full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] [ MDVSA-2008:180 ] libxml2

[Full-disclosure] [ MDVSA-2008:180 ] libxml2

From: <security_at_nospam>
Date: Thu Aug 21 2008 - 23:57:01 GMT
To: full-disclosure@lists.grok.org.uk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2008:180  http://www.mandriva.com/security/
Package : libxml2 Date : August 21, 2008 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

 Problem Description:

 Andreas Solberg found a denial of service flaw in how libxml2 processed  certain content. If an application linked against libxml2 processed  such malformed XML content, it could cause the application to stop  responding (CVE-2008-3281).  

 The updated packages have been patched to prevent this issue.


 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281


 Updated Packages:

 Mandriva Linux 2007.1: 8716508e8ef37fea80042eb5e86b61fc 2007.1/i586/libxml2-2.6.27-3.2mdv2007.1.i586.rpm 76f19e531e231ce049a3f160cab32cbf 2007.1/i586/libxml2-devel-2.6.27-3.2mdv2007.1.i586.rpm 367a17a645a963b4f19cc2ead2457cbe 2007.1/i586/libxml2-python-2.6.27-3.2mdv2007.1.i586.rpm 7508eca77470798d116c0b528d576966 2007.1/i586/libxml2-utils-2.6.27-3.2mdv2007.1.i586.rpm b666ca363e60ad00397e230e0ae1e424 2007.1/SRPMS/libxml2-2.6.27-3.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64: b6727ddd4bd1560da41acf271f2096e8 2007.1/x86_64/lib64xml2-2.6.27-3.2mdv2007.1.x86_64.rpm dd5e07c4f75a7e08e264d55aa0c3f9ed 2007.1/x86_64/lib64xml2-devel-2.6.27-3.2mdv2007.1.x86_64.rpm 26900e7b15c0f04b25ea15e2979471c1 2007.1/x86_64/lib64xml2-python-2.6.27-3.2mdv2007.1.x86_64.rpm c5e0caac1d8d30b64ec7eba3b5a66415 2007.1/x86_64/libxml2-utils-2.6.27-3.2mdv2007.1.x86_64.rpm b666ca363e60ad00397e230e0ae1e424 2007.1/SRPMS/libxml2-2.6.27-3.2mdv2007.1.src.rpm

 Mandriva Linux 2008.0: 1932d023f3b5b7a3f5ba526dd9c95080 2008.0/i586/libxml2_2-2.6.30-1.2mdv2008.0.i586.rpm 7eb2d7415bcd978d69a00dfd18c019a2 2008.0/i586/libxml2-devel-2.6.30-1.2mdv2008.0.i586.rpm 46feaddd608ea1d2fb9c6580063b810d 2008.0/i586/libxml2-python-2.6.30-1.2mdv2008.0.i586.rpm 05395c1fa6023258795c5ecd6f4b7b66 2008.0/i586/libxml2-utils-2.6.30-1.2mdv2008.0.i586.rpm 894fcb3409c735a1e7d98ecdaa2e37ad 2008.0/SRPMS/libxml2-2.6.30-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64: 66ce82db8d282f735b0012003fa35bdd 2008.0/x86_64/lib64xml2_2-2.6.30-1.2mdv2008.0.x86_64.rpm fd63bc951517ea18dc418bf98999eb55 2008.0/x86_64/lib64xml2-devel-2.6.30-1.2mdv2008.0.x86_64.rpm f9386f8b33177f2497712834ac06986d 2008.0/x86_64/libxml2-python-2.6.30-1.2mdv2008.0.x86_64.rpm d01f6d8e1efb2457158de599319ba2af 2008.0/x86_64/libxml2-utils-2.6.30-1.2mdv2008.0.x86_64.rpm 894fcb3409c735a1e7d98ecdaa2e37ad 2008.0/SRPMS/libxml2-2.6.30-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1: 3dad11935bcd4f83bc041459b7ac692f 2008.1/i586/libxml2_2-2.6.31-1.1mdv2008.1.i586.rpm 23018714913a017fb6730b1d779cf3ce 2008.1/i586/libxml2-devel-2.6.31-1.1mdv2008.1.i586.rpm e5b02a6ca9e75d7281cb206b022aa3d3 2008.1/i586/libxml2-python-2.6.31-1.1mdv2008.1.i586.rpm f2323a249c53c7f29125aee420526b58 2008.1/i586/libxml2-utils-2.6.31-1.1mdv2008.1.i586.rpm 23839fdb6c362403140e4901972418ca 2008.1/SRPMS/libxml2-2.6.31-1.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64: 72d3593941c2d5b662e675469416ffff 2008.1/x86_64/lib64xml2_2-2.6.31-1.1mdv2008.1.x86_64.rpm 2fd64ff529048478422d6205b081f9c8 2008.1/x86_64/lib64xml2-devel-2.6.31-1.1mdv2008.1.x86_64.rpm 32fba3b00faac7e5aef4fd10c887ab01 2008.1/x86_64/libxml2-python-2.6.31-1.1mdv2008.1.x86_64.rpm 5054e995d3ed7528f46803eea5d164a5 2008.1/x86_64/libxml2-utils-2.6.31-1.1mdv2008.1.x86_64.rpm 23839fdb6c362403140e4901972418ca 2008.1/SRPMS/libxml2-2.6.31-1.1mdv2008.1.src.rpm

 Corporate 3.0: d623b85f855087f6b108370f3f99b540 corporate/3.0/i586/libxml2-2.6.6-1.3.C30mdk.i586.rpm 76dfbf7e2ff9fca8b5c8f0e34586ed24 corporate/3.0/i586/libxml2-devel-2.6.6-1.3.C30mdk.i586.rpm 81842147b8613b8d50ccf2ba705a5f80 corporate/3.0/i586/libxml2-python-2.6.6-1.3.C30mdk.i586.rpm aad19cbb6d924c9e17c5e2c7a2759a00 corporate/3.0/i586/libxml2-utils-2.6.6-1.3.C30mdk.i586.rpm c452ee0be2fd9035ad1b7d1571d8abf5 corporate/3.0/SRPMS/libxml2-2.6.6-1.3.C30mdk.src.rpm

 Corporate 3.0/X86_64: 3722b9972ae6e89bfa9dd0ddec837fc1 corporate/3.0/x86_64/lib64xml2-2.6.6-1.3.C30mdk.x86_64.rpm fee78f06503143e8590aa2cfd90ce543 corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.3.C30mdk.x86_64.rpm ea153d8ac723de782d9da2c8ac11e9c4 corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.3.C30mdk.x86_64.rpm 10bb7d70f0a774cd26a8a1e6d09570da corporate/3.0/x86_64/libxml2-utils-2.6.6-1.3.C30mdk.x86_64.rpm c452ee0be2fd9035ad1b7d1571d8abf5 corporate/3.0/SRPMS/libxml2-2.6.6-1.3.C30mdk.src.rpm

 Corporate 4.0: 87a2011447e7b1d6fd95764c5deb3a40 corporate/4.0/i586/libxml2-2.6.21-3.2.20060mlcs4.i586.rpm ddde1748667044d1f345be2b6cf49af4 corporate/4.0/i586/libxml2-devel-2.6.21-3.2.20060mlcs4.i586.rpm 68fc71e4875e285c3e8daa3c8129209b corporate/4.0/i586/libxml2-python-2.6.21-3.2.20060mlcs4.i586.rpm 76c878624f4af4ff3b33cceb3783d3b0 corporate/4.0/i586/libxml2-utils-2.6.21-3.2.20060mlcs4.i586.rpm 60399751c7df9a22a8aef3d7d818d11f corporate/4.0/SRPMS/libxml2-2.6.21-3.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64: 478fbdc448c5b7fa4c39844d47e52c3d corporate/4.0/x86_64/lib64xml2-2.6.21-3.2.20060mlcs4.x86_64.rpm fb9525eac308da1cd765c47fa710378b corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.2.20060mlcs4.x86_64.rpm a37566330d49e506586a059f4ccf31b5 corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.2.20060mlcs4.x86_64.rpm e4f5bd6911c49371fad6a854e4dca8c4 corporate/4.0/x86_64/libxml2-utils-2.6.21-3.2.20060mlcs4.x86_64.rpm 60399751c7df9a22a8aef3d7d818d11f corporate/4.0/SRPMS/libxml2-2.6.21-3.2.20060mlcs4.src.rpm
_______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi. The verification  of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security. You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com


 Type Bits/KeyID Date User ID
 pub 1024D/22458A98 2000-07-10 Mandriva Security Team   <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIrdIlmqjQ0CJFipgRAtQkAKDC8BJ/+NN623Z0N4mxEWP91QP0nACdHwWP b3VCpIqKdjdhOZOXLDMucK8=
=gQwh
-----END PGP SIGNATURE-----



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/