Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2008:010 ] - Updated libxml2 packages fix DoS vulnerability
From: security () mandriva com
Date: Fri, 11 Jan 2008 18:05:25 -0700


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:010
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libxml2
 Date    : January 11, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A denial of service flaw was discovered by the Google Security Team
 in the way libxml2 processes malformed XML content.  This flaw could
 cause the application to stop responding.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6284
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 77dacb3f7ceed6b154d13b2230993f6a  2007.0/i586/libxml2-2.6.26-2.1mdv2007.0.i586.rpm
 b65bd8c95b4cb202ad9c6ee0b0bd240a  2007.0/i586/libxml2-devel-2.6.26-2.1mdv2007.0.i586.rpm
 783aa1a2d3e7e8f7e1d97a656606e1c0  2007.0/i586/libxml2-python-2.6.26-2.1mdv2007.0.i586.rpm
 fc8a74a258531db13fa948d95f4c2b0f  2007.0/i586/libxml2-utils-2.6.26-2.1mdv2007.0.i586.rpm 
 213917a525e29b1be556eaa909ae70b8  2007.0/SRPMS/libxml2-2.6.26-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 39239bd612197276042a12756b12f25a  2007.0/x86_64/lib64xml2-2.6.26-2.1mdv2007.0.x86_64.rpm
 8559d17572b7ecf59c322fd5e24a32ac  2007.0/x86_64/lib64xml2-devel-2.6.26-2.1mdv2007.0.x86_64.rpm
 9be60ad740a273022ba6f0ac63242d4e  2007.0/x86_64/lib64xml2-python-2.6.26-2.1mdv2007.0.x86_64.rpm
 6d455daad1c6043033535790f6891a03  2007.0/x86_64/libxml2-utils-2.6.26-2.1mdv2007.0.x86_64.rpm 
 213917a525e29b1be556eaa909ae70b8  2007.0/SRPMS/libxml2-2.6.26-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 39a6f6fd2ebed09f57fb448d5608254d  2007.1/i586/libxml2-2.6.27-3.1mdv2007.1.i586.rpm
 85dd4f3000b2d7a1b3ec6d7c0a839481  2007.1/i586/libxml2-devel-2.6.27-3.1mdv2007.1.i586.rpm
 04d59c5ceb87225b3da6b31a76c6e5a2  2007.1/i586/libxml2-python-2.6.27-3.1mdv2007.1.i586.rpm
 87814c987e3c1f58c722a3ea3a8e310c  2007.1/i586/libxml2-utils-2.6.27-3.1mdv2007.1.i586.rpm 
 fb22892957a80ffd6f6a3679dda1ff3a  2007.1/SRPMS/libxml2-2.6.27-3.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 fe616f34b82ffd18e15e34c33efbac7a  2007.1/x86_64/lib64xml2-2.6.27-3.1mdv2007.1.x86_64.rpm
 77b4273b2b847dc93430288b313effe1  2007.1/x86_64/lib64xml2-devel-2.6.27-3.1mdv2007.1.x86_64.rpm
 7256a9e600ba1ccffe8263b7ca79ca9f  2007.1/x86_64/lib64xml2-python-2.6.27-3.1mdv2007.1.x86_64.rpm
 ba8ef3136d30fc8df4ab560eb6ed8d07  2007.1/x86_64/libxml2-utils-2.6.27-3.1mdv2007.1.x86_64.rpm 
 fb22892957a80ffd6f6a3679dda1ff3a  2007.1/SRPMS/libxml2-2.6.27-3.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 3c20ada83e676e7746b79f1a31727dbc  2008.0/i586/libxml2-devel-2.6.30-1.1mdv2008.0.i586.rpm
 6d48ec5ab06b9c9da52f09ac30dc9c80  2008.0/i586/libxml2-python-2.6.30-1.1mdv2008.0.i586.rpm
 ab3b8931c36ab441c50bd807c7c1f178  2008.0/i586/libxml2-utils-2.6.30-1.1mdv2008.0.i586.rpm
 e830e8a3ff3be74baca3b6d6e08048db  2008.0/i586/libxml2_2-2.6.30-1.1mdv2008.0.i586.rpm 
 95a1741cd2ffc9aea77525d3f4ce1032  2008.0/SRPMS/libxml2-2.6.30-1.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 b906a3f182b4c263e6866469b7830d37  2008.0/x86_64/lib64xml2-devel-2.6.30-1.1mdv2008.0.x86_64.rpm
 938706227bb990215af729038959499e  2008.0/x86_64/lib64xml2_2-2.6.30-1.1mdv2008.0.x86_64.rpm
 dc73b6975441524b039e168e471d4a4a  2008.0/x86_64/libxml2-python-2.6.30-1.1mdv2008.0.x86_64.rpm
 0388308a1a1bc7286112023204048c30  2008.0/x86_64/libxml2-utils-2.6.30-1.1mdv2008.0.x86_64.rpm 
 95a1741cd2ffc9aea77525d3f4ce1032  2008.0/SRPMS/libxml2-2.6.30-1.1mdv2008.0.src.rpm

 Corporate 3.0:
 0922b67b2e1f8731f72e4ca3b5585d92  corporate/3.0/i586/libxml2-2.6.6-1.2.C30mdk.i586.rpm
 dda560864d31455db52e8f00dc2aa43f  corporate/3.0/i586/libxml2-devel-2.6.6-1.2.C30mdk.i586.rpm
 e6f5fd59e95a74c09cdd57deed498c9a  corporate/3.0/i586/libxml2-python-2.6.6-1.2.C30mdk.i586.rpm
 7dac1af99fa5eda79e8b9d471d86c55d  corporate/3.0/i586/libxml2-utils-2.6.6-1.2.C30mdk.i586.rpm 
 56183137289bcf9c11699e891dac442a  corporate/3.0/SRPMS/libxml2-2.6.6-1.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 186a08bf1f0110bfaa5bd884934b2fac  corporate/3.0/x86_64/lib64xml2-2.6.6-1.2.C30mdk.x86_64.rpm
 05cf4c50a781c706c020854971160934  corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.2.C30mdk.x86_64.rpm
 b636186a1473f4a45fecc396e9cd5be4  corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.2.C30mdk.x86_64.rpm
 ba733e52ff5a7bf0662d6ad4cf4f4db5  corporate/3.0/x86_64/libxml2-utils-2.6.6-1.2.C30mdk.x86_64.rpm 
 56183137289bcf9c11699e891dac442a  corporate/3.0/SRPMS/libxml2-2.6.6-1.2.C30mdk.src.rpm

 Corporate 4.0:
 a9dfe938313ea3d1a8d7eabe81109e82  corporate/4.0/i586/libxml2-2.6.21-3.1.20060mlcs4.i586.rpm
 81242f717837d167804a74c133aca257  corporate/4.0/i586/libxml2-devel-2.6.21-3.1.20060mlcs4.i586.rpm
 4f72201469336da9fba2b2a2237f454d  corporate/4.0/i586/libxml2-python-2.6.21-3.1.20060mlcs4.i586.rpm
 b50e445cab3dfb2eef5d6870fcb0e389  corporate/4.0/i586/libxml2-utils-2.6.21-3.1.20060mlcs4.i586.rpm 
 b6aba6be396f65fa83ed0bc129b26e39  corporate/4.0/SRPMS/libxml2-2.6.21-3.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 1e842a7e72843912858d308ae9d1e15b  corporate/4.0/x86_64/lib64xml2-2.6.21-3.1.20060mlcs4.x86_64.rpm
 d129d0911beee47ebfc84d635825c907  corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.1.20060mlcs4.x86_64.rpm
 6e74fb611a915fe3ee14e4425257e1e8  corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.1.20060mlcs4.x86_64.rpm
 cafcc6d6ccbe9fb2ea58051de8261d2d  corporate/4.0/x86_64/libxml2-utils-2.6.21-3.1.20060mlcs4.x86_64.rpm 
 b6aba6be396f65fa83ed0bc129b26e39  corporate/4.0/SRPMS/libxml2-2.6.21-3.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHh+bFmqjQ0CJFipgRArjjAKDLhZbdha52orVNoyDU7FdnBVJHPwCgkYJa
kwbUo0ByhybOZevM9pHc078=
=CeNP
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2008:010 ] - Updated libxml2 packages fix DoS vulnerability security (Jan 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault