-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:243 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libxml2 Date : November 29, 2010 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered and corrected in libxml2: libxml2 before 2.7.8 reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document (CVE-2010-4008). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4008 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: cae85730aaa16e754195e18b2b128d48 2009.0/i586/libxml2_2-2.7.1-1.5mdv2009.0.i586.rpm f4edef0bd2539c874a4ee18dd3235495 2009.0/i586/libxml2-devel-2.7.1-1.5mdv2009.0.i586.rpm 592bbd5ad884cb7f15626d8ec00a945c 2009.0/i586/libxml2-python-2.7.1-1.5mdv2009.0.i586.rpm abfc530fe15542acf77e3abee46c5348 2009.0/i586/libxml2-utils-2.7.1-1.5mdv2009.0.i586.rpm 51bdedc951b8bbb6bbc3748c6a4b5f1f 2009.0/SRPMS/libxml2-2.7.1-1.5mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: aab2482cab13939e3d0ce93cfdd2d1b2 2009.0/x86_64/lib64xml2_2-2.7.1-1.5mdv2009.0.x86_64.rpm bac2084ecea5fd9459bd90f34f853045 2009.0/x86_64/lib64xml2-devel-2.7.1-1.5mdv2009.0.x86_64.rpm 418b6a3177323b782d9bb191f2d491e1 2009.0/x86_64/libxml2-python-2.7.1-1.5mdv2009.0.x86_64.rpm 69fd3a07ad8ac5a5eb44e2d1414104db 2009.0/x86_64/libxml2-utils-2.7.1-1.5mdv2009.0.x86_64.rpm 51bdedc951b8bbb6bbc3748c6a4b5f1f 2009.0/SRPMS/libxml2-2.7.1-1.5mdv2009.0.src.rpm Mandriva Linux 2010.0: fb5c9604e47d24e09ad712a649fcc35c 2010.0/i586/libxml2_2-2.7.6-1.1mdv2010.0.i586.rpm 6403c9bdaed960dbb3bcbe68666a52b7 2010.0/i586/libxml2-devel-2.7.6-1.1mdv2010.0.i586.rpm 586212f51e0791a0f2a38c7be5d9716a 2010.0/i586/libxml2-python-2.7.6-1.1mdv2010.0.i586.rpm 3be0dee356f402a507ad6b5d7a325a6d 2010.0/i586/libxml2-utils-2.7.6-1.1mdv2010.0.i586.rpm 145009255e759becf090ccbb7a222776 2010.0/SRPMS/libxml2-2.7.6-1.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: c63c714501a5b8ca2b9b6e9d5e937ddb 2010.0/x86_64/lib64xml2_2-2.7.6-1.1mdv2010.0.x86_64.rpm 657be2ee648752464520066023bd30ea 2010.0/x86_64/lib64xml2-devel-2.7.6-1.1mdv2010.0.x86_64.rpm 9d59d8f80191f2ed759de95958b4e0db 2010.0/x86_64/libxml2-python-2.7.6-1.1mdv2010.0.x86_64.rpm e2d0e7fdba10ad335bb9b58d0d8afb66 2010.0/x86_64/libxml2-utils-2.7.6-1.1mdv2010.0.x86_64.rpm 145009255e759becf090ccbb7a222776 2010.0/SRPMS/libxml2-2.7.6-1.1mdv2010.0.src.rpm Mandriva Linux 2010.1: e593d08acde951507fce73dbdf279b36 2010.1/i586/libxml2_2-2.7.7-1.1mdv2010.1.i586.rpm 53b338fe99b6824cb6edb16e3d388b51 2010.1/i586/libxml2-devel-2.7.7-1.1mdv2010.1.i586.rpm 139dacf78c8fb08030a5182784c112ec 2010.1/i586/libxml2-python-2.7.7-1.1mdv2010.1.i586.rpm 8dda64f49b49952502c50bf245ebf678 2010.1/i586/libxml2-utils-2.7.7-1.1mdv2010.1.i586.rpm 199d8b8af1f42c409b18e51731baf896 2010.1/SRPMS/libxml2-2.7.7-1.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: 75633f5ec4ef9eebdac70a9ecaab2449 2010.1/x86_64/lib64xml2_2-2.7.7-1.1mdv2010.1.x86_64.rpm e452646c112108d11d29a4ba78fba487 2010.1/x86_64/lib64xml2-devel-2.7.7-1.1mdv2010.1.x86_64.rpm 688e113fc36a3d51ee099e0e2ecaa28a 2010.1/x86_64/libxml2-python-2.7.7-1.1mdv2010.1.x86_64.rpm 493d57c4ec894516f11b69015b31ef5a 2010.1/x86_64/libxml2-utils-2.7.7-1.1mdv2010.1.x86_64.rpm 199d8b8af1f42c409b18e51731baf896 2010.1/SRPMS/libxml2-2.7.7-1.1mdv2010.1.src.rpm Corporate 4.0: 0c4e8b2ac2a276d280b66b6fa8551450 corporate/4.0/i586/libxml2-2.6.21-3.7.20060mlcs4.i586.rpm 53ccb20aea237421519e86d717a65369 corporate/4.0/i586/libxml2-devel-2.6.21-3.7.20060mlcs4.i586.rpm d08ff4980c6aca39516d1e726fbb974c corporate/4.0/i586/libxml2-python-2.6.21-3.7.20060mlcs4.i586.rpm fb30f123c27a29bd1efe793cfc257f90 corporate/4.0/i586/libxml2-utils-2.6.21-3.7.20060mlcs4.i586.rpm 46e9c8c019741553dd345a4d4487eb49 corporate/4.0/SRPMS/libxml2-2.6.21-3.7.20060mlcs4.src.rpm Corporate 4.0/X86_64: 92bc21ac3d7d357222b563fcb324b3c3 corporate/4.0/x86_64/lib64xml2-2.6.21-3.7.20060mlcs4.x86_64.rpm eb0624c01c1c4d3252ddeaf8163134eb corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.7.20060mlcs4.x86_64.rpm 80b58173e21e7f9e57b88082eccbefdc corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.7.20060mlcs4.x86_64.rpm 5b7d80b623a1dc07e5dd319919a11fbc corporate/4.0/x86_64/libxml2-utils-2.6.21-3.7.20060mlcs4.x86_64.rpm 46e9c8c019741553dd345a4d4487eb49 corporate/4.0/SRPMS/libxml2-2.6.21-3.7.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 4bc323f7bc1dab4927a7e8c4838ccc20 mes5/i586/libxml2_2-2.7.1-1.5mdvmes5.1.i586.rpm 5a1d23b817beb1fe3f2e939b0d2909ad mes5/i586/libxml2-devel-2.7.1-1.5mdvmes5.1.i586.rpm f53fd718b6f6e8e0e30b01aeb12b2f47 mes5/i586/libxml2-python-2.7.1-1.5mdvmes5.1.i586.rpm 717dc7dee73859eb65f68195fa4f80bc mes5/i586/libxml2-utils-2.7.1-1.5mdvmes5.1.i586.rpm 5fbf33c05587c8d4f1708737d52ffd58 mes5/SRPMS/libxml2-2.7.1-1.5mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 06e99ea43205f25da07f39ea5fcc9233 mes5/x86_64/lib64xml2_2-2.7.1-1.5mdvmes5.1.x86_64.rpm 3ee19da3eebf29286a0543da82ba3707 mes5/x86_64/lib64xml2-devel-2.7.1-1.5mdvmes5.1.x86_64.rpm 5f1d18dc754447947dd88a1b1cd7ab1d mes5/x86_64/libxml2-python-2.7.1-1.5mdvmes5.1.x86_64.rpm ef5f8b03f8006957af1c289aa61600e1 mes5/x86_64/libxml2-utils-2.7.1-1.5mdvmes5.1.x86_64.rpm 5fbf33c05587c8d4f1708737d52ffd58 mes5/SRPMS/libxml2-2.7.1-1.5mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFM87BcmqjQ0CJFipgRAhtLAKDShPCQ/Gsm7qBzvcTZaIdAyTL0wQCfc7vl ViUDiKySUb6P7eFnOzt8Eg8= =8Sf0 -----END PGP SIGNATURE-----