lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Shf7J-0003Ed-Ew@titan.mandriva.com>
Date: Thu, 21 Jun 2012 13:00:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:098 ] libxml2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:098
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libxml2
 Date    : June 21, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in libxml2:
 
 An Off-by-one error in libxml2 allows remote attackers to cause a
 denial of service (out-of-bounds write) or possibly have unspecified
 other impact via unknown vectors (CVE-2011-3102).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 c0461d223d25e8a2857c64953b2b4bbb  2010.1/i586/libxml2_2-2.7.7-1.8mdv2010.2.i586.rpm
 7706b1ef1bf98997275d907f00115d40  2010.1/i586/libxml2-devel-2.7.7-1.8mdv2010.2.i586.rpm
 ac3a4580937dfc0bea6a8b5a4440d3d7  2010.1/i586/libxml2-python-2.7.7-1.8mdv2010.2.i586.rpm
 2543421fd9a764712956d9ec7cc29735  2010.1/i586/libxml2-utils-2.7.7-1.8mdv2010.2.i586.rpm 
 7b5cc8f7d4307694f994b4841298001a  2010.1/SRPMS/libxml2-2.7.7-1.8mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 be969eb2120f0ce934b4a3e439eeef9e  2010.1/x86_64/lib64xml2_2-2.7.7-1.8mdv2010.2.x86_64.rpm
 b157a2a25300a94f43d9519f65b34fc5  2010.1/x86_64/lib64xml2-devel-2.7.7-1.8mdv2010.2.x86_64.rpm
 c3e4d81eb93b56c97c3fc4a4de9898d1  2010.1/x86_64/libxml2-python-2.7.7-1.8mdv2010.2.x86_64.rpm
 34ccac69c45a74aca6dc3b5ddbca3897  2010.1/x86_64/libxml2-utils-2.7.7-1.8mdv2010.2.x86_64.rpm 
 7b5cc8f7d4307694f994b4841298001a  2010.1/SRPMS/libxml2-2.7.7-1.8mdv2010.2.src.rpm

 Mandriva Linux 2011:
 fa3e1afaa06313e8e637e0e1bd8dc034  2011/i586/libxml2_2-2.7.8-6.6-mdv2011.0.i586.rpm
 f9bf3505ce7dfdc2ea26bb5a3ead5a2b  2011/i586/libxml2-devel-2.7.8-6.6-mdv2011.0.i586.rpm
 793a7f2e79156fd24256720972e00ae4  2011/i586/libxml2-python-2.7.8-6.6-mdv2011.0.i586.rpm
 629e9ce8da67bd42d0b75c7a1d971598  2011/i586/libxml2-utils-2.7.8-6.6-mdv2011.0.i586.rpm 
 26a2ff0552ddc63b67578555c559933a  2011/SRPMS/libxml2-2.7.8-6.6.src.rpm

 Mandriva Linux 2011/X86_64:
 64f1f52da84a5bac34f4480f2243335d  2011/x86_64/lib64xml2_2-2.7.8-6.6-mdv2011.0.x86_64.rpm
 f54abb23118e2a84b7294a94a9de9fec  2011/x86_64/lib64xml2-devel-2.7.8-6.6-mdv2011.0.x86_64.rpm
 35f8648d5135a7ad82290658449e4419  2011/x86_64/libxml2-python-2.7.8-6.6-mdv2011.0.x86_64.rpm
 f1b999261ab2ddbc75e39edf574682e0  2011/x86_64/libxml2-utils-2.7.8-6.6-mdv2011.0.x86_64.rpm 
 26a2ff0552ddc63b67578555c559933a  2011/SRPMS/libxml2-2.7.8-6.6.src.rpm

 Mandriva Enterprise Server 5:
 e8f78cba230875f00cc66e38a5d073ab  mes5/i586/libxml2_2-2.7.1-1.12mdvmes5.2.i586.rpm
 8a05a37e788390d5bdf7c7d06bdb3d45  mes5/i586/libxml2-devel-2.7.1-1.12mdvmes5.2.i586.rpm
 85aa790648a830200b25cd7d3c560f9b  mes5/i586/libxml2-python-2.7.1-1.12mdvmes5.2.i586.rpm
 dd17b0e4dfad86cf598c8296053f70e1  mes5/i586/libxml2-utils-2.7.1-1.12mdvmes5.2.i586.rpm 
 5095525663e34a9c6e7b8bdae763be58  mes5/SRPMS/libxml2-2.7.1-1.12mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 7dc33151c191a90e7b5a7b26ee3e6335  mes5/x86_64/lib64xml2_2-2.7.1-1.12mdvmes5.2.x86_64.rpm
 efd29140bba4ca35237798f6f14b3ac1  mes5/x86_64/lib64xml2-devel-2.7.1-1.12mdvmes5.2.x86_64.rpm
 8d081103c58c000c3f7803911ce122a0  mes5/x86_64/libxml2-python-2.7.1-1.12mdvmes5.2.x86_64.rpm
 6efed51b1b6a05f7fa2f864d17b12bc5  mes5/x86_64/libxml2-utils-2.7.1-1.12mdvmes5.2.x86_64.rpm 
 5095525663e34a9c6e7b8bdae763be58  mes5/SRPMS/libxml2-2.7.1-1.12mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFP4tCUmqjQ0CJFipgRAo9rAKC4sIZw21Mn38SOsU0jPtmiXCSm4QCeJFz8
+WSFZ3W+HdBn8JaKKGRLGAc=
=dP6J
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ