011.0.x86_64.rpm 
 cae1d275c88bbb8f2d4ea3bc62c15066  2011/SRPMS/libxml2-2.7.8-6.2.src.rpm

 Mandriva Enterprise Server 5:
 dd45c34e2b9c3427a3e3322122918855  mes5/i586/libxml2_2-2.7.1-1.8mdvmes5.2.i586.rpm
 e1ec6cbbf6db0ac41b80591c5697b72d  mes5/i586/libxml2-devel-2.7.1-1.8mdvmes5.2.i586.rpm
 44c69acf5ea338eeb1c2a885cd6d990b  mes5/i586/libxml2-python-2.7.1-1.8mdvmes5.2.i586.rpm
 50f4aab7fe60e69a38f5da6b3989c636  mes5/i586/libxml2-utils-2.7.1-1.8mdvmes5.2.i586.rpm 
 bbcb0ee0595285d0195be0b433b01f51  mes5/SRPMS/libxml2-2.7.1-1.8mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 2f5601898b050b63c6bcc67859b371cc  mes5/x86_64/lib64xml2_2-2.7.1-1.8mdvmes5.2.x86_64.rpm
 88c3f00377c5bec85a213459cb88f0cd  mes5/x86_64/lib64xml2-devel-2.7.1-1.8mdvmes5.2.x86_64.rpm
 8ccdad600cdae46d594f5ca37b1bcd57  mes5/x86_64/libxml2-python-2.7.1-1.8mdvmes5.2.x86_64.rpm
 8ccf73d9975c8d88844af0230095e6eb  mes5/x86_64/libxml2-utils-2.7.1-1.8mdvmes5.2.x86_64.rpm 
 bbcb0ee0595285d0195be0b433b01f51  mes5/SRPMS/libxml2-2.7.1-1.8mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOkc1HmqjQ0CJFipgRAjvzAJ4722/SxBvXd4qHdzYjvXjyOggU9ACg7Klc
ZReJPcU+Y7vdYaWPNy9r0/w=
=DRnl
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ