MDVSA-2009:200-1

Package name

libxml

Date

2009-12-04

Advisory ID

MDVSA-2009:200-1

Affected versions

2008.0 i586 , 2008.0 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in libxml:

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26,
2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent
attackers to cause a denial of service (application crash) via a
large depth of element declarations in a DTD, related to a function
recursion, as demonstrated by the Codenomicon XML fuzzing framework
(CVE-2009-2414).

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16,
2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent
attackers to cause a denial of service (application crash) via crafted
(1) Notation or (2) Enumeration attribute types in an XML file, as
demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416).

This update provides a solution to these vulnerabilities.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 4c418296249dc8cc94b1b15e49b2d429  2008.0/i586/libxml1-1.8.17-11.1mdv2008.0.i586.rpm
 7f55b33d9357641ccfbe9421c2818dc8  2008.0/i586/libxml1-devel-1.8.17-11.1mdv2008.0.i586.rpm
 415af7a47df0783359018e7c8818123b  2008.0/i586/libxml2_2-2.6.30-1.6mdv2008.0.i586.rpm
 44c479adb1d416beb45380e10398e350  2008.0/i586/libxml2-devel-2.6.30-1.6mdv2008.0.i586.rpm
 affb65b84643897980a4db16bac8262d  2008.0/i586/libxml2-python-2.6.30-1.6mdv2008.0.i586.rpm
 517f2690932d66302975469282a7f624  2008.0/i586/libxml2-utils-2.6.30-1.6mdv2008.0.i586.rpm 
 1df8e776ad34bdfe5b68437e45718ff8  2008.0/SRPMS/libxml-1.8.17-11.1mdv2008.0.src.rpm
 f9eee25ac518012b01c9f54fbab3b3d8  2008.0/SRPMS/libxml2-2.6.30-1.6mdv2008.0.src.rpm

2008.0 x86_64

 5dcd354e680675ffd08c9f0d562e5686  2008.0/x86_64/lib64xml1-1.8.17-11.1mdv2008.0.x86_64.rpm
 9ef4286da3bf35a2b07d1a86d63b577b  2008.0/x86_64/lib64xml1-devel-1.8.17-11.1mdv2008.0.x86_64.rpm
 09b50a18697fc91e9c801c3a8ffe83b4  2008.0/x86_64/lib64xml2_2-2.6.30-1.6mdv2008.0.x86_64.rpm
 4453c937d9dfabdc9526f253fe0a14aa  2008.0/x86_64/lib64xml2-devel-2.6.30-1.6mdv2008.0.x86_64.rpm
 2ab42a3413a471384a6e280d7afc3c90  2008.0/x86_64/libxml2-python-2.6.30-1.6mdv2008.0.x86_64.rpm
 3e3127451a7348e2ef8e4990122c3518  2008.0/x86_64/libxml2-utils-2.6.30-1.6mdv2008.0.x86_64.rpm 
 1df8e776ad34bdfe5b68437e45718ff8  2008.0/SRPMS/libxml-1.8.17-11.1mdv2008.0.src.rpm
 f9eee25ac518012b01c9f54fbab3b3d8  2008.0/SRPMS/libxml2-2.6.30-1.6mdv2008.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414