MDKSA-2004:127 - Updated libxml and libxml2 packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: libxml/libxml2
Advisory ID: MDKSA-2004:127
Date: November 4th, 2004
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Multiple buffer overflows were reported in the libxml XML parsing
library. These vulnerabilities may allow remote attackers to execute
arbitray code via a long FTP URL that is not properly handled by the
xmlNanoFTPScanURL() function, a long proxy URL containing FTP data
that is not properly handled by the xmlNanoFTPScanProxy() function,
and other overflows in the code that resolves names via DNS.
The updated packages have been patched to prevent these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0989
http://www.securityfocus.com/archive/1/379383/2004-10-24/2004-10-30/0
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
7419757d6dac2c319d3a488f0b6a91c8 10.0/RPMS/libxml1-1.8.17-6.1.100mdk.i586.rpm
d40f75aa7557169d865732b0b8edb525
10.0/RPMS/libxml1-devel-1.8.17-6.1.100mdk.i586.rpm
66dbbf660a64af3624044f56c86ed50d 10.0/RPMS/libxml2-2.6.6-1.1.100mdk.i586.rpm
b7913822ad7bbb14c9cbc2f415563bf9
10.0/RPMS/libxml2-devel-2.6.6-1.1.100mdk.i586.rpm
61184cf07497236d7b105754eb05c697
10.0/RPMS/libxml2-python-2.6.6-1.1.100mdk.i586.rpm
59cd56d41cdb1039874a673ae3791ef7
10.0/RPMS/libxml2-utils-2.6.6-1.1.100mdk.i586.rpm
9c5781c68ad92993881e8acc01c7309f 10.0/SRPMS/libxml-1.8.17-6.1.100mdk.src.rpm
9c9be888864046dbda69be1ca4a58a2a 10.0/SRPMS/libxml2-2.6.6-1.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
683fcffa9607a750c8312d1c1d6ddc65
amd64/10.0/RPMS/lib64xml1-1.8.17-6.1.100mdk.amd64.rpm
253692d726628da01f7f8024a96ad436
amd64/10.0/RPMS/lib64xml1-devel-1.8.17-6.1.100mdk.amd64.rpm
98ab2e2dfabc30de2d0f59e3b3424c41
amd64/10.0/RPMS/lib64xml2-2.6.6-1.1.100mdk.amd64.rpm
c664e1217977155d96d816b3256e8d8e
amd64/10.0/RPMS/lib64xml2-devel-2.6.6-1.1.100mdk.amd64.rpm
aca60f6e140a046829736c990fba6143
amd64/10.0/RPMS/lib64xml2-python-2.6.6-1.1.100mdk.amd64.rpm
86c957fe4934ffee9898a0c7ba3de5ab
amd64/10.0/RPMS/libxml2-utils-2.6.6-1.1.100mdk.amd64.rpm
9c5781c68ad92993881e8acc01c7309f
amd64/10.0/SRPMS/libxml-1.8.17-6.1.100mdk.src.rpm
9c9be888864046dbda69be1ca4a58a2a
amd64/10.0/SRPMS/libxml2-2.6.6-1.1.100mdk.src.rpm
Mandrakelinux 10.1:
98fd4f0fa913e362dacb950c0540be8b 10.1/RPMS/libxml1-1.8.17-7.1.101mdk.i586.rpm
f24c6ab2bb6d9899442ba35f3f91c7dd
10.1/RPMS/libxml1-devel-1.8.17-7.1.101mdk.i586.rpm
800dfc3e063ff10c043c17ee8dc4f49f 10.1/RPMS/libxml2-2.6.13-1.1.101mdk.i586.rpm
87878f97cd6652730c00eb611d8ec7af
10.1/RPMS/libxml2-devel-2.6.13-1.1.101mdk.i586.rpm
fd89cbe73c2370cd57c6b3302b850886
10.1/RPMS/libxml2-python-2.6.13-1.1.101mdk.i586.rpm
63ecb7675502f5955fdb72d2e222830f
10.1/RPMS/libxml2-utils-2.6.13-1.1.101mdk.i586.rpm
da1f3b2a5cceb46f30d423616d226882 10.1/SRPMS/libxml-1.8.17-7.1.101mdk.src.rpm
5552da4d362b3a27243dc98ab6c1c0d9 10.1/SRPMS/libxml2-2.6.13-1.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
d848c1c1233190864346d689b9512aaa
x86_64/10.1/RPMS/lib64xml1-1.8.17-7.1.101mdk.x86_64.rpm
37be7e8d34fca17695ae9cb16a3c7a77
x86_64/10.1/RPMS/lib64xml1-devel-1.8.17-7.1.101mdk.x86_64.rpm
a5d1c7bf22f556f353f395ff43cfd793
x86_64/10.1/RPMS/lib64xml2-2.6.13-1.1.101mdk.x86_64.rpm
109819157cfd2b5c43e27d4c6b535002
x86_64/10.1/RPMS/lib64xml2-devel-2.6.13-1.1.101mdk.x86_64.rpm
da50fee3f309d9a64f1e02dd004d3565
x86_64/10.1/RPMS/lib64xml2-python-2.6.13-1.1.101mdk.x86_64.rpm
5f9df318943285a2cd2656481709c816
x86_64/10.1/RPMS/libxml2-utils-2.6.13-1.1.101mdk.x86_64.rpm
da1f3b2a5cceb46f30d423616d226882
x86_64/10.1/SRPMS/libxml-1.8.17-7.1.101mdk.src.rpm
5552da4d362b3a27243dc98ab6c1c0d9
x86_64/10.1/SRPMS/libxml2-2.6.13-1.1.101mdk.src.rpm
Corporate Server 2.1:
7ee991da9ebdd0db1c630e5f7f7a2e68
corporate/2.1/RPMS/libxml-1.8.17-3.1.C21mdk.i586.rpm
995d648bf56c15b1e38a8377ac8bee93
corporate/2.1/RPMS/libxml-devel-1.8.17-3.1.C21mdk.i586.rpm
0fb75fe4af5b62adb91475e5b666aa6a
corporate/2.1/SRPMS/libxml-1.8.17-3.1.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
e061926904a3642490d518fb75924243
x86_64/corporate/2.1/RPMS/libxml-1.8.17-3.1.C21mdk.x86_64.rpm
f55c0b08b97d70ad492ccfc564cbdd27
x86_64/corporate/2.1/RPMS/libxml-devel-1.8.17-3.1.C21mdk.x86_64.rpm
0fb75fe4af5b62adb91475e5b666aa6a
x86_64/corporate/2.1/SRPMS/libxml-1.8.17-3.1.C21mdk.src.rpm
Mandrakelinux 9.2:
72d13d93c1858448f0bb2ec0288a9d25 9.2/RPMS/libxml1-1.8.17-5.1.92mdk.i586.rpm
ab7a59085d367027677ef6609e6348a0
9.2/RPMS/libxml1-devel-1.8.17-5.1.92mdk.i586.rpm
43142581482c83f203077245b6bb0c70 9.2/RPMS/libxml2-2.5.11-1.3.92mdk.i586.rpm
6ca792aff2e4abbcae971b482419012c
9.2/RPMS/libxml2-devel-2.5.11-1.3.92mdk.i586.rpm
67c76fe7afc7ca26c0b045b5085f6f3c
9.2/RPMS/libxml2-python-2.5.11-1.3.92mdk.i586.rpm
307841352f18a276c0c8253cd43c5929
9.2/RPMS/libxml2-utils-2.5.11-1.3.92mdk.i586.rpm
7e002b307e83de3a2a71de8b569b145f 9.2/SRPMS/libxml-1.8.17-5.1.92mdk.src.rpm
23300b109e69d4e898a730bc2255189e 9.2/SRPMS/libxml2-2.5.11-1.3.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
84f5e4ec24350c0a49183f2440ac6a65
amd64/9.2/RPMS/lib64xml1-1.8.17-5.1.92mdk.amd64.rpm
c53ab1e8ef8ae81fa9288bd202667934
amd64/9.2/RPMS/lib64xml1-devel-1.8.17-5.1.92mdk.amd64.rpm
1d440ef17ecd3d0fb464fe5e99f370ca
amd64/9.2/RPMS/lib64xml2-2.5.11-1.3.92mdk.amd64.rpm
57532e5ed444a97b5ab1ff79a6b3b611
amd64/9.2/RPMS/lib64xml2-devel-2.5.11-1.3.92mdk.amd64.rpm
dcd8a5348c6cdf77f1895517e70f4d21
amd64/9.2/RPMS/lib64xml2-python-2.5.11-1.3.92mdk.amd64.rpm
da8d39dd584708f248dd5d2997f462f2
amd64/9.2/RPMS/libxml2-utils-2.5.11-1.3.92mdk.amd64.rpm
7e002b307e83de3a2a71de8b569b145f
amd64/9.2/SRPMS/libxml-1.8.17-5.1.92mdk.src.rpm
23300b109e69d4e898a730bc2255189e
amd64/9.2/SRPMS/libxml2-2.5.11-1.3.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBisuLmqjQ0CJFipgRAhV5AJ4076CTq+/xzDivWvzwFS1OsKquKACgrWoE
z/faJYEpShdwHAEqdkrPMAo=
=cF7Q
-----END PGP SIGNATURE-----