LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2012:176: libxml2 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability was found and corrected in libxml2: A heap-buffer overflow was found in the way libxml2 decoded certain XML entitites. A remote attacker could provide a specially-crafted XML file, which once opened in an application linked against libxml [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:176
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libxml2
 Date    : December 2, 2012
 Affected: 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was found and corrected in libxml2:
 
 A heap-buffer overflow was found in the way libxml2 decoded certain
 XML entitites. A remote attacker could provide a specially-crafted
 XML file, which once opened in an application linked against libxml
 would cause that application to crash, or, potentially, execute
 arbitrary code with the privileges of the user running the application
 (CVE-2012-5134).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 b77de360ca61239e7b28f0ecc046a8df  2011/i586/libxml2_2-2.7.8-6.8-mdv2011.0.i586.rpm
 e7242a7bb8c253caed9a1e31dc13a91f  2011/i586/libxml2-devel-2.7.8-6.8-mdv2011.0.i586.rpm
 9cd0fd59447fac1f0e3a8fdf953a3d38  2011/i586/libxml2-python-2.7.8-6.8-mdv2011.0.i586.rpm
 9004f9264ec86f2f8ec402e7782fe079  2011/i586/libxml2-utils-2.7.8-6.8-mdv2011.0.i586.rpm 
 e164bcea2d67fc4f565b78b40d6ffdd7  2011/SRPMS/libxml2-2.7.8-6.8.src.rpm

 Mandriva Linux 2011/X86_64:
 3f04ec8d2e1a85598b17237f8a2ac9b8  2011/x86_64/lib64xml2_2-2.7.8-6.8-mdv2011.0.x86_64.rpm
 0fa0d04eef390f3f99310294c5464c66  2011/x86_64/lib64xml2-devel-2.7.8-6.8-mdv2011.0.x86_64.rpm
 624573d764b618c19cb24071e1b9b3d1  2011/x86_64/libxml2-python-2.7.8-6.8-mdv2011.0.x86_64.rpm
 d654460ab7a2556d14aeb7df74fd0eee  2011/x86_64/libxml2-utils-2.7.8-6.8-mdv2011.0.x86_64.rpm 
 e164bcea2d67fc4f565b78b40d6ffdd7  2011/SRPMS/libxml2-2.7.8-6.8.src.rpm

 Mandriva Enterprise Server 5:
 cf6c7e82a296e5e05aea67a4c163326d  mes5/i586/libxml2_2-2.7.1-1.14mdvmes5.2.i586.rpm
 9faf040efb0aa5ca173b25c52ff92a93  mes5/i586/libxml2-devel-2.7.1-1.14mdvmes5.2.i586.rpm
 06cd79c7ab5a8217b3dbe8b50a542ab6  mes5/i586/libxml2-python-2.7.1-1.14mdvmes5.2.i586.rpm
 7304980efce76b79cf9d81e8d03b6271  mes5/i586/libxml2-utils-2.7.1-1.14mdvmes5.2.i586.rpm 
 6917e3c972fa5e115766c7c8395a47e6  mes5/SRPMS/libxml2-2.7.1-1.14mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 63463113fd1d520b864e96429ab2c79a  mes5/x86_64/lib64xml2_2-2.7.1-1.14mdvmes5.2.x86_64.rpm
 7990c8354872ac1559040a64436fca79  mes5/x86_64/lib64xml2-devel-2.7.1-1.14mdvmes5.2.x86_64.rpm
 46f79f00ea4d2d1fbf130ef30c6bb93b  mes5/x86_64/libxml2-python-2.7.1-1.14mdvmes5.2.x86_64.rpm
 6b8aa5a433ed9ecad1b5a2bc8972b93f  mes5/x86_64/libxml2-utils-2.7.1-1.14mdvmes5.2.x86_64.rpm 
 6917e3c972fa5e115766c7c8395a47e6  mes5/SRPMS/libxml2-2.7.1-1.14mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google Releases Open Source Tool for Testing Web App Security Scanners
Most Targeted Attacks Exploit Privileged Accounts
NotCompable sets new standards for mobile botnet sophistication
Hands on with Caine Linux: Pentesting and UEFI compatible
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.