---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-353
2004-10-28
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : libxml2
Version     : 2.6.15
Release     : 2
Summary     : Library providing XML and HTML support
Description :
This library allows to manipulate XML files. It includes support
to read, modify and write XML and HTML files. There is DTDs support
this includes parsing and validation even with complex DtDs, either
at parse time or later once the document has been modified. The output
can be a simple SAX stream or and in-memory DOM like representations.
In this case one can use the built-in XPath and XPointer implementation
to select subnodes or ranges. A flexible Input/Output mechanism is
available, with existing HTTP and FTP modules and combined to an
URI library.

---------------------------------------------------------------------
Update Information:

   Updated libxml2 packages fixes security vulnerabilities

libxml2 is a library for manipulating XML files.

Multiple buffer overflow bugs have been found libxml2 versions prior to
2.6.14.  If an attacker can trick a user into passing a specially crafted
FTP URL or FTP proxy URL to libxml2, it could be possible to execute
arbitrary code.  Additionally, if an attacker can return a specially
crafted DNS request to libxml, it is possible to execute arbitrary code.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0989 to this issue.

All users are advised to upgrade to these updated packages, which contain
fixes and are not vulnerable to this issue.

---------------------------------------------------------------------
* Wed Oct 27 2004 Daniel Veillard <veillard@redhat.com> 2.6.15-2

- upstream release 2.6.15 see  NEWS · master · GNOME / libxml2 · GitLab
- incorporate a security fix for #137266 security problem
   


---------------------------------------------------------------------
This update can be downloaded from:
    

18b21e3d001164d71a53d121c0fd806f  SRPMS/libxml2-2.6.15-2.src.rpm
1096a0ad82686ac816a9d5c2318cc3d0  x86_64/libxml2-2.6.15-2.x86_64.rpm
0243c634a62b2b7fb39f79fdd0c688b0  x86_64/libxml2-devel-2.6.15-2.x86_64.rpm
ff7dfc244ccd5c298ddf41e6d0efbc48  x86_64/libxml2-python-2.6.15-2.x86_64.rpm
97a6d139218ab8ab05d98bfdfdd5c45b  x86_64/debug/libxml2-debuginfo-2.6.15-2.x86_64.rpm
f1181cf6048cca3bcc44fec39a3706d0  i386/libxml2-2.6.15-2.i386.rpm
e45b080e51a9960089256fb48898689e  i386/libxml2-devel-2.6.15-2.i386.rpm
f9997ba6ed497fa060a521ad07b6b0ad  i386/libxml2-python-2.6.15-2.i386.rpm
d0480ee25c1cc4d7f30da0899f2668d7  i386/debug/libxml2-debuginfo-2.6.15-2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

--
Daniel Veillard      | Red Hat Desktop team  Red Hat - We make open source technologies for the enterprise
veillard@redhat.com  | libxml GNOME XML XSLT toolkit   Home · Wiki · GNOME / libxml2 · GitLab 
Daniel Veillard | Rpmfind RPM search engine  Rpmfind mirror

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com 
fedora-announce-list Info Page

Fedora: libxml2-2.6.15-2 update

October 28, 2004
Multiple buffer overflow bugs have been found libxml2 versions prior to 2.6.14

Summary

This library allows to manipulate XML files. It includes support

to read, modify and write XML and HTML files. There is DTDs support

this includes parsing and validation even with complex DtDs, either

at parse time or later once the document has been modified. The output

can be a simple SAX stream or and in-memory DOM like representations.

In this case one can use the built-in XPath and XPointer implementation

to select subnodes or ranges. A flexible Input/Output mechanism is

available, with existing HTTP and FTP modules and combined to an

URI library.

Update Information:

Updated libxml2 packages fixes security vulnerabilities

libxml2 is a library for manipulating XML files.

Multiple buffer overflow bugs have been found libxml2 versions prior to 2.6.14. If an attacker can trick a user into passing a specially crafted FTP URL or FTP proxy URL to libxml2, it could be possible to execute arbitrary code. Additionally, if an attacker can return a specially crafted DNS request to libxml, it is possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0989 to this issue.

All users are advised to upgrade to these updated packages, which contain fixes and are not vulnerable to this issue.

* Wed Oct 27 2004 Daniel Veillard <veillard@redhat.com> 2.6.15-2

- upstream release 2.6.15 see NEWS · master · GNOME / libxml2 · GitLab - incorporate a security fix for #137266 security problem



This update can be downloaded from:


18b21e3d001164d71a53d121c0fd806f SRPMS/libxml2-2.6.15-2.src.rpm 1096a0ad82686ac816a9d5c2318cc3d0 x86_64/libxml2-2.6.15-2.x86_64.rpm 0243c634a62b2b7fb39f79fdd0c688b0 x86_64/libxml2-devel-2.6.15-2.x86_64.rpm ff7dfc244ccd5c298ddf41e6d0efbc48 x86_64/libxml2-python-2.6.15-2.x86_64.rpm 97a6d139218ab8ab05d98bfdfdd5c45b x86_64/debug/libxml2-debuginfo-2.6.15-2.x86_64.rpm f1181cf6048cca3bcc44fec39a3706d0 i386/libxml2-2.6.15-2.i386.rpm e45b080e51a9960089256fb48898689e i386/libxml2-devel-2.6.15-2.i386.rpm f9997ba6ed497fa060a521ad07b6b0ad i386/libxml2-python-2.6.15-2.i386.rpm d0480ee25c1cc4d7f30da0899f2668d7 i386/debug/libxml2-debuginfo-2.6.15-2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

-- Daniel Veillard | Red Hat Desktop team Red Hat - We make open source technologies for the enterprise veillard@redhat.com | libxml GNOME XML XSLT toolkit Home · Wiki · GNOME / libxml2 · GitLab Daniel Veillard | Rpmfind RPM search engine Rpmfind mirror

-- fedora-announce-list mailing list fedora-announce-list@redhat.com fedora-announce-list Info Page

Change Log

References

Fedora Update Notification FEDORA-2004-353 2004-10-28 Product : Fedora Core 2 Name : libxml2 Version : 2.6.15 Release : 2 Summary : Library providing XML and HTML support Description : This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library.

Update Instructions

Severity
Product : Fedora Core 2
Name : libxml2
Version : 2.6.15
Release : 2
Summary : Library providing XML and HTML support

Related News

21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While
13.Lock StylizedMotherboard Esm H320
1 - 2 min read
Spiral Linux is a Debian-based distribution that offers a range of desktop environments, making it stand out from other Linux distributions. In
32.Lock Code Circular Esm H320
2 - 3 min read
Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL . The vulnerabilities assigned
1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals
11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved