Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: New libxml2 packages fix several issues Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
- --------------------------------------------------------------------------
Debian Security Advisory DSA-1859-1                                           Nico Golde
August 10th, 2009             
- --------------------------------------------------------------------------

Package        : libxml2
Vulnerability  : several
Problem type   : local (remote)
Debian-specific: no
CVE IDs        : CVE-2009-2416 CVE-2009-2414

Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several
vulnerabilities in libxml2, a library for parsing and handling XML data
files, which can lead to denial of service conditions or possibly arbitrary
code execution in the application using the library.  The Common
Vulnerabilities and Exposures project identifies the following problems:

An XML document with specially-crafted Notation or Enumeration attribute
types in a DTD definition leads to the use of a pointers to memory areas
which have already been freed (CVE-2009-2416).

Missing checks for the depth of ELEMENT DTD definitions when parsing
child content can lead to extensive stack-growth due to a function
recursion which can be triggered via a crafted XML document (CVE-2009-2414).

For the oldstable distribution (etch), this problem has been fixed in
version 2.6.27.dfsg-6+etch1.

For the stable distribution (lenny), this problem has been fixed in
version 2.6.32.dfsg-5+lenny1.

For the testing (squeeze) and unstable (sid) distribution, this problem
will be fixed soon.

We recommend that you upgrade your libxml2 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:  3416175 5ff71b22f6253a6dd9afc1c34778dec3
    Size/MD5 checksum:      913 09efeb00dc3ad837c65ed86a2270261b
    Size/MD5 checksum:   147012 e5df821d4cc929b2ef8c7100059715d5

Architecture independent packages:
    Size/MD5 checksum:  1322916 726ca29b7ee850c407ac321f2ea112c7

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   917136 f4cfcb4f316490b18974cecd8868aced
    Size/MD5 checksum:   184768 e475a83dc482cf3763af2f06cd00e7e1
    Size/MD5 checksum:   882132 5573e7841564516216b7ac6bb2d8cf63
    Size/MD5 checksum:    37990 5ab687646663b3719626727176029ba8
    Size/MD5 checksum:   821362 fd53ce835d76a42bd2adcffad97fe4a6

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:    36920 dceee52173b5c868003e83884eed8b7e
    Size/MD5 checksum:   891488 9871349948186c2c2abb61a74628877e
    Size/MD5 checksum:   797442 07005f45dcc655a7aac198b8ef177565
    Size/MD5 checksum:   746350 5af6719d16da6860f581346997577139
    Size/MD5 checksum:   184048 77365844e9195b07ac51b98d9ffde0b8

arm architecture (ARM)
    Size/MD5 checksum:    34680 86beed99d8058d792400e5d5bed13574
    Size/MD5 checksum:   817634 41a02c48c5e88107975a39b0f02e053d
    Size/MD5 checksum:   673336 95d92fe53aa97cf9f335c791977f57f7
    Size/MD5 checksum:   165294 d3ca946df34d74b52398f13984f3ddfb
    Size/MD5 checksum:   742362 fa86898a7ef0fb0cbd6d82fcafc3d886

hppa architecture (HP PA RISC)
    Size/MD5 checksum:    37436 735cfc6512d435e2b08adf4b3699a0be
    Size/MD5 checksum:   864542 cf7d6d7b8851af4bb42731d36421d0dd
    Size/MD5 checksum:   850264 1b911c0030934b91a71774e1fa998739
    Size/MD5 checksum:   858456 a0779deeb7af435d275cc64f830b3b3e
    Size/MD5 checksum:   192316 99987ff2ff350f931b5ab681bd3baf0c

i386 architecture (Intel ia32)
    Size/MD5 checksum:   756686 72c9b7142946ee133dc11e68589d6030
    Size/MD5 checksum:    34738 f444021901f01813c9cfbc34b2b251bf
    Size/MD5 checksum:   682498 5e2b370fb8043b2ea70c3baad068454d
    Size/MD5 checksum:   857416 756808f106e97fe4a2572164f0af6fff
    Size/MD5 checksum:   169728 2e5e83f725d10c94e3d971f75d657416

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   196538 a0e332f9af106987ba5d9188faaa6043
    Size/MD5 checksum:  1106826 5b9c4fcc856734ae53a5e5bc23df87d6
    Size/MD5 checksum:   874266 5ac25182055c936cb0c41727470503b7
    Size/MD5 checksum:    48502 548ec8a13d753639ed35c18a2bfb1351
    Size/MD5 checksum:  1080804 20f8d6955ca957b04274e54a8eceb247

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   841350 2859f5df144f2f00a01471db5c8a565d
    Size/MD5 checksum:   171640 195e04a6148265482fe114684c3fb288
    Size/MD5 checksum:    34428 226b53d817ff2c40e229a07e3a4e64a0
    Size/MD5 checksum:   771046 4deccca8499335b45239d11e4a96e4de
    Size/MD5 checksum:   926988 4f35522366c2f765f7c513ee4d912d63

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:    34404 5ef9faea763c8f56a9ea0c413ca3ec28
    Size/MD5 checksum:   168694 90fb2deb233b8bfea3fc8a220ec1a092
    Size/MD5 checksum:   833350 0f010d569fc5ea79522faf440c428838
    Size/MD5 checksum:   898632 dad49d9f3170bd9cd3cf7711ae03fd99
    Size/MD5 checksum:   769482 b79657714956fa0c913e21ab4da964f7

powerpc architecture (PowerPC)
    Size/MD5 checksum:   780328 ea5cee0b67522d2356f6c6754dd16982
    Size/MD5 checksum:   172738 e3a4bafab2ce8c709611c1d8c4ade6b1
    Size/MD5 checksum:   771204 214bccabba3319d13bc0e0326ee20d5d
    Size/MD5 checksum:   898180 d71ee456739a07f4c2a165cf5c23c39d
    Size/MD5 checksum:    37672 796e04e32fde7bbe155842d2c10c2b8d

s390 architecture (IBM S/390)
    Size/MD5 checksum:   750344 aabb8eb831d7eef11b52b1e54f6740a0
    Size/MD5 checksum:   885566 c20f903a49fb4a879ba17248145012ee
    Size/MD5 checksum:    36374 7814b80c96c04a9c9df1d47f853874eb
    Size/MD5 checksum:   185726 8360cbc7380594a8b92c45ef65656071
    Size/MD5 checksum:   806552 cccadb108b979c08780e436a164f76cd

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:   761918 554b6c93e5277f5bd985c8d55f4599ff
    Size/MD5 checksum:   712642 ff0e3fa668d7e77d28fd9a3a02155993
    Size/MD5 checksum:   781992 14c09d25e1df5a79c7b068daf3c4281d
    Size/MD5 checksum:    34668 e678b72f4a60616259bf51e3e5292969
    Size/MD5 checksum:   176694 01affac870551a1bb69646cf2e706d7b

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:    84662 a769c08774d7fe51e12c01f46db03e1f
    Size/MD5 checksum:  3425843 bb11c95674e775b791dab2d15e630fa4
    Size/MD5 checksum:     1352 ede126e827fe756a6d2dc2612b5c066b

Architecture independent packages:
    Size/MD5 checksum:  1335218 bc7c1d7159d8f38dcec80b33f10b018b

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   920578 032c89af4f6f01016914355212e13f55
    Size/MD5 checksum:   920528 43c8e3456db24d3b829ce37dd08559cc
    Size/MD5 checksum:   856598 19d34579024997bfdf51660560320f23
    Size/MD5 checksum:    38034 2a58c66e3812236863accc85de3a6bdc
    Size/MD5 checksum:   292786 0eb8422bc6fb6b252c114e40edac7242

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   987308 937c2041b3a01b730c3b4e20a3b88fa6
    Size/MD5 checksum:   860528 882be5e34ecaf4bbf6ba6697485b2f9f
    Size/MD5 checksum:   775280 a573ee15451c4063323ea09c46538fb0
    Size/MD5 checksum:    37644 d780afdf19c341c6c3cc7095745b816a
    Size/MD5 checksum:   295274 44514b7d080c3ebf42136e6e9cb08f79

arm architecture (ARM)
    Size/MD5 checksum:    35172 afafb8a17cacd2eebe0c1f34ce4a19ed
    Size/MD5 checksum:   685494 27eb0011b60841a0e3e28e3988cec39b
    Size/MD5 checksum:   782486 21b876c4cd6b08fa57bc6841636c52a7
    Size/MD5 checksum:   246212 01e21f08d1ad33a21881f5a9d39f2cf1
    Size/MD5 checksum:   898974 71676ee73bee1530a4db8f5ce500312f

armel architecture (ARM EABI)
    Size/MD5 checksum:   907962 26de957cc9b4f46c620dae22ef41dd5d
    Size/MD5 checksum:   791576 23d808d4133ece9adc9635154a120099
    Size/MD5 checksum:   246716 87699a3f216f521f4f4f43846c0666d6
    Size/MD5 checksum:   692700 53ad0e171b17de90a5449841ef137c35
    Size/MD5 checksum:    34508 141c99e1b2257894fba7a4d9a5d1d1b1

hppa architecture (HP PA RISC)
    Size/MD5 checksum:    37620 9efff6376c156805b4d62cd7fb3e332a
    Size/MD5 checksum:   867368 23a3da9637ad6098b72f6db9ce75df29
    Size/MD5 checksum:   888948 7a19da4f1a82df3d8b73e4cb91b03418
    Size/MD5 checksum:   299222 51ff0803a6d43a2b74c93f094bac49e5
    Size/MD5 checksum:   931184 1fdc38b3b7964164b3570e9624e55ab4

i386 architecture (Intel ia32)
    Size/MD5 checksum:   698650 5ad8f30a41069977e7ccca7fefadb570
    Size/MD5 checksum:   265350 60afc77cb49462de733571e482f382e5
    Size/MD5 checksum:   814686 fd8b952b2874720e7100389a31304c59
    Size/MD5 checksum:   944018 d1ba99a57b122c10a6034bc83a1d67b2
    Size/MD5 checksum:    33792 b8d60b1ddb516e18e3ac61ddc193eb76

ia64 architecture (Intel ia64)
    Size/MD5 checksum:  1144372 8583ec92c578ac683aad8ff72152b94b
    Size/MD5 checksum:   320072 8b43a5d5822218a7f9ca3b511b2716db
    Size/MD5 checksum:   926002 6a66ba9defdcb34f4fc342876e733de2
    Size/MD5 checksum:    48094 4d41b116318ea3aae2da591f23d22c52
    Size/MD5 checksum:  1150510 52a05539fce0e748057d24b3c997e2b4

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:    34202 49252fce1bf324705bc740ae1b820fa3
    Size/MD5 checksum:   998980 3d509c62961a29d451a6648fcec33532
    Size/MD5 checksum:   811724 ed7e05077455ad2c90e9a900823da0f1
    Size/MD5 checksum:   831574 02fab2fc9b79ffbf799c802f2f6dc49e
    Size/MD5 checksum:   258152 639973a57b46a4419f5d5f0717ccb5ee

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:    34176 068fbd9ceb4b6d0232707e3f471f3c0c
    Size/MD5 checksum:   252608 c788547b91387dc325097d96d288abee
    Size/MD5 checksum:   975516 c11e341b7c028654eb4b81b393458ff1
    Size/MD5 checksum:   821792 8c027b694a20a55ca78431e4fc856e91
    Size/MD5 checksum:   809286 a35af5958b2aede1077c1a3ce0bcb204

powerpc architecture (PowerPC)
    Size/MD5 checksum:   285720 7015c9c368c1d752d54e15df9d075a43
    Size/MD5 checksum:   950416 e64bf35e8dcf5605274787e54e93b5e8
    Size/MD5 checksum:   834658 f5b6339e52c5e2bd4effcbbd1a711150
    Size/MD5 checksum:   789910 b02c1d8f170007a4a9d0b2e27ebbb5f8
    Size/MD5 checksum:    42048 63e5e8b5d101aedbc7f4607254919d30

s390 architecture (IBM S/390)
    Size/MD5 checksum:    38086 ae40946c4e649cee47bd9fc49dcbfc43
    Size/MD5 checksum:   762626 8a2f284489110517888404537b5953de
    Size/MD5 checksum:   854026 4af78786f69d6c1cc940af0a987e032b
    Size/MD5 checksum:   967838 e7694d2ac7bb121513c025a3061dab5d
    Size/MD5 checksum:   297650 d9ff3087bdd5044e1abab79452415405

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:   803746 c1881041958779fa17ec25db7fdd8ef5
    Size/MD5 checksum:   727250 e04f246ad1c7cf824500dd061196d396
    Size/MD5 checksum:   278918 42ccaad60937c813e9a4ee4d9c0b7b44
    Size/MD5 checksum:   845174 8dce349048ecc7b8c629c4dcc105cf41
    Size/MD5 checksum:    36424 65928e2b85e17b98e969ef11be6003fd

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
MongoDB Patches Remote Denial-of-Service Vulnerability
DDoS Attack Against GitHub Continues After More Than Four Days
5 keys to hiring security talent
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.