Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Luciano Bello <luciano <at> debian.org>
Subject: [DSA 2394-1] libxml2 security update
Newsgroups: gmane.linux.debian.user.security.announce
Date: Thursday 26th January 2012 22:46:37 UTC (over 4 years ago)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2394-1                   [email protected]
http://www.debian.org/security/ 
                           Luciano Bello
January 27, 2012                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libxml2
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-0216 CVE-2011-2821 CVE-2011-2834 CVE-2011-3905 
                 CVE-2011-3919 
Debian Bug     : 652352 643648 656377

Many security problems had been fixed in libxml2, a popular library to
handle
XML data files.

CVE-2011-3919:
JĂźri Aedla discovered a heap-based buffer overflow that allows remote
attackers
to cause a denial of service or possibly have unspecified other impact via
unknown vectors.

CVE-2011-0216:
An Off-by-one error have been discoveried that allows remote attackers to 
execute arbitrary code or cause a denial of service. 

CVE-2011-2821:
A memory corruption (double free) bug has been identified in libxml2's
XPath
engine. Through it, it is possible to an attacker allows cause a denial of 
service or possibly have unspecified other impact. This vulnerability does
not
affect the oldstable distribution (lenny).

CVE-2011-2834:
Yang Dingning discovered a double free vulnerability related to XPath
handling.

CVE-2011-3905:
An out-of-bounds read vulnerability had been discovered, which allows
remote
attackers to cause a denial of service.

For the oldstable distribution (lenny), this problem has been fixed in
version 2.6.32.dfsg-5+lenny5.

For the stable distribution (squeeze), this problem has been fixed in
version 2.7.8.dfsg-2+squeeze2.

For the testing distribution (wheezy), this problem has been fixed in
version 2.7.8.dfsg-7.

For the unstable distribution (sid), this problem has been fixed in
version 2.7.8.dfsg-7.

We recommend that you upgrade your libxml2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk8h1n8ACgkQQWTRs4lLtHnXgACfV+dXC4Yc/aNb5udhKMYsEryT
mXAAoLetgUJRnDACae5LC9qnegUiNHRt
=j/Is
-----END PGP SIGNATURE-----
 
CD: 3ms