Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:018 - Updated libxml2 packages fix vulnerability
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 4 Mar 2004 04:49:20 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           libxml2
 Advisory ID:            MDKSA-2004:018
 Date:                   March 3rd, 2004

 Affected versions:      9.1, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A flaw in libxml2 versions prior to 2.6.6 was found by Yuuichi
 Teranishi.  When fetching a remote source via FTP or HTTP, libxml2
 uses special parsing routines that can overflow a buffer if passed a
 very long URL.  In the event that the attacker can find a program that
 uses libxml2 which parses remote resources and allows them to
 influence the URL, this flaw could be used to execute arbitrary code.
 
 The updated packages provide a backported fix to correct the problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110
 ______________________________________________________________________

 Updated Packages:
  
 Corporate Server 2.1:
 51af35991ac6ceef5cd6ddc4330e1995  corporate/2.1/RPMS/libxml2-2.4.23-4.2.C21mdk.i586.rpm
 34e6aa4c010e14199767c97d5fe0b706  corporate/2.1/RPMS/libxml2-devel-2.4.23-4.2.C21mdk.i586.rpm
 9b551a5dfa4129f88fa90062ed684725  corporate/2.1/RPMS/libxml2-python-2.4.23-4.2.C21mdk.i586.rpm
 7c2efde8dde2fabc15d0c59fd867d156  corporate/2.1/RPMS/libxml2-utils-2.4.23-4.2.C21mdk.i586.rpm
 153ca0fed634a7485046181baf06ea94  corporate/2.1/SRPMS/libxml2-2.4.23-4.2.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 2bfb3a34f15d5484119f94ea0d8c9d69  x86_64/corporate/2.1/RPMS/libxml2-2.4.23-4.2.C21mdk.x86_64.rpm
 251108957d5ba90a9082d1f1976e5fb7  x86_64/corporate/2.1/RPMS/libxml2-devel-2.4.23-4.2.C21mdk.x86_64.rpm
 7f4d9e5052d9ca41cd0ed8dba78d2416  x86_64/corporate/2.1/RPMS/libxml2-python-2.4.23-4.2.C21mdk.x86_64.rpm
 63e3b6910f6e42b775cb936ce581b16e  x86_64/corporate/2.1/RPMS/libxml2-utils-2.4.23-4.2.C21mdk.x86_64.rpm
 153ca0fed634a7485046181baf06ea94  x86_64/corporate/2.1/SRPMS/libxml2-2.4.23-4.2.C21mdk.src.rpm

 Mandrakelinux 9.1:
 9b91d9a62e88829d180335e93005d706  9.1/RPMS/libxml2-2.5.4-1.2.91mdk.i586.rpm
 42ea5fe9ee7733bab3e726cb0005a9e8  9.1/RPMS/libxml2-devel-2.5.4-1.2.91mdk.i586.rpm
 98642ae61a8884d25878bc91f1d06622  9.1/RPMS/libxml2-python-2.5.4-1.2.91mdk.i586.rpm
 3a7b2acf410ed9d6dc7d34d7e7fc319a  9.1/RPMS/libxml2-utils-2.5.4-1.2.91mdk.i586.rpm
 bbb88662f90ff49f28a2e3e6905106f3  9.1/SRPMS/libxml2-2.5.4-1.2.91mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 bcf80b555579701ed2ba8925bc1a9634  ppc/9.1/RPMS/libxml2-2.5.4-1.2.91mdk.ppc.rpm
 3f6a1d38b9aaefd39a2ad116ec65643d  ppc/9.1/RPMS/libxml2-devel-2.5.4-1.2.91mdk.ppc.rpm
 cdb9ee131ca5bd58564259d6917a9c56  ppc/9.1/RPMS/libxml2-python-2.5.4-1.2.91mdk.ppc.rpm
 3c96adac2eb332f1e535b80e626a2c80  ppc/9.1/RPMS/libxml2-utils-2.5.4-1.2.91mdk.ppc.rpm
 bbb88662f90ff49f28a2e3e6905106f3  ppc/9.1/SRPMS/libxml2-2.5.4-1.2.91mdk.src.rpm

 Mandrakelinux 9.2:
 6566203ab3c4fb904ae0126196aaf400  9.2/RPMS/libxml2-2.5.11-1.2.92mdk.i586.rpm
 5552925b636b9926059c5c27ca37a588  9.2/RPMS/libxml2-devel-2.5.11-1.2.92mdk.i586.rpm
 377f7250ee689d7ee7453b852e651d02  9.2/RPMS/libxml2-python-2.5.11-1.2.92mdk.i586.rpm
 7e04e506249fbb224690ce3cc6434776  9.2/RPMS/libxml2-utils-2.5.11-1.2.92mdk.i586.rpm
 34048480a99f5f04d02902ab918cf5c8  9.2/SRPMS/libxml2-2.5.11-1.2.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 12bfba14856691201fb44eeecd2e0760  amd64/9.2/RPMS/lib64xml2-2.5.11-1.2.92mdk.amd64.rpm
 0267276afa32b153be2ab27821f2a45c  amd64/9.2/RPMS/lib64xml2-devel-2.5.11-1.2.92mdk.amd64.rpm
 545cdb232a403bb77dbd7ae5881dfe01  amd64/9.2/RPMS/lib64xml2-python-2.5.11-1.2.92mdk.amd64.rpm
 32012969ba7f58a67f8569d86ca90246  amd64/9.2/RPMS/libxml2-utils-2.5.11-1.2.92mdk.amd64.rpm
 34048480a99f5f04d02902ab918cf5c8  amd64/9.2/SRPMS/libxml2-2.5.11-1.2.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesecure.net/en/advisories/

 Mandrakesoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFARrVQmqjQ0CJFipgRApmfAKDAmU1wWFUMOt0zdBXMK5B3TnbFiQCgtUPf
ZHaFx48BQTxaJG6ZbwDG/0E=
=Tz/7
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2004:018 - Updated libxml2 packages fix vulnerability Mandrake Linux Security Team (Mar 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault