Nom du paquet
libxml
Date
2009-08-12
Advisory ID
MDVSA-2009:200
Affected versions
2009.0 x86_64 , CS4.0 x86_64 , MES5 i586 , 2009.1 i586 , 2009.0 i586 , 2008.1 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2008.1 x86_64 , 2009.1 x86_64 , MES5 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in libxml:

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26,
2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent
attackers to cause a denial of service (application crash) via a
large depth of element declarations in a DTD, related to a function
recursion, as demonstrated by the Codenomicon XML fuzzing framework
(CVE-2009-2414).

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16,
2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent
attackers to cause a denial of service (application crash) via crafted
(1) Notation or (2) Enumeration attribute types in an XML file, as
demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416).

This update provides a solution to these vulnerabilities.

Updated packages

2009.0 x86_64

 4b2016588f0a6ad13fc41f1a2055eea6  2009.0/x86_64/lib64xml1-1.8.17-14.1mdv2009.0.x86_64.rpm
 7d7625200234b3158011d1a1e762b0f6  2009.0/x86_64/lib64xml1-devel-1.8.17-14.1mdv2009.0.x86_64.rpm
 1363994d60c9eae163bcba6b0cfbadc1  2009.0/x86_64/lib64xml2_2-2.7.1-1.4mdv2009.0.x86_64.rpm
 79b90aeb82f98ddde58c15a49637a527  2009.0/x86_64/lib64xml2-devel-2.7.1-1.4mdv2009.0.x86_64.rpm
 6fc40c41bbeb817906dbbd56aa64b022  2009.0/x86_64/libxml2-python-2.7.1-1.4mdv2009.0.x86_64.rpm
 dfba70e56b5ece2fa5a0104aa45ac3b9  2009.0/x86_64/libxml2-utils-2.7.1-1.4mdv2009.0.x86_64.rpm 
 0bbeefea1851b41c678106bfa2a6bdd3  2009.0/SRPMS/libxml-1.8.17-14.1mdv2009.0.src.rpm
 df446d9556752356d368c823e7363cf0  2009.0/SRPMS/libxml2-2.7.1-1.4mdv2009.0.src.rpm

CS4.0 x86_64

 8c6409125fea5e84672f989ef5281c65  corporate/4.0/x86_64/lib64xml1-1.8.17-8.1.20060mlcs4.x86_64.rpm
 b2cf7f0230514512c0ac42e808064bf8  corporate/4.0/x86_64/lib64xml1-devel-1.8.17-8.1.20060mlcs4.x86_64.rpm
 e36877b3cfbe3b8b1f955c0114cadc65  corporate/4.0/x86_64/lib64xml2-2.6.21-3.6.20060mlcs4.x86_64.rpm
 3ff20f0a038aa002aa1b20b50fb2cc45  corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.6.20060mlcs4.x86_64.rpm
 bc6e87ea0b3e12cb13fb349b81e2558c  corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.6.20060mlcs4.x86_64.rpm
 1796de87a058f06fa650a6e3d67f0faf  corporate/4.0/x86_64/libxml2-utils-2.6.21-3.6.20060mlcs4.x86_64.rpm 
 3d76cf04c5867a8c6627d8df60ff0a3f  corporate/4.0/SRPMS/libxml-1.8.17-8.1.20060mlcs4.src.rpm
 4d89f2fba99486313347f090290120ad  corporate/4.0/SRPMS/libxml2-2.6.21-3.6.20060mlcs4.src.rpm

MES5 i586

 f269a0a57f5347fd9293f0b194f61dbc  mes5/i586/libxml1-1.8.17-14.1mdvmes5.i586.rpm
 8631d0318ad49d6b7245f9f9e77145e9  mes5/i586/libxml1-devel-1.8.17-14.1mdvmes5.i586.rpm
 d0be142d69350afacf40232d812298dd  mes5/i586/libxml2_2-2.7.1-1.4mdvmes5.i586.rpm
 a36d6df6a51cba73a66a3a4b3587b598  mes5/i586/libxml2-devel-2.7.1-1.4mdvmes5.i586.rpm
 96b792dec7704086e169a7ecf1896bcd  mes5/i586/libxml2-python-2.7.1-1.4mdvmes5.i586.rpm
 29084105c1871c37ffa7d161215e046d  mes5/i586/libxml2-utils-2.7.1-1.4mdvmes5.i586.rpm 
 51a4bd39e933d1730c0526b7137a09a1  mes5/SRPMS/libxml-1.8.17-14.1mdvmes5.src.rpm
 2db7556af99cb87fe9a79b9c39d79078  mes5/SRPMS/libxml2-2.7.1-1.4mdvmes5.src.rpm

2009.1 i586

 786f12149d425965e793b72a0ea290a1  2009.1/i586/libxml1-1.8.17-14.1mdv2009.1.i586.rpm
 5773e74ebcb040245db8f30f4612e4f6  2009.1/i586/libxml1-devel-1.8.17-14.1mdv2009.1.i586.rpm
 8c8dde768de51eeec2a6a99da8ba7946  2009.1/i586/libxml2_2-2.7.3-2.1mdv2009.1.i586.rpm
 a95e30fef1398f0ed167dbac5eaf1a5e  2009.1/i586/libxml2-devel-2.7.3-2.1mdv2009.1.i586.rpm
 924f37d6815c5f8e32e6e2c46c8c0aff  2009.1/i586/libxml2-python-2.7.3-2.1mdv2009.1.i586.rpm
 210210942796703d0ef005c85638dbae  2009.1/i586/libxml2-utils-2.7.3-2.1mdv2009.1.i586.rpm 
 bd1a66810023d2522563232c22ad1647  2009.1/SRPMS/libxml-1.8.17-14.1mdv2009.1.src.rpm
 90caf02b9ee30ed7459e295fffb428be  2009.1/SRPMS/libxml2-2.7.3-2.1mdv2009.1.src.rpm

2009.0 i586

 15cf90933e50a77a9ff0d6df4d6afd22  2009.0/i586/libxml1-1.8.17-14.1mdv2009.0.i586.rpm
 b0f916f0450d5f6b87592258501fd51f  2009.0/i586/libxml1-devel-1.8.17-14.1mdv2009.0.i586.rpm
 7ca430bbb84e7b81c00a324b238e68c2  2009.0/i586/libxml2_2-2.7.1-1.4mdv2009.0.i586.rpm
 77bcc5c9d205655e0612394e5d046481  2009.0/i586/libxml2-devel-2.7.1-1.4mdv2009.0.i586.rpm
 2fba8076ef0f6625eab5eedea5991d23  2009.0/i586/libxml2-python-2.7.1-1.4mdv2009.0.i586.rpm
 a2e954480d6b7871bd01e897f896a789  2009.0/i586/libxml2-utils-2.7.1-1.4mdv2009.0.i586.rpm 
 0bbeefea1851b41c678106bfa2a6bdd3  2009.0/SRPMS/libxml-1.8.17-14.1mdv2009.0.src.rpm
 df446d9556752356d368c823e7363cf0  2009.0/SRPMS/libxml2-2.7.1-1.4mdv2009.0.src.rpm

2008.1 i586

 ec71ff138073a7cf353bcce7625fa34d  2008.1/i586/libxml1-1.8.17-12.1mdv2008.1.i586.rpm
 e874ff3d0080218acabe7643feda81c1  2008.1/i586/libxml1-devel-1.8.17-12.1mdv2008.1.i586.rpm
 5c1a0ccdee2b9aeeb1f5e5fa7de6057f  2008.1/i586/libxml2_2-2.6.31-1.5mdv2008.1.i586.rpm
 32ea7ae22fa685a4cb0c587bfd4b3b36  2008.1/i586/libxml2-devel-2.6.31-1.5mdv2008.1.i586.rpm
 10760afdcf20e4dde32e6c8a4e5a867c  2008.1/i586/libxml2-python-2.6.31-1.5mdv2008.1.i586.rpm
 3d1a814b0a0bc21c979b7f00700e8a18  2008.1/i586/libxml2-utils-2.6.31-1.5mdv2008.1.i586.rpm 
 3d147ed8f8dc4339052b01d8946308cb  2008.1/SRPMS/libxml-1.8.17-12.1mdv2008.1.src.rpm
 5a6196a9d7fca0125dd92476760a53c9  2008.1/SRPMS/libxml2-2.6.31-1.5mdv2008.1.src.rpm

CS3.0 x86_64

 c5f6cb81379099eb5d8254f42a5db4ef  corporate/3.0/x86_64/lib64xml1-1.8.17-6.2.C30mdk.x86_64.rpm
 ae08e3b1320fd49d1d41f36ab13fb440  corporate/3.0/x86_64/lib64xml1-devel-1.8.17-6.2.C30mdk.x86_64.rpm
 0845a459d22e45d7902465fd5df5a361  corporate/3.0/x86_64/lib64xml2-2.6.6-1.7.C30mdk.x86_64.rpm
 ca24eb598c9a3bedf53b8f74196f7bdf  corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.7.C30mdk.x86_64.rpm
 8ca0989b8943c1a05e3a4a11392b0543  corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.7.C30mdk.x86_64.rpm
 e5878e8e2e27db391ccb8a69e9321d84  corporate/3.0/x86_64/libxml2-utils-2.6.6-1.7.C30mdk.x86_64.rpm 
 d5e6e7048b60eb9cca4c171158409e7b  corporate/3.0/SRPMS/libxml-1.8.17-6.2.C30mdk.src.rpm
 a13bb44f2221d5de604c9500132b2e64  corporate/3.0/SRPMS/libxml2-2.6.6-1.7.C30mdk.src.rpm

CS4.0 i586

 412c4b51b880011a26ab4ed7c7ba45e5  corporate/4.0/i586/libxml1-1.8.17-8.1.20060mlcs4.i586.rpm
 717ab09ebd147def3c413dfe116aad33  corporate/4.0/i586/libxml1-devel-1.8.17-8.1.20060mlcs4.i586.rpm
 dfe231232039ab50f666264fb66c439e  corporate/4.0/i586/libxml2-2.6.21-3.6.20060mlcs4.i586.rpm
 880e1bbcac9dd948c2dd90f220f85429  corporate/4.0/i586/libxml2-devel-2.6.21-3.6.20060mlcs4.i586.rpm
 06b7ec5829b29c0cd072744e411b1740  corporate/4.0/i586/libxml2-python-2.6.21-3.6.20060mlcs4.i586.rpm
 952e3eca8ee6b3fc86a79b92d4cfae0e  corporate/4.0/i586/libxml2-utils-2.6.21-3.6.20060mlcs4.i586.rpm 
 3d76cf04c5867a8c6627d8df60ff0a3f  corporate/4.0/SRPMS/libxml-1.8.17-8.1.20060mlcs4.src.rpm
 4d89f2fba99486313347f090290120ad  corporate/4.0/SRPMS/libxml2-2.6.21-3.6.20060mlcs4.src.rpm

CS3.0 i586

 55bea4ed1ccf8998329695d214eed3f4  corporate/3.0/i586/libxml1-1.8.17-6.2.C30mdk.i586.rpm
 6cdf4ccf8bbf8489aa6b6c083de9866f  corporate/3.0/i586/libxml1-devel-1.8.17-6.2.C30mdk.i586.rpm
 90226f7c8ca6fc5753d4f5c5a45bc9f9  corporate/3.0/i586/libxml2-2.6.6-1.7.C30mdk.i586.rpm
 baf476404ec5b46b4b9a516f252c62e2  corporate/3.0/i586/libxml2-devel-2.6.6-1.7.C30mdk.i586.rpm
 1fdb4e516be71162eb67c74503eb8d64  corporate/3.0/i586/libxml2-python-2.6.6-1.7.C30mdk.i586.rpm
 1b881370a164f8014609bcc9855713c5  corporate/3.0/i586/libxml2-utils-2.6.6-1.7.C30mdk.i586.rpm 
 d5e6e7048b60eb9cca4c171158409e7b  corporate/3.0/SRPMS/libxml-1.8.17-6.2.C30mdk.src.rpm
 a13bb44f2221d5de604c9500132b2e64  corporate/3.0/SRPMS/libxml2-2.6.6-1.7.C30mdk.src.rpm

2008.1 x86_64

 de2508e271af10e169bd60c0ae274648  2008.1/x86_64/lib64xml1-1.8.17-12.1mdv2008.1.x86_64.rpm
 f2abb57de6c2e31cc04c874f767557bf  2008.1/x86_64/lib64xml1-devel-1.8.17-12.1mdv2008.1.x86_64.rpm
 aa7298bebadbf3741dd326ffecd0a6bd  2008.1/x86_64/lib64xml2_2-2.6.31-1.5mdv2008.1.x86_64.rpm
 794046be2a350c7cc21619744d564ea4  2008.1/x86_64/lib64xml2-devel-2.6.31-1.5mdv2008.1.x86_64.rpm
 06e24a5e289dfdb2f9be2ff3a5e9aeb0  2008.1/x86_64/libxml2-python-2.6.31-1.5mdv2008.1.x86_64.rpm
 51e387ead59ad68fa412084db153b797  2008.1/x86_64/libxml2-utils-2.6.31-1.5mdv2008.1.x86_64.rpm 
 3d147ed8f8dc4339052b01d8946308cb  2008.1/SRPMS/libxml-1.8.17-12.1mdv2008.1.src.rpm
 5a6196a9d7fca0125dd92476760a53c9  2008.1/SRPMS/libxml2-2.6.31-1.5mdv2008.1.src.rpm

2009.1 x86_64

 0d6c814f92faba670d21a8a725b6b155  2009.1/x86_64/lib64xml1-1.8.17-14.1mdv2009.1.x86_64.rpm
 5391b1885f9e6465c7b9883c1d47865a  2009.1/x86_64/lib64xml1-devel-1.8.17-14.1mdv2009.1.x86_64.rpm
 4ea44f9c3b952a778ca9e7115bad4e20  2009.1/x86_64/lib64xml2_2-2.7.3-2.1mdv2009.1.x86_64.rpm
 3461436d0f68ff3d380516e855f59023  2009.1/x86_64/lib64xml2-devel-2.7.3-2.1mdv2009.1.x86_64.rpm
 293f1ce76f6f0b61d5db6b71091c845d  2009.1/x86_64/libxml2-python-2.7.3-2.1mdv2009.1.x86_64.rpm
 c31155abb3cd4f0c2bbfa434f15c1f89  2009.1/x86_64/libxml2-utils-2.7.3-2.1mdv2009.1.x86_64.rpm 
 bd1a66810023d2522563232c22ad1647  2009.1/SRPMS/libxml-1.8.17-14.1mdv2009.1.src.rpm
 90caf02b9ee30ed7459e295fffb428be  2009.1/SRPMS/libxml2-2.7.3-2.1mdv2009.1.src.rpm

MES5 x86_64

 15c32f4df8da09c7934e4e48c0acac81  mes5/x86_64/lib64xml1-1.8.17-14.1mdvmes5.x86_64.rpm
 f9e8709a1c2583f0fb05bc67cf46984b  mes5/x86_64/lib64xml1-devel-1.8.17-14.1mdvmes5.x86_64.rpm
 a76619fd6f4265fcee97c5edd6d297f1  mes5/x86_64/lib64xml2_2-2.7.1-1.4mdvmes5.x86_64.rpm
 a423f559e1d3cf1b47e423cda3f1ce11  mes5/x86_64/lib64xml2-devel-2.7.1-1.4mdvmes5.x86_64.rpm
 531581c91ad257314b1e79f267c9ed4d  mes5/x86_64/libxml2-python-2.7.1-1.4mdvmes5.x86_64.rpm
 1ec223693612986097c0680e636d3b97  mes5/x86_64/libxml2-utils-2.7.1-1.4mdvmes5.x86_64.rpm 
 51a4bd39e933d1730c0526b7137a09a1  mes5/SRPMS/libxml-1.8.17-14.1mdvmes5.src.rpm
 2db7556af99cb87fe9a79b9c39d79078  mes5/SRPMS/libxml2-2.7.1-1.4mdvmes5.src.rpm

References