Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:127 - Updated libxml and libxml2 packages fix multiple vulnerabilities
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 5 Nov 2004 00:38:35 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           libxml/libxml2
 Advisory ID:            MDKSA-2004:127
 Date:                   November 4th, 2004

 Affected versions:      10.0, 10.1, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Multiple buffer overflows were reported in the libxml XML parsing
 library.  These vulnerabilities may allow remote attackers to execute
 arbitray code via a long FTP URL that is not properly handled by the
 xmlNanoFTPScanURL() function, a long proxy URL containing FTP data
 that is not properly handled by the xmlNanoFTPScanProxy() function,
 and other overflows in the code that resolves names via DNS.
 
 The updated packages have been patched to prevent these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0989
  http://www.securityfocus.com/archive/1/379383/2004-10-24/2004-10-30/0
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 7419757d6dac2c319d3a488f0b6a91c8  10.0/RPMS/libxml1-1.8.17-6.1.100mdk.i586.rpm
 d40f75aa7557169d865732b0b8edb525  10.0/RPMS/libxml1-devel-1.8.17-6.1.100mdk.i586.rpm
 66dbbf660a64af3624044f56c86ed50d  10.0/RPMS/libxml2-2.6.6-1.1.100mdk.i586.rpm
 b7913822ad7bbb14c9cbc2f415563bf9  10.0/RPMS/libxml2-devel-2.6.6-1.1.100mdk.i586.rpm
 61184cf07497236d7b105754eb05c697  10.0/RPMS/libxml2-python-2.6.6-1.1.100mdk.i586.rpm
 59cd56d41cdb1039874a673ae3791ef7  10.0/RPMS/libxml2-utils-2.6.6-1.1.100mdk.i586.rpm
 9c5781c68ad92993881e8acc01c7309f  10.0/SRPMS/libxml-1.8.17-6.1.100mdk.src.rpm
 9c9be888864046dbda69be1ca4a58a2a  10.0/SRPMS/libxml2-2.6.6-1.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 683fcffa9607a750c8312d1c1d6ddc65  amd64/10.0/RPMS/lib64xml1-1.8.17-6.1.100mdk.amd64.rpm
 253692d726628da01f7f8024a96ad436  amd64/10.0/RPMS/lib64xml1-devel-1.8.17-6.1.100mdk.amd64.rpm
 98ab2e2dfabc30de2d0f59e3b3424c41  amd64/10.0/RPMS/lib64xml2-2.6.6-1.1.100mdk.amd64.rpm
 c664e1217977155d96d816b3256e8d8e  amd64/10.0/RPMS/lib64xml2-devel-2.6.6-1.1.100mdk.amd64.rpm
 aca60f6e140a046829736c990fba6143  amd64/10.0/RPMS/lib64xml2-python-2.6.6-1.1.100mdk.amd64.rpm
 86c957fe4934ffee9898a0c7ba3de5ab  amd64/10.0/RPMS/libxml2-utils-2.6.6-1.1.100mdk.amd64.rpm
 9c5781c68ad92993881e8acc01c7309f  amd64/10.0/SRPMS/libxml-1.8.17-6.1.100mdk.src.rpm
 9c9be888864046dbda69be1ca4a58a2a  amd64/10.0/SRPMS/libxml2-2.6.6-1.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 98fd4f0fa913e362dacb950c0540be8b  10.1/RPMS/libxml1-1.8.17-7.1.101mdk.i586.rpm
 f24c6ab2bb6d9899442ba35f3f91c7dd  10.1/RPMS/libxml1-devel-1.8.17-7.1.101mdk.i586.rpm
 800dfc3e063ff10c043c17ee8dc4f49f  10.1/RPMS/libxml2-2.6.13-1.1.101mdk.i586.rpm
 87878f97cd6652730c00eb611d8ec7af  10.1/RPMS/libxml2-devel-2.6.13-1.1.101mdk.i586.rpm
 fd89cbe73c2370cd57c6b3302b850886  10.1/RPMS/libxml2-python-2.6.13-1.1.101mdk.i586.rpm
 63ecb7675502f5955fdb72d2e222830f  10.1/RPMS/libxml2-utils-2.6.13-1.1.101mdk.i586.rpm
 da1f3b2a5cceb46f30d423616d226882  10.1/SRPMS/libxml-1.8.17-7.1.101mdk.src.rpm
 5552da4d362b3a27243dc98ab6c1c0d9  10.1/SRPMS/libxml2-2.6.13-1.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 d848c1c1233190864346d689b9512aaa  x86_64/10.1/RPMS/lib64xml1-1.8.17-7.1.101mdk.x86_64.rpm
 37be7e8d34fca17695ae9cb16a3c7a77  x86_64/10.1/RPMS/lib64xml1-devel-1.8.17-7.1.101mdk.x86_64.rpm
 a5d1c7bf22f556f353f395ff43cfd793  x86_64/10.1/RPMS/lib64xml2-2.6.13-1.1.101mdk.x86_64.rpm
 109819157cfd2b5c43e27d4c6b535002  x86_64/10.1/RPMS/lib64xml2-devel-2.6.13-1.1.101mdk.x86_64.rpm
 da50fee3f309d9a64f1e02dd004d3565  x86_64/10.1/RPMS/lib64xml2-python-2.6.13-1.1.101mdk.x86_64.rpm
 5f9df318943285a2cd2656481709c816  x86_64/10.1/RPMS/libxml2-utils-2.6.13-1.1.101mdk.x86_64.rpm
 da1f3b2a5cceb46f30d423616d226882  x86_64/10.1/SRPMS/libxml-1.8.17-7.1.101mdk.src.rpm
 5552da4d362b3a27243dc98ab6c1c0d9  x86_64/10.1/SRPMS/libxml2-2.6.13-1.1.101mdk.src.rpm

 Corporate Server 2.1:
 7ee991da9ebdd0db1c630e5f7f7a2e68  corporate/2.1/RPMS/libxml-1.8.17-3.1.C21mdk.i586.rpm
 995d648bf56c15b1e38a8377ac8bee93  corporate/2.1/RPMS/libxml-devel-1.8.17-3.1.C21mdk.i586.rpm
 0fb75fe4af5b62adb91475e5b666aa6a  corporate/2.1/SRPMS/libxml-1.8.17-3.1.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 e061926904a3642490d518fb75924243  x86_64/corporate/2.1/RPMS/libxml-1.8.17-3.1.C21mdk.x86_64.rpm
 f55c0b08b97d70ad492ccfc564cbdd27  x86_64/corporate/2.1/RPMS/libxml-devel-1.8.17-3.1.C21mdk.x86_64.rpm
 0fb75fe4af5b62adb91475e5b666aa6a  x86_64/corporate/2.1/SRPMS/libxml-1.8.17-3.1.C21mdk.src.rpm

 Mandrakelinux 9.2:
 72d13d93c1858448f0bb2ec0288a9d25  9.2/RPMS/libxml1-1.8.17-5.1.92mdk.i586.rpm
 ab7a59085d367027677ef6609e6348a0  9.2/RPMS/libxml1-devel-1.8.17-5.1.92mdk.i586.rpm
 43142581482c83f203077245b6bb0c70  9.2/RPMS/libxml2-2.5.11-1.3.92mdk.i586.rpm
 6ca792aff2e4abbcae971b482419012c  9.2/RPMS/libxml2-devel-2.5.11-1.3.92mdk.i586.rpm
 67c76fe7afc7ca26c0b045b5085f6f3c  9.2/RPMS/libxml2-python-2.5.11-1.3.92mdk.i586.rpm
 307841352f18a276c0c8253cd43c5929  9.2/RPMS/libxml2-utils-2.5.11-1.3.92mdk.i586.rpm
 7e002b307e83de3a2a71de8b569b145f  9.2/SRPMS/libxml-1.8.17-5.1.92mdk.src.rpm
 23300b109e69d4e898a730bc2255189e  9.2/SRPMS/libxml2-2.5.11-1.3.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 84f5e4ec24350c0a49183f2440ac6a65  amd64/9.2/RPMS/lib64xml1-1.8.17-5.1.92mdk.amd64.rpm
 c53ab1e8ef8ae81fa9288bd202667934  amd64/9.2/RPMS/lib64xml1-devel-1.8.17-5.1.92mdk.amd64.rpm
 1d440ef17ecd3d0fb464fe5e99f370ca  amd64/9.2/RPMS/lib64xml2-2.5.11-1.3.92mdk.amd64.rpm
 57532e5ed444a97b5ab1ff79a6b3b611  amd64/9.2/RPMS/lib64xml2-devel-2.5.11-1.3.92mdk.amd64.rpm
 dcd8a5348c6cdf77f1895517e70f4d21  amd64/9.2/RPMS/lib64xml2-python-2.5.11-1.3.92mdk.amd64.rpm
 da8d39dd584708f248dd5d2997f462f2  amd64/9.2/RPMS/libxml2-utils-2.5.11-1.3.92mdk.amd64.rpm
 7e002b307e83de3a2a71de8b569b145f  amd64/9.2/SRPMS/libxml-1.8.17-5.1.92mdk.src.rpm
 23300b109e69d4e898a730bc2255189e  amd64/9.2/SRPMS/libxml2-2.5.11-1.3.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBisuLmqjQ0CJFipgRAhV5AJ4076CTq+/xzDivWvzwFS1OsKquKACgrWoE
z/faJYEpShdwHAEqdkrPMAo=
=cF7Q
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2004:127 - Updated libxml and libxml2 packages fix multiple vulnerabilities Mandrake Linux Security Team (Nov 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]