-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:098 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libxml2 Date : June 21, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in libxml2: An Off-by-one error in libxml2 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors (CVE-2011-3102). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: c0461d223d25e8a2857c64953b2b4bbb 2010.1/i586/libxml2_2-2.7.7-1.8mdv2010.2.i586.rpm 7706b1ef1bf98997275d907f00115d40 2010.1/i586/libxml2-devel-2.7.7-1.8mdv2010.2.i586.rpm ac3a4580937dfc0bea6a8b5a4440d3d7 2010.1/i586/libxml2-python-2.7.7-1.8mdv2010.2.i586.rpm 2543421fd9a764712956d9ec7cc29735 2010.1/i586/libxml2-utils-2.7.7-1.8mdv2010.2.i586.rpm 7b5cc8f7d4307694f994b4841298001a 2010.1/SRPMS/libxml2-2.7.7-1.8mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: be969eb2120f0ce934b4a3e439eeef9e 2010.1/x86_64/lib64xml2_2-2.7.7-1.8mdv2010.2.x86_64.rpm b157a2a25300a94f43d9519f65b34fc5 2010.1/x86_64/lib64xml2-devel-2.7.7-1.8mdv2010.2.x86_64.rpm c3e4d81eb93b56c97c3fc4a4de9898d1 2010.1/x86_64/libxml2-python-2.7.7-1.8mdv2010.2.x86_64.rpm 34ccac69c45a74aca6dc3b5ddbca3897 2010.1/x86_64/libxml2-utils-2.7.7-1.8mdv2010.2.x86_64.rpm 7b5cc8f7d4307694f994b4841298001a 2010.1/SRPMS/libxml2-2.7.7-1.8mdv2010.2.src.rpm Mandriva Linux 2011: fa3e1afaa06313e8e637e0e1bd8dc034 2011/i586/libxml2_2-2.7.8-6.6-mdv2011.0.i586.rpm f9bf3505ce7dfdc2ea26bb5a3ead5a2b 2011/i586/libxml2-devel-2.7.8-6.6-mdv2011.0.i586.rpm 793a7f2e79156fd24256720972e00ae4 2011/i586/libxml2-python-2.7.8-6.6-mdv2011.0.i586.rpm 629e9ce8da67bd42d0b75c7a1d971598 2011/i586/libxml2-utils-2.7.8-6.6-mdv2011.0.i586.rpm 26a2ff0552ddc63b67578555c559933a 2011/SRPMS/libxml2-2.7.8-6.6.src.rpm Mandriva Linux 2011/X86_64: 64f1f52da84a5bac34f4480f2243335d 2011/x86_64/lib64xml2_2-2.7.8-6.6-mdv2011.0.x86_64.rpm f54abb23118e2a84b7294a94a9de9fec 2011/x86_64/lib64xml2-devel-2.7.8-6.6-mdv2011.0.x86_64.rpm 35f8648d5135a7ad82290658449e4419 2011/x86_64/libxml2-python-2.7.8-6.6-mdv2011.0.x86_64.rpm f1b999261ab2ddbc75e39edf574682e0 2011/x86_64/libxml2-utils-2.7.8-6.6-mdv2011.0.x86_64.rpm 26a2ff0552ddc63b67578555c559933a 2011/SRPMS/libxml2-2.7.8-6.6.src.rpm Mandriva Enterprise Server 5: e8f78cba230875f00cc66e38a5d073ab mes5/i586/libxml2_2-2.7.1-1.12mdvmes5.2.i586.rpm 8a05a37e788390d5bdf7c7d06bdb3d45 mes5/i586/libxml2-devel-2.7.1-1.12mdvmes5.2.i586.rpm 85aa790648a830200b25cd7d3c560f9b mes5/i586/libxml2-python-2.7.1-1.12mdvmes5.2.i586.rpm dd17b0e4dfad86cf598c8296053f70e1 mes5/i586/libxml2-utils-2.7.1-1.12mdvmes5.2.i586.rpm 5095525663e34a9c6e7b8bdae763be58 mes5/SRPMS/libxml2-2.7.1-1.12mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 7dc33151c191a90e7b5a7b26ee3e6335 mes5/x86_64/lib64xml2_2-2.7.1-1.12mdvmes5.2.x86_64.rpm efd29140bba4ca35237798f6f14b3ac1 mes5/x86_64/lib64xml2-devel-2.7.1-1.12mdvmes5.2.x86_64.rpm 8d081103c58c000c3f7803911ce122a0 mes5/x86_64/libxml2-python-2.7.1-1.12mdvmes5.2.x86_64.rpm 6efed51b1b6a05f7fa2f864d17b12bc5 mes5/x86_64/libxml2-utils-2.7.1-1.12mdvmes5.2.x86_64.rpm 5095525663e34a9c6e7b8bdae763be58 mes5/SRPMS/libxml2-2.7.1-1.12mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFP4tCUmqjQ0CJFipgRAo9rAKC4sIZw21Mn38SOsU0jPtmiXCSm4QCeJFz8 +WSFZ3W+HdBn8JaKKGRLGAc= =dP6J -----END PGP SIGNATURE-----