-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:260 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libxml2 Date : December 29, 2010 Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered and corrected in libxml2: A double free vulnerability in libxml2 (xpath.c) allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling (CVE-2010-4494). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4494 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 96c73cd0275bf62c4f55f8b3ced65276 2009.0/i586/libxml2_2-2.7.1-1.6mdv2009.0.i586.rpm d18337679504219933df364ff99654d1 2009.0/i586/libxml2-devel-2.7.1-1.6mdv2009.0.i586.rpm 0b19bed229abf10f37a0c8e53a78a17c 2009.0/i586/libxml2-python-2.7.1-1.6mdv2009.0.i586.rpm 6bf08a04ea7043f45701995a28a37e59 2009.0/i586/libxml2-utils-2.7.1-1.6mdv2009.0.i586.rpm a025dd5329b18e0709d9085069345792 2009.0/SRPMS/libxml2-2.7.1-1.6mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: c024c8111a6d49dd066f770e70985f0f 2009.0/x86_64/lib64xml2_2-2.7.1-1.6mdv2009.0.x86_64.rpm b97952e8024f2de6a527170169d78950 2009.0/x86_64/lib64xml2-devel-2.7.1-1.6mdv2009.0.x86_64.rpm f9b44c5075667a92b63efbc37c3ab6d9 2009.0/x86_64/libxml2-python-2.7.1-1.6mdv2009.0.x86_64.rpm 307af2c16cc1f8e2a8f33add4d9359e8 2009.0/x86_64/libxml2-utils-2.7.1-1.6mdv2009.0.x86_64.rpm a025dd5329b18e0709d9085069345792 2009.0/SRPMS/libxml2-2.7.1-1.6mdv2009.0.src.rpm Mandriva Linux 2010.0: fb23076b91a89a6c30dfe0a13c60a3a0 2010.0/i586/libxml2_2-2.7.6-1.2mdv2010.0.i586.rpm 2cfe197a520d50b7a4aacbe69e34d992 2010.0/i586/libxml2-devel-2.7.6-1.2mdv2010.0.i586.rpm 11a27a4fbe756782839fc251a03d03c9 2010.0/i586/libxml2-python-2.7.6-1.2mdv2010.0.i586.rpm d63bf5a32e469c7c85ba8a0b32821375 2010.0/i586/libxml2-utils-2.7.6-1.2mdv2010.0.i586.rpm 86fe4255945ee8127d5a0377e8ac031f 2010.0/SRPMS/libxml2-2.7.6-1.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 6428ceadebd4b6244caef22abcb52364 2010.0/x86_64/lib64xml2_2-2.7.6-1.2mdv2010.0.x86_64.rpm 7ca4a16224eb8cf414923d9364d12c2f 2010.0/x86_64/lib64xml2-devel-2.7.6-1.2mdv2010.0.x86_64.rpm 381825a5af36865bb160ceccde4836b2 2010.0/x86_64/libxml2-python-2.7.6-1.2mdv2010.0.x86_64.rpm bb58d3474eb59b21e98828bc2b430dfa 2010.0/x86_64/libxml2-utils-2.7.6-1.2mdv2010.0.x86_64.rpm 86fe4255945ee8127d5a0377e8ac031f 2010.0/SRPMS/libxml2-2.7.6-1.2mdv2010.0.src.rpm Mandriva Linux 2010.1: c250b5329744ededca54f1698b36db45 2010.1/i586/libxml2_2-2.7.7-1.2mdv2010.2.i586.rpm 646db4be689674625e8b834c4cb349bb 2010.1/i586/libxml2-devel-2.7.7-1.2mdv2010.2.i586.rpm a47f416a65258e3988865a69a36c0aa2 2010.1/i586/libxml2-python-2.7.7-1.2mdv2010.2.i586.rpm e9c0561f1d270470b2219fe2684f67a3 2010.1/i586/libxml2-utils-2.7.7-1.2mdv2010.2.i586.rpm de403379ceefc94700f79c5b7b6600de 2010.1/SRPMS/libxml2-2.7.7-1.2mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: e95524d4092ef122d8e5af7dfba01738 2010.1/x86_64/lib64xml2_2-2.7.7-1.2mdv2010.2.x86_64.rpm 0616718db2f04e2a11af911cd2dad430 2010.1/x86_64/lib64xml2-devel-2.7.7-1.2mdv2010.2.x86_64.rpm 425b3c53f5b41b489c7c9a60eb999635 2010.1/x86_64/libxml2-python-2.7.7-1.2mdv2010.2.x86_64.rpm da99f4986439660369d6f7856b65adaa 2010.1/x86_64/libxml2-utils-2.7.7-1.2mdv2010.2.x86_64.rpm de403379ceefc94700f79c5b7b6600de 2010.1/SRPMS/libxml2-2.7.7-1.2mdv2010.2.src.rpm Mandriva Enterprise Server 5: ffc17c14de2a11a726f25267d5f37206 mes5/i586/libxml2_2-2.7.1-1.6mdvmes5.1.i586.rpm df1dfe80537b71b903a8b9f0978722e6 mes5/i586/libxml2-devel-2.7.1-1.6mdvmes5.1.i586.rpm fe58d1dbf99b24a773bc444749473574 mes5/i586/libxml2-python-2.7.1-1.6mdvmes5.1.i586.rpm 2d2205080bdf5d55534c91354f29f1b5 mes5/i586/libxml2-utils-2.7.1-1.6mdvmes5.1.i586.rpm 1eb0c0b6d274bd49a0209388fd25f2e1 mes5/SRPMS/libxml2-2.7.1-1.6mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 0f6ec86023a30d2ac2314b8fc79bf431 mes5/x86_64/lib64xml2_2-2.7.1-1.6mdvmes5.1.x86_64.rpm 9cfac03d539b97a255e27e2038f607a9 mes5/x86_64/lib64xml2-devel-2.7.1-1.6mdvmes5.1.x86_64.rpm b44f5a18eba059dc3ed2ece4af0e604e mes5/x86_64/libxml2-python-2.7.1-1.6mdvmes5.1.x86_64.rpm 7f3c07d27e2b8fa08674f16b0b5e64ee mes5/x86_64/libxml2-utils-2.7.1-1.6mdvmes5.1.x86_64.rpm 1eb0c0b6d274bd49a0209388fd25f2e1 mes5/SRPMS/libxml2-2.7.1-1.6mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNG1vlmqjQ0CJFipgRAk8hAJ4wwNOcgIDPvZpECml6UDoJAh7FbACgu/e5 KLbVXnunIbjMTSm3GPo/LxQ= =xSaB -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/