Nom du paquet
libxml2
Date
2008-11-18
Advisory ID
MDVSA-2008:231
Affected versions
2009.0 x86_64 , CS4.0 x86_64 , 2008.0 i586 , 2009.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586 , CS4.0 i586

Problem description

Drew Yao of the Apple Product Security Team found two flaws in libxml2.
The first is a denial of service flaw in libxml2's XML parser. If an
application linked against libxml2 were to process certain malformed
XML content, it cause the application to enter an infinite loop
(CVE-2008-4225).

The second is an integer overflow that caused a heap-based buffer
overflow in libxml2's XML parser. If an application linked against
libxml2 were to process certain malformed XML content, it could
cause the application to crash or possibly execute arbitrary code
(CVE-2008-4226).

The updated packages have been patched to correct these issues.

Updated packages

2009.0 x86_64

 feabb6613a0f1d0df75c4a57ed000494  2009.0/x86_64/lib64xml2_2-2.7.1-1.2mdv2009.0.x86_64.rpm
 43e173c2b5214d139e802674e4bc1fd1  2009.0/x86_64/lib64xml2-devel-2.7.1-1.2mdv2009.0.x86_64.rpm
 ecdb43a0277011f31d1bd228f1df080f  2009.0/x86_64/libxml2-python-2.7.1-1.2mdv2009.0.x86_64.rpm
 c7dc1480b3db4b0f10bc41061e9ca513  2009.0/x86_64/libxml2-utils-2.7.1-1.2mdv2009.0.x86_64.rpm 
 a559631e1c75f2f970a22afe32f5e5bd  2009.0/SRPMS/libxml2-2.7.1-1.2mdv2009.0.src.rpm

CS4.0 x86_64

 76e14470992b30d82531480c8bdefe80  corporate/4.0/x86_64/lib64xml2-2.6.21-3.5.20060mlcs4.x86_64.rpm
 e03fef73317cee0661edcf9d3bcf2b00  corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.5.20060mlcs4.x86_64.rpm
 b245be7c27e1d4a6631e9de44a716ddd  corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.5.20060mlcs4.x86_64.rpm
 5c3e8747a73062af824d70b83818e45a  corporate/4.0/x86_64/libxml2-utils-2.6.21-3.5.20060mlcs4.x86_64.rpm 
 574023fc66ddd864ba92102e82072f70  corporate/4.0/SRPMS/libxml2-2.6.21-3.5.20060mlcs4.src.rpm

2008.0 i586

 71a9b4c8f5248b988ca008c213196640  2008.0/i586/libxml2_2-2.6.30-1.5mdv2008.0.i586.rpm
 163076d3b60d4bf08174d0a270588021  2008.0/i586/libxml2-devel-2.6.30-1.5mdv2008.0.i586.rpm
 7b25013141a60bb5d858f5df395fa0bf  2008.0/i586/libxml2-python-2.6.30-1.5mdv2008.0.i586.rpm
 db1cd5648e65f1d0f91c17e5ea2eec03  2008.0/i586/libxml2-utils-2.6.30-1.5mdv2008.0.i586.rpm 
 7c3f9222ad55cfa0fb31817f32eb4985  2008.0/SRPMS/libxml2-2.6.30-1.5mdv2008.0.src.rpm

2009.0 i586

 83880aaa23cb8733fe8f22994eb60307  2009.0/i586/libxml2_2-2.7.1-1.2mdv2009.0.i586.rpm
 2e0bef0124aa53ad92db2d0d405482d8  2009.0/i586/libxml2-devel-2.7.1-1.2mdv2009.0.i586.rpm
 7e876ac1082e4bae1636d5c14191523a  2009.0/i586/libxml2-python-2.7.1-1.2mdv2009.0.i586.rpm
 a59ed2ad792a6abb3f39e35f27c79e02  2009.0/i586/libxml2-utils-2.7.1-1.2mdv2009.0.i586.rpm 
 a559631e1c75f2f970a22afe32f5e5bd  2009.0/SRPMS/libxml2-2.7.1-1.2mdv2009.0.src.rpm

CS3.0 x86_64

 98b4b68e8aa4ce9a3e2060118153f439  corporate/3.0/x86_64/lib64xml2-2.6.6-1.6.C30mdk.x86_64.rpm
 33e2c8678bab516a5d48a6973e7b1cfe  corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.6.C30mdk.x86_64.rpm
 92eddeb37ff21bec085e6f54e44c88dd  corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.6.C30mdk.x86_64.rpm
 1138b99907d100b83cdfffcfce35be4b  corporate/3.0/x86_64/libxml2-utils-2.6.6-1.6.C30mdk.x86_64.rpm 
 8f6860070e152e5edaac7bfa86fc875f  corporate/3.0/SRPMS/libxml2-2.6.6-1.6.C30mdk.src.rpm

2008.0 x86_64

 67b39168175be18091dfb82cb024e513  2008.0/x86_64/lib64xml2_2-2.6.30-1.5mdv2008.0.x86_64.rpm
 c1240bde112946c6bd76cd70b949ad11  2008.0/x86_64/lib64xml2-devel-2.6.30-1.5mdv2008.0.x86_64.rpm
 df89b0508f0c0767c13e66af3d1c2036  2008.0/x86_64/libxml2-python-2.6.30-1.5mdv2008.0.x86_64.rpm
 fd8ba653d5ed001e6b2e1240576087e4  2008.0/x86_64/libxml2-utils-2.6.30-1.5mdv2008.0.x86_64.rpm 
 7c3f9222ad55cfa0fb31817f32eb4985  2008.0/SRPMS/libxml2-2.6.30-1.5mdv2008.0.src.rpm

CS3.0 i586

 974d88697726c14617528f4ed84c5608  corporate/3.0/i586/libxml2-2.6.6-1.6.C30mdk.i586.rpm
 72f9e2fc81d89796c13300fefea98e99  corporate/3.0/i586/libxml2-devel-2.6.6-1.6.C30mdk.i586.rpm
 e5c6a6f29343d80767524408dd102862  corporate/3.0/i586/libxml2-python-2.6.6-1.6.C30mdk.i586.rpm
 72a18b737d538e2d230f08aca82b5c5e  corporate/3.0/i586/libxml2-utils-2.6.6-1.6.C30mdk.i586.rpm 
 8f6860070e152e5edaac7bfa86fc875f  corporate/3.0/SRPMS/libxml2-2.6.6-1.6.C30mdk.src.rpm

2008.1 x86_64

 a094032ece09aeaa09a3f2df2e6456a7  2008.1/x86_64/lib64xml2_2-2.6.31-1.4mdv2008.1.x86_64.rpm
 072e110afb79c6c30c75c575cdd1f5a6  2008.1/x86_64/lib64xml2-devel-2.6.31-1.4mdv2008.1.x86_64.rpm
 ef29f5cea22893d86c6a931314da13e3  2008.1/x86_64/libxml2-python-2.6.31-1.4mdv2008.1.x86_64.rpm
 418799ac3809b5a5f669934aa239785a  2008.1/x86_64/libxml2-utils-2.6.31-1.4mdv2008.1.x86_64.rpm 
 42f39fe32cffebaf6131084eca88078e  2008.1/SRPMS/libxml2-2.6.31-1.4mdv2008.1.src.rpm

2008.1 i586

 d1d556acfd6359e7b0744f5031debc4e  2008.1/i586/libxml2_2-2.6.31-1.4mdv2008.1.i586.rpm
 151a4fa3c3157fe5e1454bf731f6127e  2008.1/i586/libxml2-devel-2.6.31-1.4mdv2008.1.i586.rpm
 b751e039a46257e84f2e4fe4c3317073  2008.1/i586/libxml2-python-2.6.31-1.4mdv2008.1.i586.rpm
 718b49035deee4c364a6f57fee63e56f  2008.1/i586/libxml2-utils-2.6.31-1.4mdv2008.1.i586.rpm 
 42f39fe32cffebaf6131084eca88078e  2008.1/SRPMS/libxml2-2.6.31-1.4mdv2008.1.src.rpm

CS4.0 i586

 60ec0660197f4aff533b41baa28bcf75  corporate/4.0/i586/libxml2-2.6.21-3.5.20060mlcs4.i586.rpm
 9b081c51f489920a806e1f220ec84093  corporate/4.0/i586/libxml2-devel-2.6.21-3.5.20060mlcs4.i586.rpm
 9170a2fc6453bb760a189a0ef43eea8b  corporate/4.0/i586/libxml2-python-2.6.21-3.5.20060mlcs4.i586.rpm
 f29d2ee1dc29c74afad720b82d07d632  corporate/4.0/i586/libxml2-utils-2.6.21-3.5.20060mlcs4.i586.rpm 
 574023fc66ddd864ba92102e82072f70  corporate/4.0/SRPMS/libxml2-2.6.21-3.5.20060mlcs4.src.rpm

References