Mandriva Linux Security Advisory 2012-098 - An Off-by-one error in libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. The updated packages have been patched to correct this issue.
92164d666f63cc7c78be961e77d166e66cfe2c8d03992309cf257dcce674abd7
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:098
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libxml2
Date : June 21, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in libxml2:
An Off-by-one error in libxml2 allows remote attackers to cause a
denial of service (out-of-bounds write) or possibly have unspecified
other impact via unknown vectors (CVE-2011-3102).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
c0461d223d25e8a2857c64953b2b4bbb 2010.1/i586/libxml2_2-2.7.7-1.8mdv2010.2.i586.rpm
7706b1ef1bf98997275d907f00115d40 2010.1/i586/libxml2-devel-2.7.7-1.8mdv2010.2.i586.rpm
ac3a4580937dfc0bea6a8b5a4440d3d7 2010.1/i586/libxml2-python-2.7.7-1.8mdv2010.2.i586.rpm
2543421fd9a764712956d9ec7cc29735 2010.1/i586/libxml2-utils-2.7.7-1.8mdv2010.2.i586.rpm
7b5cc8f7d4307694f994b4841298001a 2010.1/SRPMS/libxml2-2.7.7-1.8mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
be969eb2120f0ce934b4a3e439eeef9e 2010.1/x86_64/lib64xml2_2-2.7.7-1.8mdv2010.2.x86_64.rpm
b157a2a25300a94f43d9519f65b34fc5 2010.1/x86_64/lib64xml2-devel-2.7.7-1.8mdv2010.2.x86_64.rpm
c3e4d81eb93b56c97c3fc4a4de9898d1 2010.1/x86_64/libxml2-python-2.7.7-1.8mdv2010.2.x86_64.rpm
34ccac69c45a74aca6dc3b5ddbca3897 2010.1/x86_64/libxml2-utils-2.7.7-1.8mdv2010.2.x86_64.rpm
7b5cc8f7d4307694f994b4841298001a 2010.1/SRPMS/libxml2-2.7.7-1.8mdv2010.2.src.rpm
Mandriva Linux 2011:
fa3e1afaa06313e8e637e0e1bd8dc034 2011/i586/libxml2_2-2.7.8-6.6-mdv2011.0.i586.rpm
f9bf3505ce7dfdc2ea26bb5a3ead5a2b 2011/i586/libxml2-devel-2.7.8-6.6-mdv2011.0.i586.rpm
793a7f2e79156fd24256720972e00ae4 2011/i586/libxml2-python-2.7.8-6.6-mdv2011.0.i586.rpm
629e9ce8da67bd42d0b75c7a1d971598 2011/i586/libxml2-utils-2.7.8-6.6-mdv2011.0.i586.rpm
26a2ff0552ddc63b67578555c559933a 2011/SRPMS/libxml2-2.7.8-6.6.src.rpm
Mandriva Linux 2011/X86_64:
64f1f52da84a5bac34f4480f2243335d 2011/x86_64/lib64xml2_2-2.7.8-6.6-mdv2011.0.x86_64.rpm
f54abb23118e2a84b7294a94a9de9fec 2011/x86_64/lib64xml2-devel-2.7.8-6.6-mdv2011.0.x86_64.rpm
35f8648d5135a7ad82290658449e4419 2011/x86_64/libxml2-python-2.7.8-6.6-mdv2011.0.x86_64.rpm
f1b999261ab2ddbc75e39edf574682e0 2011/x86_64/libxml2-utils-2.7.8-6.6-mdv2011.0.x86_64.rpm
26a2ff0552ddc63b67578555c559933a 2011/SRPMS/libxml2-2.7.8-6.6.src.rpm
Mandriva Enterprise Server 5:
e8f78cba230875f00cc66e38a5d073ab mes5/i586/libxml2_2-2.7.1-1.12mdvmes5.2.i586.rpm
8a05a37e788390d5bdf7c7d06bdb3d45 mes5/i586/libxml2-devel-2.7.1-1.12mdvmes5.2.i586.rpm
85aa790648a830200b25cd7d3c560f9b mes5/i586/libxml2-python-2.7.1-1.12mdvmes5.2.i586.rpm
dd17b0e4dfad86cf598c8296053f70e1 mes5/i586/libxml2-utils-2.7.1-1.12mdvmes5.2.i586.rpm
5095525663e34a9c6e7b8bdae763be58 mes5/SRPMS/libxml2-2.7.1-1.12mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
7dc33151c191a90e7b5a7b26ee3e6335 mes5/x86_64/lib64xml2_2-2.7.1-1.12mdvmes5.2.x86_64.rpm
efd29140bba4ca35237798f6f14b3ac1 mes5/x86_64/lib64xml2-devel-2.7.1-1.12mdvmes5.2.x86_64.rpm
8d081103c58c000c3f7803911ce122a0 mes5/x86_64/libxml2-python-2.7.1-1.12mdvmes5.2.x86_64.rpm
6efed51b1b6a05f7fa2f864d17b12bc5 mes5/x86_64/libxml2-utils-2.7.1-1.12mdvmes5.2.x86_64.rpm
5095525663e34a9c6e7b8bdae763be58 mes5/SRPMS/libxml2-2.7.1-1.12mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFP4tCUmqjQ0CJFipgRAo9rAKC4sIZw21Mn38SOsU0jPtmiXCSm4QCeJFz8
+WSFZ3W+HdBn8JaKKGRLGAc=
=dP6J
-----END PGP SIGNATURE-----