Home / vulnerabilitiesPDF  

MDVSA-2008-180.txt

Posted on 21 August 2008
Source : packetstormsecurity.org Link

 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:180
http://www.mandriva.com/security/
_______________________________________________________________________

Package : libxml2
Date : August 21, 2008
Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

Andreas Solberg found a denial of service flaw in how libxml2 processed
certain content. If an application linked against libxml2 processed
such malformed XML content, it could cause the application to stop
responding (CVE-2008-3281).

The updated packages have been patched to prevent this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.1:
8716508e8ef37fea80042eb5e86b61fc 2007.1/i586/libxml2-2.6.27-3.2mdv2007.1.i586.rpm
76f19e531e231ce049a3f160cab32cbf 2007.1/i586/libxml2-devel-2.6.27-3.2mdv2007.1.i586.rpm
367a17a645a963b4f19cc2ead2457cbe 2007.1/i586/libxml2-python-2.6.27-3.2mdv2007.1.i586.rpm
7508eca77470798d116c0b528d576966 2007.1/i586/libxml2-utils-2.6.27-3.2mdv2007.1.i586.rpm
b666ca363e60ad00397e230e0ae1e424 2007.1/SRPMS/libxml2-2.6.27-3.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
b6727ddd4bd1560da41acf271f2096e8 2007.1/x86_64/lib64xml2-2.6.27-3.2mdv2007.1.x86_64.rpm
dd5e07c4f75a7e08e264d55aa0c3f9ed 2007.1/x86_64/lib64xml2-devel-2.6.27-3.2mdv2007.1.x86_64.rpm
26900e7b15c0f04b25ea15e2979471c1 2007.1/x86_64/lib64xml2-python-2.6.27-3.2mdv2007.1.x86_64.rpm
c5e0caac1d8d30b64ec7eba3b5a66415 2007.1/x86_64/libxml2-utils-2.6.27-3.2mdv2007.1.x86_64.rpm
b666ca363e60ad00397e230e0ae1e424 2007.1/SRPMS/libxml2-2.6.27-3.2mdv2007.1.src.rpm

Mandriva Linux 2008.0:
1932d023f3b5b7a3f5ba526dd9c95080 2008.0/i586/libxml2_2-2.6.30-1.2mdv2008.0.i586.rpm
7eb2d7415bcd978d69a00dfd18c019a2 2008.0/i586/libxml2-devel-2.6.30-1.2mdv2008.0.i586.rpm
46feaddd608ea1d2fb9c6580063b810d 2008.0/i586/libxml2-python-2.6.30-1.2mdv2008.0.i586.rpm
05395c1fa6023258795c5ecd6f4b7b66 2008.0/i586/libxml2-utils-2.6.30-1.2mdv2008.0.i586.rpm
894fcb3409c735a1e7d98ecdaa2e37ad 2008.0/SRPMS/libxml2-2.6.30-1.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
66ce82db8d282f735b0012003fa35bdd 2008.0/x86_64/lib64xml2_2-2.6.30-1.2mdv2008.0.x86_64.rpm
fd63bc951517ea18dc418bf98999eb55 2008.0/x86_64/lib64xml2-devel-2.6.30-1.2mdv2008.0.x86_64.rpm
f9386f8b33177f2497712834ac06986d 2008.0/x86_64/libxml2-python-2.6.30-1.2mdv2008.0.x86_64.rpm
d01f6d8e1efb2457158de599319ba2af 2008.0/x86_64/libxml2-utils-2.6.30-1.2mdv2008.0.x86_64.rpm
894fcb3409c735a1e7d98ecdaa2e37ad 2008.0/SRPMS/libxml2-2.6.30-1.2mdv2008.0.src.rpm

Mandriva Linux 2008.1:
3dad11935bcd4f83bc041459b7ac692f 2008.1/i586/libxml2_2-2.6.31-1.1mdv2008.1.i586.rpm
23018714913a017fb6730b1d779cf3ce 2008.1/i586/libxml2-devel-2.6.31-1.1mdv2008.1.i586.rpm
e5b02a6ca9e75d7281cb206b022aa3d3 2008.1/i586/libxml2-python-2.6.31-1.1mdv2008.1.i586.rpm
f2323a249c53c7f29125aee420526b58 2008.1/i586/libxml2-utils-2.6.31-1.1mdv2008.1.i586.rpm
23839fdb6c362403140e4901972418ca 2008.1/SRPMS/libxml2-2.6.31-1.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
72d3593941c2d5b662e675469416ffff 2008.1/x86_64/lib64xml2_2-2.6.31-1.1mdv2008.1.x86_64.rpm
2fd64ff529048478422d6205b081f9c8 2008.1/x86_64/lib64xml2-devel-2.6.31-1.1mdv2008.1.x86_64.rpm
32fba3b00faac7e5aef4fd10c887ab01 2008.1/x86_64/libxml2-python-2.6.31-1.1mdv2008.1.x86_64.rpm
5054e995d3ed7528f46803eea5d164a5 2008.1/x86_64/libxml2-utils-2.6.31-1.1mdv2008.1.x86_64.rpm
23839fdb6c362403140e4901972418ca 2008.1/SRPMS/libxml2-2.6.31-1.1mdv2008.1.src.rpm

Corporate 3.0:
d623b85f855087f6b108370f3f99b540 corporate/3.0/i586/libxml2-2.6.6-1.3.C30mdk.i586.rpm
76dfbf7e2ff9fca8b5c8f0e34586ed24 corporate/3.0/i586/libxml2-devel-2.6.6-1.3.C30mdk.i586.rpm
81842147b8613b8d50ccf2ba705a5f80 corporate/3.0/i586/libxml2-python-2.6.6-1.3.C30mdk.i586.rpm
aad19cbb6d924c9e17c5e2c7a2759a00 corporate/3.0/i586/libxml2-utils-2.6.6-1.3.C30mdk.i586.rpm
c452ee0be2fd9035ad1b7d1571d8abf5 corporate/3.0/SRPMS/libxml2-2.6.6-1.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
3722b9972ae6e89bfa9dd0ddec837fc1 corporate/3.0/x86_64/lib64xml2-2.6.6-1.3.C30mdk.x86_64.rpm
fee78f06503143e8590aa2cfd90ce543 corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.3.C30mdk.x86_64.rpm
ea153d8ac723de782d9da2c8ac11e9c4 corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.3.C30mdk.x86_64.rpm
10bb7d70f0a774cd26a8a1e6d09570da corporate/3.0/x86_64/libxml2-utils-2.6.6-1.3.C30mdk.x86_64.rpm
c452ee0be2fd9035ad1b7d1571d8abf5 corporate/3.0/SRPMS/libxml2-2.6.6-1.3.C30mdk.src.rpm

Corporate 4.0:
87a2011447e7b1d6fd95764c5deb3a40 corporate/4.0/i586/libxml2-2.6.21-3.2.20060mlcs4.i586.rpm
ddde1748667044d1f345be2b6cf49af4 corporate/4.0/i586/libxml2-devel-2.6.21-3.2.20060mlcs4.i586.rpm
68fc71e4875e285c3e8daa3c8129209b corporate/4.0/i586/libxml2-python-2.6.21-3.2.20060mlcs4.i586.rpm
76c878624f4af4ff3b33cceb3783d3b0 corporate/4.0/i586/libxml2-utils-2.6.21-3.2.20060mlcs4.i586.rpm
60399751c7df9a22a8aef3d7d818d11f corporate/4.0/SRPMS/libxml2-2.6.21-3.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
478fbdc448c5b7fa4c39844d47e52c3d corporate/4.0/x86_64/lib64xml2-2.6.21-3.2.20060mlcs4.x86_64.rpm
fb9525eac308da1cd765c47fa710378b corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.2.20060mlcs4.x86_64.rpm
a37566330d49e506586a059f4ccf31b5 corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.2.20060mlcs4.x86_64.rpm
e4f5bd6911c49371fad6a854e4dca8c4 corporate/4.0/x86_64/libxml2-utils-2.6.21-3.2.20060mlcs4.x86_64.rpm
60399751c7df9a22a8aef3d7d818d11f corporate/4.0/SRPMS/libxml2-2.6.21-3.2.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIrdIlmqjQ0CJFipgRAtQkAKDC8BJ/+NN623Z0N4mxEWP91QP0nACdHwWP
b3VCpIqKdjdhOZOXLDMucK8=
=gQwh
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 

TOP