MDVSA-2009:200
- Package name
- libxml
- Date
- 2009-08-12
- Advisory ID
- MDVSA-2009:200
- Affected versions
- 2009.0 x86_64 , CS4.0 x86_64 , MES5 i586 , 2009.1 i586 , 2009.0 i586 , 2008.1 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2008.1 x86_64 , 2009.1 x86_64 , MES5 x86_64
Problem description
Multiple vulnerabilities has been found and corrected in libxml:
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26,
2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent
attackers to cause a denial of service (application crash) via a
large depth of element declarations in a DTD, related to a function
recursion, as demonstrated by the Codenomicon XML fuzzing framework
(CVE-2009-2414).
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16,
2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent
attackers to cause a denial of service (application crash) via crafted
(1) Notation or (2) Enumeration attribute types in an XML file, as
demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416).
This update provides a solution to these vulnerabilities.
Updated packages
2009.0 x86_64
4b2016588f0a6ad13fc41f1a2055eea6 2009.0/x86_64/lib64xml1-1.8.17-14.1mdv2009.0.x86_64.rpm 7d7625200234b3158011d1a1e762b0f6 2009.0/x86_64/lib64xml1-devel-1.8.17-14.1mdv2009.0.x86_64.rpm 1363994d60c9eae163bcba6b0cfbadc1 2009.0/x86_64/lib64xml2_2-2.7.1-1.4mdv2009.0.x86_64.rpm 79b90aeb82f98ddde58c15a49637a527 2009.0/x86_64/lib64xml2-devel-2.7.1-1.4mdv2009.0.x86_64.rpm 6fc40c41bbeb817906dbbd56aa64b022 2009.0/x86_64/libxml2-python-2.7.1-1.4mdv2009.0.x86_64.rpm dfba70e56b5ece2fa5a0104aa45ac3b9 2009.0/x86_64/libxml2-utils-2.7.1-1.4mdv2009.0.x86_64.rpm 0bbeefea1851b41c678106bfa2a6bdd3 2009.0/SRPMS/libxml-1.8.17-14.1mdv2009.0.src.rpm df446d9556752356d368c823e7363cf0 2009.0/SRPMS/libxml2-2.7.1-1.4mdv2009.0.src.rpm
CS4.0 x86_64
8c6409125fea5e84672f989ef5281c65 corporate/4.0/x86_64/lib64xml1-1.8.17-8.1.20060mlcs4.x86_64.rpm b2cf7f0230514512c0ac42e808064bf8 corporate/4.0/x86_64/lib64xml1-devel-1.8.17-8.1.20060mlcs4.x86_64.rpm e36877b3cfbe3b8b1f955c0114cadc65 corporate/4.0/x86_64/lib64xml2-2.6.21-3.6.20060mlcs4.x86_64.rpm 3ff20f0a038aa002aa1b20b50fb2cc45 corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.6.20060mlcs4.x86_64.rpm bc6e87ea0b3e12cb13fb349b81e2558c corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.6.20060mlcs4.x86_64.rpm 1796de87a058f06fa650a6e3d67f0faf corporate/4.0/x86_64/libxml2-utils-2.6.21-3.6.20060mlcs4.x86_64.rpm 3d76cf04c5867a8c6627d8df60ff0a3f corporate/4.0/SRPMS/libxml-1.8.17-8.1.20060mlcs4.src.rpm 4d89f2fba99486313347f090290120ad corporate/4.0/SRPMS/libxml2-2.6.21-3.6.20060mlcs4.src.rpm
MES5 i586
f269a0a57f5347fd9293f0b194f61dbc mes5/i586/libxml1-1.8.17-14.1mdvmes5.i586.rpm 8631d0318ad49d6b7245f9f9e77145e9 mes5/i586/libxml1-devel-1.8.17-14.1mdvmes5.i586.rpm d0be142d69350afacf40232d812298dd mes5/i586/libxml2_2-2.7.1-1.4mdvmes5.i586.rpm a36d6df6a51cba73a66a3a4b3587b598 mes5/i586/libxml2-devel-2.7.1-1.4mdvmes5.i586.rpm 96b792dec7704086e169a7ecf1896bcd mes5/i586/libxml2-python-2.7.1-1.4mdvmes5.i586.rpm 29084105c1871c37ffa7d161215e046d mes5/i586/libxml2-utils-2.7.1-1.4mdvmes5.i586.rpm 51a4bd39e933d1730c0526b7137a09a1 mes5/SRPMS/libxml-1.8.17-14.1mdvmes5.src.rpm 2db7556af99cb87fe9a79b9c39d79078 mes5/SRPMS/libxml2-2.7.1-1.4mdvmes5.src.rpm
2009.1 i586
786f12149d425965e793b72a0ea290a1 2009.1/i586/libxml1-1.8.17-14.1mdv2009.1.i586.rpm 5773e74ebcb040245db8f30f4612e4f6 2009.1/i586/libxml1-devel-1.8.17-14.1mdv2009.1.i586.rpm 8c8dde768de51eeec2a6a99da8ba7946 2009.1/i586/libxml2_2-2.7.3-2.1mdv2009.1.i586.rpm a95e30fef1398f0ed167dbac5eaf1a5e 2009.1/i586/libxml2-devel-2.7.3-2.1mdv2009.1.i586.rpm 924f37d6815c5f8e32e6e2c46c8c0aff 2009.1/i586/libxml2-python-2.7.3-2.1mdv2009.1.i586.rpm 210210942796703d0ef005c85638dbae 2009.1/i586/libxml2-utils-2.7.3-2.1mdv2009.1.i586.rpm bd1a66810023d2522563232c22ad1647 2009.1/SRPMS/libxml-1.8.17-14.1mdv2009.1.src.rpm 90caf02b9ee30ed7459e295fffb428be 2009.1/SRPMS/libxml2-2.7.3-2.1mdv2009.1.src.rpm
2009.0 i586
15cf90933e50a77a9ff0d6df4d6afd22 2009.0/i586/libxml1-1.8.17-14.1mdv2009.0.i586.rpm b0f916f0450d5f6b87592258501fd51f 2009.0/i586/libxml1-devel-1.8.17-14.1mdv2009.0.i586.rpm 7ca430bbb84e7b81c00a324b238e68c2 2009.0/i586/libxml2_2-2.7.1-1.4mdv2009.0.i586.rpm 77bcc5c9d205655e0612394e5d046481 2009.0/i586/libxml2-devel-2.7.1-1.4mdv2009.0.i586.rpm 2fba8076ef0f6625eab5eedea5991d23 2009.0/i586/libxml2-python-2.7.1-1.4mdv2009.0.i586.rpm a2e954480d6b7871bd01e897f896a789 2009.0/i586/libxml2-utils-2.7.1-1.4mdv2009.0.i586.rpm 0bbeefea1851b41c678106bfa2a6bdd3 2009.0/SRPMS/libxml-1.8.17-14.1mdv2009.0.src.rpm df446d9556752356d368c823e7363cf0 2009.0/SRPMS/libxml2-2.7.1-1.4mdv2009.0.src.rpm
2008.1 i586
ec71ff138073a7cf353bcce7625fa34d 2008.1/i586/libxml1-1.8.17-12.1mdv2008.1.i586.rpm e874ff3d0080218acabe7643feda81c1 2008.1/i586/libxml1-devel-1.8.17-12.1mdv2008.1.i586.rpm 5c1a0ccdee2b9aeeb1f5e5fa7de6057f 2008.1/i586/libxml2_2-2.6.31-1.5mdv2008.1.i586.rpm 32ea7ae22fa685a4cb0c587bfd4b3b36 2008.1/i586/libxml2-devel-2.6.31-1.5mdv2008.1.i586.rpm 10760afdcf20e4dde32e6c8a4e5a867c 2008.1/i586/libxml2-python-2.6.31-1.5mdv2008.1.i586.rpm 3d1a814b0a0bc21c979b7f00700e8a18 2008.1/i586/libxml2-utils-2.6.31-1.5mdv2008.1.i586.rpm 3d147ed8f8dc4339052b01d8946308cb 2008.1/SRPMS/libxml-1.8.17-12.1mdv2008.1.src.rpm 5a6196a9d7fca0125dd92476760a53c9 2008.1/SRPMS/libxml2-2.6.31-1.5mdv2008.1.src.rpm
CS3.0 x86_64
c5f6cb81379099eb5d8254f42a5db4ef corporate/3.0/x86_64/lib64xml1-1.8.17-6.2.C30mdk.x86_64.rpm ae08e3b1320fd49d1d41f36ab13fb440 corporate/3.0/x86_64/lib64xml1-devel-1.8.17-6.2.C30mdk.x86_64.rpm 0845a459d22e45d7902465fd5df5a361 corporate/3.0/x86_64/lib64xml2-2.6.6-1.7.C30mdk.x86_64.rpm ca24eb598c9a3bedf53b8f74196f7bdf corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.7.C30mdk.x86_64.rpm 8ca0989b8943c1a05e3a4a11392b0543 corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.7.C30mdk.x86_64.rpm e5878e8e2e27db391ccb8a69e9321d84 corporate/3.0/x86_64/libxml2-utils-2.6.6-1.7.C30mdk.x86_64.rpm d5e6e7048b60eb9cca4c171158409e7b corporate/3.0/SRPMS/libxml-1.8.17-6.2.C30mdk.src.rpm a13bb44f2221d5de604c9500132b2e64 corporate/3.0/SRPMS/libxml2-2.6.6-1.7.C30mdk.src.rpm
CS4.0 i586
412c4b51b880011a26ab4ed7c7ba45e5 corporate/4.0/i586/libxml1-1.8.17-8.1.20060mlcs4.i586.rpm 717ab09ebd147def3c413dfe116aad33 corporate/4.0/i586/libxml1-devel-1.8.17-8.1.20060mlcs4.i586.rpm dfe231232039ab50f666264fb66c439e corporate/4.0/i586/libxml2-2.6.21-3.6.20060mlcs4.i586.rpm 880e1bbcac9dd948c2dd90f220f85429 corporate/4.0/i586/libxml2-devel-2.6.21-3.6.20060mlcs4.i586.rpm 06b7ec5829b29c0cd072744e411b1740 corporate/4.0/i586/libxml2-python-2.6.21-3.6.20060mlcs4.i586.rpm 952e3eca8ee6b3fc86a79b92d4cfae0e corporate/4.0/i586/libxml2-utils-2.6.21-3.6.20060mlcs4.i586.rpm 3d76cf04c5867a8c6627d8df60ff0a3f corporate/4.0/SRPMS/libxml-1.8.17-8.1.20060mlcs4.src.rpm 4d89f2fba99486313347f090290120ad corporate/4.0/SRPMS/libxml2-2.6.21-3.6.20060mlcs4.src.rpm
CS3.0 i586
55bea4ed1ccf8998329695d214eed3f4 corporate/3.0/i586/libxml1-1.8.17-6.2.C30mdk.i586.rpm 6cdf4ccf8bbf8489aa6b6c083de9866f corporate/3.0/i586/libxml1-devel-1.8.17-6.2.C30mdk.i586.rpm 90226f7c8ca6fc5753d4f5c5a45bc9f9 corporate/3.0/i586/libxml2-2.6.6-1.7.C30mdk.i586.rpm baf476404ec5b46b4b9a516f252c62e2 corporate/3.0/i586/libxml2-devel-2.6.6-1.7.C30mdk.i586.rpm 1fdb4e516be71162eb67c74503eb8d64 corporate/3.0/i586/libxml2-python-2.6.6-1.7.C30mdk.i586.rpm 1b881370a164f8014609bcc9855713c5 corporate/3.0/i586/libxml2-utils-2.6.6-1.7.C30mdk.i586.rpm d5e6e7048b60eb9cca4c171158409e7b corporate/3.0/SRPMS/libxml-1.8.17-6.2.C30mdk.src.rpm a13bb44f2221d5de604c9500132b2e64 corporate/3.0/SRPMS/libxml2-2.6.6-1.7.C30mdk.src.rpm
2008.1 x86_64
de2508e271af10e169bd60c0ae274648 2008.1/x86_64/lib64xml1-1.8.17-12.1mdv2008.1.x86_64.rpm f2abb57de6c2e31cc04c874f767557bf 2008.1/x86_64/lib64xml1-devel-1.8.17-12.1mdv2008.1.x86_64.rpm aa7298bebadbf3741dd326ffecd0a6bd 2008.1/x86_64/lib64xml2_2-2.6.31-1.5mdv2008.1.x86_64.rpm 794046be2a350c7cc21619744d564ea4 2008.1/x86_64/lib64xml2-devel-2.6.31-1.5mdv2008.1.x86_64.rpm 06e24a5e289dfdb2f9be2ff3a5e9aeb0 2008.1/x86_64/libxml2-python-2.6.31-1.5mdv2008.1.x86_64.rpm 51e387ead59ad68fa412084db153b797 2008.1/x86_64/libxml2-utils-2.6.31-1.5mdv2008.1.x86_64.rpm 3d147ed8f8dc4339052b01d8946308cb 2008.1/SRPMS/libxml-1.8.17-12.1mdv2008.1.src.rpm 5a6196a9d7fca0125dd92476760a53c9 2008.1/SRPMS/libxml2-2.6.31-1.5mdv2008.1.src.rpm
2009.1 x86_64
0d6c814f92faba670d21a8a725b6b155 2009.1/x86_64/lib64xml1-1.8.17-14.1mdv2009.1.x86_64.rpm 5391b1885f9e6465c7b9883c1d47865a 2009.1/x86_64/lib64xml1-devel-1.8.17-14.1mdv2009.1.x86_64.rpm 4ea44f9c3b952a778ca9e7115bad4e20 2009.1/x86_64/lib64xml2_2-2.7.3-2.1mdv2009.1.x86_64.rpm 3461436d0f68ff3d380516e855f59023 2009.1/x86_64/lib64xml2-devel-2.7.3-2.1mdv2009.1.x86_64.rpm 293f1ce76f6f0b61d5db6b71091c845d 2009.1/x86_64/libxml2-python-2.7.3-2.1mdv2009.1.x86_64.rpm c31155abb3cd4f0c2bbfa434f15c1f89 2009.1/x86_64/libxml2-utils-2.7.3-2.1mdv2009.1.x86_64.rpm bd1a66810023d2522563232c22ad1647 2009.1/SRPMS/libxml-1.8.17-14.1mdv2009.1.src.rpm 90caf02b9ee30ed7459e295fffb428be 2009.1/SRPMS/libxml2-2.7.3-2.1mdv2009.1.src.rpm
MES5 x86_64
15c32f4df8da09c7934e4e48c0acac81 mes5/x86_64/lib64xml1-1.8.17-14.1mdvmes5.x86_64.rpm f9e8709a1c2583f0fb05bc67cf46984b mes5/x86_64/lib64xml1-devel-1.8.17-14.1mdvmes5.x86_64.rpm a76619fd6f4265fcee97c5edd6d297f1 mes5/x86_64/lib64xml2_2-2.7.1-1.4mdvmes5.x86_64.rpm a423f559e1d3cf1b47e423cda3f1ce11 mes5/x86_64/lib64xml2-devel-2.7.1-1.4mdvmes5.x86_64.rpm 531581c91ad257314b1e79f267c9ed4d mes5/x86_64/libxml2-python-2.7.1-1.4mdvmes5.x86_64.rpm 1ec223693612986097c0680e636d3b97 mes5/x86_64/libxml2-utils-2.7.1-1.4mdvmes5.x86_64.rpm 51a4bd39e933d1730c0526b7137a09a1 mes5/SRPMS/libxml-1.8.17-14.1mdvmes5.src.rpm 2db7556af99cb87fe9a79b9c39d79078 mes5/SRPMS/libxml2-2.7.1-1.4mdvmes5.src.rpm