-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:010 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libxml2 Date : January 11, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A denial of service flaw was discovered by the Google Security Team in the way libxml2 processes malformed XML content. This flaw could cause the application to stop responding. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6284 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 77dacb3f7ceed6b154d13b2230993f6a 2007.0/i586/libxml2-2.6.26-2.1mdv2007.0.i586.rpm b65bd8c95b4cb202ad9c6ee0b0bd240a 2007.0/i586/libxml2-devel-2.6.26-2.1mdv2007.0.i586.rpm 783aa1a2d3e7e8f7e1d97a656606e1c0 2007.0/i586/libxml2-python-2.6.26-2.1mdv2007.0.i586.rpm fc8a74a258531db13fa948d95f4c2b0f 2007.0/i586/libxml2-utils-2.6.26-2.1mdv2007.0.i586.rpm 213917a525e29b1be556eaa909ae70b8 2007.0/SRPMS/libxml2-2.6.26-2.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 39239bd612197276042a12756b12f25a 2007.0/x86_64/lib64xml2-2.6.26-2.1mdv2007.0.x86_64.rpm 8559d17572b7ecf59c322fd5e24a32ac 2007.0/x86_64/lib64xml2-devel-2.6.26-2.1mdv2007.0.x86_64.rpm 9be60ad740a273022ba6f0ac63242d4e 2007.0/x86_64/lib64xml2-python-2.6.26-2.1mdv2007.0.x86_64.rpm 6d455daad1c6043033535790f6891a03 2007.0/x86_64/libxml2-utils-2.6.26-2.1mdv2007.0.x86_64.rpm 213917a525e29b1be556eaa909ae70b8 2007.0/SRPMS/libxml2-2.6.26-2.1mdv2007.0.src.rpm Mandriva Linux 2007.1: 39a6f6fd2ebed09f57fb448d5608254d 2007.1/i586/libxml2-2.6.27-3.1mdv2007.1.i586.rpm 85dd4f3000b2d7a1b3ec6d7c0a839481 2007.1/i586/libxml2-devel-2.6.27-3.1mdv2007.1.i586.rpm 04d59c5ceb87225b3da6b31a76c6e5a2 2007.1/i586/libxml2-python-2.6.27-3.1mdv2007.1.i586.rpm 87814c987e3c1f58c722a3ea3a8e310c 2007.1/i586/libxml2-utils-2.6.27-3.1mdv2007.1.i586.rpm fb22892957a80ffd6f6a3679dda1ff3a 2007.1/SRPMS/libxml2-2.6.27-3.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: fe616f34b82ffd18e15e34c33efbac7a 2007.1/x86_64/lib64xml2-2.6.27-3.1mdv2007.1.x86_64.rpm 77b4273b2b847dc93430288b313effe1 2007.1/x86_64/lib64xml2-devel-2.6.27-3.1mdv2007.1.x86_64.rpm 7256a9e600ba1ccffe8263b7ca79ca9f 2007.1/x86_64/lib64xml2-python-2.6.27-3.1mdv2007.1.x86_64.rpm ba8ef3136d30fc8df4ab560eb6ed8d07 2007.1/x86_64/libxml2-utils-2.6.27-3.1mdv2007.1.x86_64.rpm fb22892957a80ffd6f6a3679dda1ff3a 2007.1/SRPMS/libxml2-2.6.27-3.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 3c20ada83e676e7746b79f1a31727dbc 2008.0/i586/libxml2-devel-2.6.30-1.1mdv2008.0.i586.rpm 6d48ec5ab06b9c9da52f09ac30dc9c80 2008.0/i586/libxml2-python-2.6.30-1.1mdv2008.0.i586.rpm ab3b8931c36ab441c50bd807c7c1f178 2008.0/i586/libxml2-utils-2.6.30-1.1mdv2008.0.i586.rpm e830e8a3ff3be74baca3b6d6e08048db 2008.0/i586/libxml2_2-2.6.30-1.1mdv2008.0.i586.rpm 95a1741cd2ffc9aea77525d3f4ce1032 2008.0/SRPMS/libxml2-2.6.30-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: b906a3f182b4c263e6866469b7830d37 2008.0/x86_64/lib64xml2-devel-2.6.30-1.1mdv2008.0.x86_64.rpm 938706227bb990215af729038959499e 2008.0/x86_64/lib64xml2_2-2.6.30-1.1mdv2008.0.x86_64.rpm dc73b6975441524b039e168e471d4a4a 2008.0/x86_64/libxml2-python-2.6.30-1.1mdv2008.0.x86_64.rpm 0388308a1a1bc7286112023204048c30 2008.0/x86_64/libxml2-utils-2.6.30-1.1mdv2008.0.x86_64.rpm 95a1741cd2ffc9aea77525d3f4ce1032 2008.0/SRPMS/libxml2-2.6.30-1.1mdv2008.0.src.rpm Corporate 3.0: 0922b67b2e1f8731f72e4ca3b5585d92 corporate/3.0/i586/libxml2-2.6.6-1.2.C30mdk.i586.rpm dda560864d31455db52e8f00dc2aa43f corporate/3.0/i586/libxml2-devel-2.6.6-1.2.C30mdk.i586.rpm e6f5fd59e95a74c09cdd57deed498c9a corporate/3.0/i586/libxml2-python-2.6.6-1.2.C30mdk.i586.rpm 7dac1af99fa5eda79e8b9d471d86c55d corporate/3.0/i586/libxml2-utils-2.6.6-1.2.C30mdk.i586.rpm 56183137289bcf9c11699e891dac442a corporate/3.0/SRPMS/libxml2-2.6.6-1.2.C30mdk.src.rpm Corporate 3.0/X86_64: 186a08bf1f0110bfaa5bd884934b2fac corporate/3.0/x86_64/lib64xml2-2.6.6-1.2.C30mdk.x86_64.rpm 05cf4c50a781c706c020854971160934 corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.2.C30mdk.x86_64.rpm b636186a1473f4a45fecc396e9cd5be4 corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.2.C30mdk.x86_64.rpm ba733e52ff5a7bf0662d6ad4cf4f4db5 corporate/3.0/x86_64/libxml2-utils-2.6.6-1.2.C30mdk.x86_64.rpm 56183137289bcf9c11699e891dac442a corporate/3.0/SRPMS/libxml2-2.6.6-1.2.C30mdk.src.rpm Corporate 4.0: a9dfe938313ea3d1a8d7eabe81109e82 corporate/4.0/i586/libxml2-2.6.21-3.1.20060mlcs4.i586.rpm 81242f717837d167804a74c133aca257 corporate/4.0/i586/libxml2-devel-2.6.21-3.1.20060mlcs4.i586.rpm 4f72201469336da9fba2b2a2237f454d corporate/4.0/i586/libxml2-python-2.6.21-3.1.20060mlcs4.i586.rpm b50e445cab3dfb2eef5d6870fcb0e389 corporate/4.0/i586/libxml2-utils-2.6.21-3.1.20060mlcs4.i586.rpm b6aba6be396f65fa83ed0bc129b26e39 corporate/4.0/SRPMS/libxml2-2.6.21-3.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 1e842a7e72843912858d308ae9d1e15b corporate/4.0/x86_64/lib64xml2-2.6.21-3.1.20060mlcs4.x86_64.rpm d129d0911beee47ebfc84d635825c907 corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.1.20060mlcs4.x86_64.rpm 6e74fb611a915fe3ee14e4425257e1e8 corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.1.20060mlcs4.x86_64.rpm cafcc6d6ccbe9fb2ea58051de8261d2d corporate/4.0/x86_64/libxml2-utils-2.6.21-3.1.20060mlcs4.x86_64.rpm b6aba6be396f65fa83ed0bc129b26e39 corporate/4.0/SRPMS/libxml2-2.6.21-3.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHh+bFmqjQ0CJFipgRArjjAKDLhZbdha52orVNoyDU7FdnBVJHPwCgkYJa kwbUo0ByhybOZevM9pHc078= =CeNP -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/