LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Subject: [Security Announce] [ MDVSA-2008:180 ] libxml2 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding (CVE-2008-3281). The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:180
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libxml2
 Date    : August 21, 2008
 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Andreas Solberg found a denial of service flaw in how libxml2 processed
 certain content.  If an application linked against libxml2 processed
 such malformed XML content, it could cause the application to stop
 responding (CVE-2008-3281).
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2007.1:
 8716508e8ef37fea80042eb5e86b61fc  2007.1/i586/libxml2-2.6.27-3.2mdv2007.1.i586.rpm
 76f19e531e231ce049a3f160cab32cbf  2007.1/i586/libxml2-devel-2.6.27-3.2mdv2007.1.i586.rpm
 367a17a645a963b4f19cc2ead2457cbe  2007.1/i586/libxml2-python-2.6.27-3.2mdv2007.1.i586.rpm
 7508eca77470798d116c0b528d576966  2007.1/i586/libxml2-utils-2.6.27-3.2mdv2007.1.i586.rpm 
 b666ca363e60ad00397e230e0ae1e424  2007.1/SRPMS/libxml2-2.6.27-3.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 b6727ddd4bd1560da41acf271f2096e8  2007.1/x86_64/lib64xml2-2.6.27-3.2mdv2007.1.x86_64.rpm
 dd5e07c4f75a7e08e264d55aa0c3f9ed  2007.1/x86_64/lib64xml2-devel-2.6.27-3.2mdv2007.1.x86_64.rpm
 26900e7b15c0f04b25ea15e2979471c1  2007.1/x86_64/lib64xml2-python-2.6.27-3.2mdv2007.1.x86_64.rpm
 c5e0caac1d8d30b64ec7eba3b5a66415  2007.1/x86_64/libxml2-utils-2.6.27-3.2mdv2007.1.x86_64.rpm 
 b666ca363e60ad00397e230e0ae1e424  2007.1/SRPMS/libxml2-2.6.27-3.2mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 1932d023f3b5b7a3f5ba526dd9c95080  2008.0/i586/libxml2_2-2.6.30-1.2mdv2008.0.i586.rpm
 7eb2d7415bcd978d69a00dfd18c019a2  2008.0/i586/libxml2-devel-2.6.30-1.2mdv2008.0.i586.rpm
 46feaddd608ea1d2fb9c6580063b810d  2008.0/i586/libxml2-python-2.6.30-1.2mdv2008.0.i586.rpm
 05395c1fa6023258795c5ecd6f4b7b66  2008.0/i586/libxml2-utils-2.6.30-1.2mdv2008.0.i586.rpm 
 894fcb3409c735a1e7d98ecdaa2e37ad  2008.0/SRPMS/libxml2-2.6.30-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 66ce82db8d282f735b0012003fa35bdd  2008.0/x86_64/lib64xml2_2-2.6.30-1.2mdv2008.0.x86_64.rpm
 fd63bc951517ea18dc418bf98999eb55  2008.0/x86_64/lib64xml2-devel-2.6.30-1.2mdv2008.0.x86_64.rpm
 f9386f8b33177f2497712834ac06986d  2008.0/x86_64/libxml2-python-2.6.30-1.2mdv2008.0.x86_64.rpm
 d01f6d8e1efb2457158de599319ba2af  2008.0/x86_64/libxml2-utils-2.6.30-1.2mdv2008.0.x86_64.rpm 
 894fcb3409c735a1e7d98ecdaa2e37ad  2008.0/SRPMS/libxml2-2.6.30-1.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 3dad11935bcd4f83bc041459b7ac692f  2008.1/i586/libxml2_2-2.6.31-1.1mdv2008.1.i586.rpm
 23018714913a017fb6730b1d779cf3ce  2008.1/i586/libxml2-devel-2.6.31-1.1mdv2008.1.i586.rpm
 e5b02a6ca9e75d7281cb206b022aa3d3  2008.1/i586/libxml2-python-2.6.31-1.1mdv2008.1.i586.rpm
 f2323a249c53c7f29125aee420526b58  2008.1/i586/libxml2-utils-2.6.31-1.1mdv2008.1.i586.rpm 
 23839fdb6c362403140e4901972418ca  2008.1/SRPMS/libxml2-2.6.31-1.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 72d3593941c2d5b662e675469416ffff  2008.1/x86_64/lib64xml2_2-2.6.31-1.1mdv2008.1.x86_64.rpm
 2fd64ff529048478422d6205b081f9c8  2008.1/x86_64/lib64xml2-devel-2.6.31-1.1mdv2008.1.x86_64.rpm
 32fba3b00faac7e5aef4fd10c887ab01  2008.1/x86_64/libxml2-python-2.6.31-1.1mdv2008.1.x86_64.rpm
 5054e995d3ed7528f46803eea5d164a5  2008.1/x86_64/libxml2-utils-2.6.31-1.1mdv2008.1.x86_64.rpm 
 23839fdb6c362403140e4901972418ca  2008.1/SRPMS/libxml2-2.6.31-1.1mdv2008.1.src.rpm

 Corporate 3.0:
 d623b85f855087f6b108370f3f99b540  corporate/3.0/i586/libxml2-2.6.6-1.3.C30mdk.i586.rpm
 76dfbf7e2ff9fca8b5c8f0e34586ed24  corporate/3.0/i586/libxml2-devel-2.6.6-1.3.C30mdk.i586.rpm
 81842147b8613b8d50ccf2ba705a5f80  corporate/3.0/i586/libxml2-python-2.6.6-1.3.C30mdk.i586.rpm
 aad19cbb6d924c9e17c5e2c7a2759a00  corporate/3.0/i586/libxml2-utils-2.6.6-1.3.C30mdk.i586.rpm 
 c452ee0be2fd9035ad1b7d1571d8abf5  corporate/3.0/SRPMS/libxml2-2.6.6-1.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 3722b9972ae6e89bfa9dd0ddec837fc1  corporate/3.0/x86_64/lib64xml2-2.6.6-1.3.C30mdk.x86_64.rpm
 fee78f06503143e8590aa2cfd90ce543  corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.3.C30mdk.x86_64.rpm
 ea153d8ac723de782d9da2c8ac11e9c4  corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.3.C30mdk.x86_64.rpm
 10bb7d70f0a774cd26a8a1e6d09570da  corporate/3.0/x86_64/libxml2-utils-2.6.6-1.3.C30mdk.x86_64.rpm 
 c452ee0be2fd9035ad1b7d1571d8abf5  corporate/3.0/SRPMS/libxml2-2.6.6-1.3.C30mdk.src.rpm

 Corporate 4.0:
 87a2011447e7b1d6fd95764c5deb3a40  corporate/4.0/i586/libxml2-2.6.21-3.2.20060mlcs4.i586.rpm
 ddde1748667044d1f345be2b6cf49af4  corporate/4.0/i586/libxml2-devel-2.6.21-3.2.20060mlcs4.i586.rpm
 68fc71e4875e285c3e8daa3c8129209b  corporate/4.0/i586/libxml2-python-2.6.21-3.2.20060mlcs4.i586.rpm
 76c878624f4af4ff3b33cceb3783d3b0  corporate/4.0/i586/libxml2-utils-2.6.21-3.2.20060mlcs4.i586.rpm 
 60399751c7df9a22a8aef3d7d818d11f  corporate/4.0/SRPMS/libxml2-2.6.21-3.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 478fbdc448c5b7fa4c39844d47e52c3d  corporate/4.0/x86_64/lib64xml2-2.6.21-3.2.20060mlcs4.x86_64.rpm
 fb9525eac308da1cd765c47fa710378b  corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.2.20060mlcs4.x86_64.rpm
 a37566330d49e506586a059f4ccf31b5  corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.2.20060mlcs4.x86_64.rpm
 e4f5bd6911c49371fad6a854e4dca8c4  corporate/4.0/x86_64/libxml2-utils-2.6.21-3.2.20060mlcs4.x86_64.rpm 
 60399751c7df9a22a8aef3d7d818d11f  corporate/4.0/SRPMS/libxml2-2.6.21-3.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Canadians arrest a Heartbleed hacker
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.