-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:200 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libxml Date : August 12, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in libxml: Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2414). Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416). This update provides a solution to these vulnerabilities. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: ec71ff138073a7cf353bcce7625fa34d 2008.1/i586/libxml1-1.8.17-12.1mdv2008.1.i586.rpm e874ff3d0080218acabe7643feda81c1 2008.1/i586/libxml1-devel-1.8.17-12.1mdv2008.1.i586.rpm 5c1a0ccdee2b9aeeb1f5e5fa7de6057f 2008.1/i586/libxml2_2-2.6.31-1.5mdv2008.1.i586.rpm 32ea7ae22fa685a4cb0c587bfd4b3b36 2008.1/i586/libxml2-devel-2.6.31-1.5mdv2008.1.i586.rpm 10760afdcf20e4dde32e6c8a4e5a867c 2008.1/i586/libxml2-python-2.6.31-1.5mdv2008.1.i586.rpm 3d1a814b0a0bc21c979b7f00700e8a18 2008.1/i586/libxml2-utils-2.6.31-1.5mdv2008.1.i586.rpm 3d147ed8f8dc4339052b01d8946308cb 2008.1/SRPMS/libxml-1.8.17-12.1mdv2008.1.src.rpm 5a6196a9d7fca0125dd92476760a53c9 2008.1/SRPMS/libxml2-2.6.31-1.5mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: de2508e271af10e169bd60c0ae274648 2008.1/x86_64/lib64xml1-1.8.17-12.1mdv2008.1.x86_64.rpm f2abb57de6c2e31cc04c874f767557bf 2008.1/x86_64/lib64xml1-devel-1.8.17-12.1mdv2008.1.x86_64.rpm aa7298bebadbf3741dd326ffecd0a6bd 2008.1/x86_64/lib64xml2_2-2.6.31-1.5mdv2008.1.x86_64.rpm 794046be2a350c7cc21619744d564ea4 2008.1/x86_64/lib64xml2-devel-2.6.31-1.5mdv2008.1.x86_64.rpm 06e24a5e289dfdb2f9be2ff3a5e9aeb0 2008.1/x86_64/libxml2-python-2.6.31-1.5mdv2008.1.x86_64.rpm 51e387ead59ad68fa412084db153b797 2008.1/x86_64/libxml2-utils-2.6.31-1.5mdv2008.1.x86_64.rpm 3d147ed8f8dc4339052b01d8946308cb 2008.1/SRPMS/libxml-1.8.17-12.1mdv2008.1.src.rpm 5a6196a9d7fca0125dd92476760a53c9 2008.1/SRPMS/libxml2-2.6.31-1.5mdv2008.1.src.rpm Mandriva Linux 2009.0: 15cf90933e50a77a9ff0d6df4d6afd22 2009.0/i586/libxml1-1.8.17-14.1mdv2009.0.i586.rpm b0f916f0450d5f6b87592258501fd51f 2009.0/i586/libxml1-devel-1.8.17-14.1mdv2009.0.i586.rpm 7ca430bbb84e7b81c00a324b238e68c2 2009.0/i586/libxml2_2-2.7.1-1.4mdv2009.0.i586.rpm 77bcc5c9d205655e0612394e5d046481 2009.0/i586/libxml2-devel-2.7.1-1.4mdv2009.0.i586.rpm 2fba8076ef0f6625eab5eedea5991d23 2009.0/i586/libxml2-python-2.7.1-1.4mdv2009.0.i586.rpm a2e954480d6b7871bd01e897f896a789 2009.0/i586/libxml2-utils-2.7.1-1.4mdv2009.0.i586.rpm 0bbeefea1851b41c678106bfa2a6bdd3 2009.0/SRPMS/libxml-1.8.17-14.1mdv2009.0.src.rpm df446d9556752356d368c823e7363cf0 2009.0/SRPMS/libxml2-2.7.1-1.4mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 4b2016588f0a6ad13fc41f1a2055eea6 2009.0/x86_64/lib64xml1-1.8.17-14.1mdv2009.0.x86_64.rpm 7d7625200234b3158011d1a1e762b0f6 2009.0/x86_64/lib64xml1-devel-1.8.17-14.1mdv2009.0.x86_64.rpm 1363994d60c9eae163bcba6b0cfbadc1 2009.0/x86_64/lib64xml2_2-2.7.1-1.4mdv2009.0.x86_64.rpm 79b90aeb82f98ddde58c15a49637a527 2009.0/x86_64/lib64xml2-devel-2.7.1-1.4mdv2009.0.x86_64.rpm 6fc40c41bbeb817906dbbd56aa64b022 2009.0/x86_64/libxml2-python-2.7.1-1.4mdv2009.0.x86_64.rpm dfba70e56b5ece2fa5a0104aa45ac3b9 2009.0/x86_64/libxml2-utils-2.7.1-1.4mdv2009.0.x86_64.rpm 0bbeefea1851b41c678106bfa2a6bdd3 2009.0/SRPMS/libxml-1.8.17-14.1mdv2009.0.src.rpm df446d9556752356d368c823e7363cf0 2009.0/SRPMS/libxml2-2.7.1-1.4mdv2009.0.src.rpm Mandriva Linux 2009.1: 786f12149d425965e793b72a0ea290a1 2009.1/i586/libxml1-1.8.17-14.1mdv2009.1.i586.rpm 5773e74ebcb040245db8f30f4612e4f6 2009.1/i586/libxml1-devel-1.8.17-14.1mdv2009.1.i586.rpm 8c8dde768de51eeec2a6a99da8ba7946 2009.1/i586/libxml2_2-2.7.3-2.1mdv2009.1.i586.rpm a95e30fef1398f0ed167dbac5eaf1a5e 2009.1/i586/libxml2-devel-2.7.3-2.1mdv2009.1.i586.rpm 924f37d6815c5f8e32e6e2c46c8c0aff 2009.1/i586/libxml2-python-2.7.3-2.1mdv2009.1.i586.rpm 210210942796703d0ef005c85638dbae 2009.1/i586/libxml2-utils-2.7.3-2.1mdv2009.1.i586.rpm bd1a66810023d2522563232c22ad1647 2009.1/SRPMS/libxml-1.8.17-14.1mdv2009.1.src.rpm 90caf02b9ee30ed7459e295fffb428be 2009.1/SRPMS/libxml2-2.7.3-2.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 0d6c814f92faba670d21a8a725b6b155 2009.1/x86_64/lib64xml1-1.8.17-14.1mdv2009.1.x86_64.rpm 5391b1885f9e6465c7b9883c1d47865a 2009.1/x86_64/lib64xml1-devel-1.8.17-14.1mdv2009.1.x86_64.rpm 4ea44f9c3b952a778ca9e7115bad4e20 2009.1/x86_64/lib64xml2_2-2.7.3-2.1mdv2009.1.x86_64.rpm 3461436d0f68ff3d380516e855f59023 2009.1/x86_64/lib64xml2-devel-2.7.3-2.1mdv2009.1.x86_64.rpm 293f1ce76f6f0b61d5db6b71091c845d 2009.1/x86_64/libxml2-python-2.7.3-2.1mdv2009.1.x86_64.rpm c31155abb3cd4f0c2bbfa434f15c1f89 2009.1/x86_64/libxml2-utils-2.7.3-2.1mdv2009.1.x86_64.rpm bd1a66810023d2522563232c22ad1647 2009.1/SRPMS/libxml-1.8.17-14.1mdv2009.1.src.rpm 90caf02b9ee30ed7459e295fffb428be 2009.1/SRPMS/libxml2-2.7.3-2.1mdv2009.1.src.rpm Corporate 3.0: 55bea4ed1ccf8998329695d214eed3f4 corporate/3.0/i586/libxml1-1.8.17-6.2.C30mdk.i586.rpm 6cdf4ccf8bbf8489aa6b6c083de9866f corporate/3.0/i586/libxml1-devel-1.8.17-6.2.C30mdk.i586.rpm 90226f7c8ca6fc5753d4f5c5a45bc9f9 corporate/3.0/i586/libxml2-2.6.6-1.7.C30mdk.i586.rpm baf476404ec5b46b4b9a516f252c62e2 corporate/3.0/i586/libxml2-devel-2.6.6-1.7.C30mdk.i586.rpm 1fdb4e516be71162eb67c74503eb8d64 corporate/3.0/i586/libxml2-python-2.6.6-1.7.C30mdk.i586.rpm 1b881370a164f8014609bcc9855713c5 corporate/3.0/i586/libxml2-utils-2.6.6-1.7.C30mdk.i586.rpm d5e6e7048b60eb9cca4c171158409e7b corporate/3.0/SRPMS/libxml-1.8.17-6.2.C30mdk.src.rpm a13bb44f2221d5de604c9500132b2e64 corporate/3.0/SRPMS/libxml2-2.6.6-1.7.C30mdk.src.rpm Corporate 3.0/X86_64: c5f6cb81379099eb5d8254f42a5db4ef corporate/3.0/x86_64/lib64xml1-1.8.17-6.2.C30mdk.x86_64.rpm ae08e3b1320fd49d1d41f36ab13fb440 corporate/3.0/x86_64/lib64xml1-devel-1.8.17-6.2.C30mdk.x86_64.rpm 0845a459d22e45d7902465fd5df5a361 corporate/3.0/x86_64/lib64xml2-2.6.6-1.7.C30mdk.x86_64.rpm ca24eb598c9a3bedf53b8f74196f7bdf corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.7.C30mdk.x86_64.rpm 8ca0989b8943c1a05e3a4a11392b0543 corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.7.C30mdk.x86_64.rpm e5878e8e2e27db391ccb8a69e9321d84 corporate/3.0/x86_64/libxml2-utils-2.6.6-1.7.C30mdk.x86_64.rpm d5e6e7048b60eb9cca4c171158409e7b corporate/3.0/SRPMS/libxml-1.8.17-6.2.C30mdk.src.rpm a13bb44f2221d5de604c9500132b2e64 corporate/3.0/SRPMS/libxml2-2.6.6-1.7.C30mdk.src.rpm Corporate 4.0: 412c4b51b880011a26ab4ed7c7ba45e5 corporate/4.0/i586/libxml1-1.8.17-8.1.20060mlcs4.i586.rpm 717ab09ebd147def3c413dfe116aad33 corporate/4.0/i586/libxml1-devel-1.8.17-8.1.20060mlcs4.i586.rpm dfe231232039ab50f666264fb66c439e corporate/4.0/i586/libxml2-2.6.21-3.6.20060mlcs4.i586.rpm 880e1bbcac9dd948c2dd90f220f85429 corporate/4.0/i586/libxml2-devel-2.6.21-3.6.20060mlcs4.i586.rpm 06b7ec5829b29c0cd072744e411b1740 corporate/4.0/i586/libxml2-python-2.6.21-3.6.20060mlcs4.i586.rpm 952e3eca8ee6b3fc86a79b92d4cfae0e corporate/4.0/i586/libxml2-utils-2.6.21-3.6.20060mlcs4.i586.rpm 3d76cf04c5867a8c6627d8df60ff0a3f corporate/4.0/SRPMS/libxml-1.8.17-8.1.20060mlcs4.src.rpm 4d89f2fba99486313347f090290120ad corporate/4.0/SRPMS/libxml2-2.6.21-3.6.20060mlcs4.src.rpm Corporate 4.0/X86_64: 8c6409125fea5e84672f989ef5281c65 corporate/4.0/x86_64/lib64xml1-1.8.17-8.1.20060mlcs4.x86_64.rpm b2cf7f0230514512c0ac42e808064bf8 corporate/4.0/x86_64/lib64xml1-devel-1.8.17-8.1.20060mlcs4.x86_64.rpm e36877b3cfbe3b8b1f955c0114cadc65 corporate/4.0/x86_64/lib64xml2-2.6.21-3.6.20060mlcs4.x86_64.rpm 3ff20f0a038aa002aa1b20b50fb2cc45 corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.6.20060mlcs4.x86_64.rpm bc6e87ea0b3e12cb13fb349b81e2558c corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.6.20060mlcs4.x86_64.rpm 1796de87a058f06fa650a6e3d67f0faf corporate/4.0/x86_64/libxml2-utils-2.6.21-3.6.20060mlcs4.x86_64.rpm 3d76cf04c5867a8c6627d8df60ff0a3f corporate/4.0/SRPMS/libxml-1.8.17-8.1.20060mlcs4.src.rpm 4d89f2fba99486313347f090290120ad corporate/4.0/SRPMS/libxml2-2.6.21-3.6.20060mlcs4.src.rpm Mandriva Enterprise Server 5: f269a0a57f5347fd9293f0b194f61dbc mes5/i586/libxml1-1.8.17-14.1mdvmes5.i586.rpm 8631d0318ad49d6b7245f9f9e77145e9 mes5/i586/libxml1-devel-1.8.17-14.1mdvmes5.i586.rpm d0be142d69350afacf40232d812298dd mes5/i586/libxml2_2-2.7.1-1.4mdvmes5.i586.rpm a36d6df6a51cba73a66a3a4b3587b598 mes5/i586/libxml2-devel-2.7.1-1.4mdvmes5.i586.rpm 96b792dec7704086e169a7ecf1896bcd mes5/i586/libxml2-python-2.7.1-1.4mdvmes5.i586.rpm 29084105c1871c37ffa7d161215e046d mes5/i586/libxml2-utils-2.7.1-1.4mdvmes5.i586.rpm 51a4bd39e933d1730c0526b7137a09a1 mes5/SRPMS/libxml-1.8.17-14.1mdvmes5.src.rpm 2db7556af99cb87fe9a79b9c39d79078 mes5/SRPMS/libxml2-2.7.1-1.4mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 15c32f4df8da09c7934e4e48c0acac81 mes5/x86_64/lib64xml1-1.8.17-14.1mdvmes5.x86_64.rpm f9e8709a1c2583f0fb05bc67cf46984b mes5/x86_64/lib64xml1-devel-1.8.17-14.1mdvmes5.x86_64.rpm a76619fd6f4265fcee97c5edd6d297f1 mes5/x86_64/lib64xml2_2-2.7.1-1.4mdvmes5.x86_64.rpm a423f559e1d3cf1b47e423cda3f1ce11 mes5/x86_64/lib64xml2-devel-2.7.1-1.4mdvmes5.x86_64.rpm 531581c91ad257314b1e79f267c9ed4d mes5/x86_64/libxml2-python-2.7.1-1.4mdvmes5.x86_64.rpm 1ec223693612986097c0680e636d3b97 mes5/x86_64/libxml2-utils-2.7.1-1.4mdvmes5.x86_64.rpm 51a4bd39e933d1730c0526b7137a09a1 mes5/SRPMS/libxml-1.8.17-14.1mdvmes5.src.rpm 2db7556af99cb87fe9a79b9c39d79078 mes5/SRPMS/libxml2-2.7.1-1.4mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKgqawmqjQ0CJFipgRAm1xAJ9Wo3Q3XMebdp9VpjzOyNUvcdrawQCgzqtC ccwi7/SlR5v5jRK/Vs3QEFo= =SpMF -----END PGP SIGNATURE-----
