Package name
libxml
Date
2011-09-05
Advisory ID
MDVSA-2011:131
Affected versions
2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , MES5 x86_64 , 2010.1 x86_64

Problem description

Multiple vulnerabilities has been discovered and corrected in
libxml/libxml2:

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x
through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a crafted XML file that triggers a heap-based
buffer overflow when adding a new namespace node, related to handling
of XPath expressions (CVE-2011-1944).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Updated packages

2009.0 x86_64

 a671a890dcfe6acb098b0ef93b3a7277  2009.0/x86_64/lib64xml1-1.8.17-14.2mdv2009.0.x86_64.rpm
 8bcf9273a93a4d2d8092b128a3ba9b6b  2009.0/x86_64/lib64xml1-devel-1.8.17-14.2mdv2009.0.x86_64.rpm
 ca24cc56951cdaad1e91e49aab41b1e0  2009.0/x86_64/lib64xml2_2-2.7.1-1.7mdv2009.0.x86_64.rpm
 cef2fec84782932f31a33e5ea03296d5  2009.0/x86_64/lib64xml2-devel-2.7.1-1.7mdv2009.0.x86_64.rpm
 9d9982274c97538eaea39f84a2e59348  2009.0/x86_64/libxml2-python-2.7.1-1.7mdv2009.0.x86_64.rpm
 52af9613cb44df27be47c9ed836f1a62  2009.0/x86_64/libxml2-utils-2.7.1-1.7mdv2009.0.x86_64.rpm 
 0832d7b58dff4e3bebe76f32e0c7ce99  2009.0/SRPMS/libxml-1.8.17-14.2mdv2009.0.src.rpm
 06353372b3a8416494b67dd4ee0f1124  2009.0/SRPMS/libxml2-2.7.1-1.7mdv2009.0.src.rpm

MES5 i586

 c03b908359fb7ef82e44dc59edc13b47  mes5/i586/libxml1-1.8.17-14.2mdvmes5.2.i586.rpm
 30267679811b29923781a45ae90190e7  mes5/i586/libxml1-devel-1.8.17-14.2mdvmes5.2.i586.rpm
 4241bca8cc29970da37cdffb2a8d6103  mes5/i586/libxml2_2-2.7.1-1.7mdvmes5.2.i586.rpm
 b32c170ab352b018752bd0c43b35bb94  mes5/i586/libxml2-devel-2.7.1-1.7mdvmes5.2.i586.rpm
 1e0d8a63466d2268dc282cf87124d47e  mes5/i586/libxml2-python-2.7.1-1.7mdvmes5.2.i586.rpm
 933577bbf7b4053a0fb464900fe33c9b  mes5/i586/libxml2-utils-2.7.1-1.7mdvmes5.2.i586.rpm 
 ec3cfda9b1d0a101c764f91144b705b2  mes5/SRPMS/libxml-1.8.17-14.2mdvmes5.2.src.rpm
 f202196d22e25ee400bc9cc8dc4fbc7e  mes5/SRPMS/libxml2-2.7.1-1.7mdvmes5.2.src.rpm

2010.1 i586

 fe18b539e7c96fd88579e468b61a998d  2010.1/i586/libxml1-1.8.17-16.1mdv2010.2.i586.rpm
 613776b0f23dc278ac80a5f55a4895c4  2010.1/i586/libxml1-devel-1.8.17-16.1mdv2010.2.i586.rpm
 48a053d4bd69449ad6b946e8c944b6db  2010.1/i586/libxml2_2-2.7.7-1.3mdv2010.2.i586.rpm
 2642e7a2bd1f5173581808b8639ce843  2010.1/i586/libxml2-devel-2.7.7-1.3mdv2010.2.i586.rpm
 8c438c598bee68ff0014e1d7bb0e2025  2010.1/i586/libxml2-python-2.7.7-1.3mdv2010.2.i586.rpm
 4b886076f75ff7e935fff0c0857fad50  2010.1/i586/libxml2-utils-2.7.7-1.3mdv2010.2.i586.rpm 
 1cd36384a94985bf4d162dc3c9600f07  2010.1/SRPMS/libxml-1.8.17-16.1mdv2010.2.src.rpm
 2667d2e2762160cc57742fec24ecb9fe  2010.1/SRPMS/libxml2-2.7.7-1.3mdv2010.2.src.rpm

2009.0 i586

 91a56eed57c4c5334b06dfa08cbc71c3  2009.0/i586/libxml1-1.8.17-14.2mdv2009.0.i586.rpm
 4b302ddcc4ec729431381b55b2a7f0f5  2009.0/i586/libxml1-devel-1.8.17-14.2mdv2009.0.i586.rpm
 07da42454f8b366c4eaad9c3454c0169  2009.0/i586/libxml2_2-2.7.1-1.7mdv2009.0.i586.rpm
 2f1a7997a3b3d990beb1920958c5e653  2009.0/i586/libxml2-devel-2.7.1-1.7mdv2009.0.i586.rpm
 088b45969e6ed600061f1443d66b8e03  2009.0/i586/libxml2-python-2.7.1-1.7mdv2009.0.i586.rpm
 4388c61a1fd0e29253788b5b0ed50b9f  2009.0/i586/libxml2-utils-2.7.1-1.7mdv2009.0.i586.rpm 
 0832d7b58dff4e3bebe76f32e0c7ce99  2009.0/SRPMS/libxml-1.8.17-14.2mdv2009.0.src.rpm
 06353372b3a8416494b67dd4ee0f1124  2009.0/SRPMS/libxml2-2.7.1-1.7mdv2009.0.src.rpm

CS4.0 i586

 402c97c08d9bf2ba42d0504a8ff33005  corporate/4.0/i586/libxml1-1.8.17-8.2.20060mlcs4.i586.rpm
 985da139b830931af9722d0c5d312294  corporate/4.0/i586/libxml1-devel-1.8.17-8.2.20060mlcs4.i586.rpm
 43cec07af16e82483b6427b1b3b4332d  corporate/4.0/i586/libxml2-2.6.21-3.8.20060mlcs4.i586.rpm
 d57401514fed3d02a97c6e1f8de9c2ed  corporate/4.0/i586/libxml2-devel-2.6.21-3.8.20060mlcs4.i586.rpm
 62dc3d0c18468831cabb88f0df1ea876  corporate/4.0/i586/libxml2-python-2.6.21-3.8.20060mlcs4.i586.rpm
 9d13363c56340d67f12968961c89af02  corporate/4.0/i586/libxml2-utils-2.6.21-3.8.20060mlcs4.i586.rpm 
 22ce70e90f2719288405f1d4282c55ea  corporate/4.0/SRPMS/libxml-1.8.17-8.2.20060mlcs4.src.rpm
 26425f4e3d07a58f1b4827a783b6077b  corporate/4.0/SRPMS/libxml2-2.6.21-3.8.20060mlcs4.src.rpm

CS4.0 x86_64

 92ef0e8a9d2448cd24a85f4d7a35190b  corporate/4.0/x86_64/lib64xml1-1.8.17-8.2.20060mlcs4.x86_64.rpm
 bd6f5650ff6cde96c05c3f4c5a09440b  corporate/4.0/x86_64/lib64xml1-devel-1.8.17-8.2.20060mlcs4.x86_64.rpm
 6c05200933b04e0f0f71b7600de61189  corporate/4.0/x86_64/lib64xml2-2.6.21-3.8.20060mlcs4.x86_64.rpm
 6756b137efaebf0b1419520fc9902054  corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.8.20060mlcs4.x86_64.rpm
 cea73dd9d481f07246a0664b142dd45d  corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.8.20060mlcs4.x86_64.rpm
 e2637f851df5fd149c5401417cb73896  corporate/4.0/x86_64/libxml2-utils-2.6.21-3.8.20060mlcs4.x86_64.rpm 
 22ce70e90f2719288405f1d4282c55ea  corporate/4.0/SRPMS/libxml-1.8.17-8.2.20060mlcs4.src.rpm
 26425f4e3d07a58f1b4827a783b6077b  corporate/4.0/SRPMS/libxml2-2.6.21-3.8.20060mlcs4.src.rpm

MES5 x86_64

 9436d1e3965fdf642d6dbec17fa341ad  mes5/x86_64/lib64xml1-1.8.17-14.2mdvmes5.2.x86_64.rpm
 c08042169fae24bc4e9df16374c8bb7e  mes5/x86_64/lib64xml1-devel-1.8.17-14.2mdvmes5.2.x86_64.rpm
 ad465eb0990cef9c184f5441d7e96494  mes5/x86_64/lib64xml2_2-2.7.1-1.7mdvmes5.2.x86_64.rpm
 5ac8d3dbb5a82432ade622003d2fc7f5  mes5/x86_64/lib64xml2-devel-2.7.1-1.7mdvmes5.2.x86_64.rpm
 89caf5e28075d8ab6c9267b9b3c24994  mes5/x86_64/libxml2-python-2.7.1-1.7mdvmes5.2.x86_64.rpm
 cf2f64221393aef59c831247eb43f5cb  mes5/x86_64/libxml2-utils-2.7.1-1.7mdvmes5.2.x86_64.rpm 
 ec3cfda9b1d0a101c764f91144b705b2  mes5/SRPMS/libxml-1.8.17-14.2mdvmes5.2.src.rpm
 f202196d22e25ee400bc9cc8dc4fbc7e  mes5/SRPMS/libxml2-2.7.1-1.7mdvmes5.2.src.rpm

2010.1 x86_64

 5ea2dfe12abf2f3eb7bee79de1ebeeca  2010.1/x86_64/lib64xml1-1.8.17-16.1mdv2010.2.x86_64.rpm
 17b07159ee11d98a4960f51d798c85f7  2010.1/x86_64/lib64xml1-devel-1.8.17-16.1mdv2010.2.x86_64.rpm
 0bb5a486250b26e842eba791d950037b  2010.1/x86_64/lib64xml2_2-2.7.7-1.3mdv2010.2.x86_64.rpm
 ca633e675ae7e47374cf08a4317b2a6e  2010.1/x86_64/lib64xml2-devel-2.7.7-1.3mdv2010.2.x86_64.rpm
 f86f1c06557db0dc16e9c91e3948f1b3  2010.1/x86_64/libxml2-python-2.7.7-1.3mdv2010.2.x86_64.rpm
 7643a6230845023113e69a8f8b6823e9  2010.1/x86_64/libxml2-utils-2.7.7-1.3mdv2010.2.x86_64.rpm 
 1cd36384a94985bf4d162dc3c9600f07  2010.1/SRPMS/libxml-1.8.17-16.1mdv2010.2.src.rpm
 2667d2e2762160cc57742fec24ecb9fe  2010.1/SRPMS/libxml2-2.7.7-1.3mdv2010.2.src.rpm

References