Linux Security
    Linux Security
    Linux Security

    Debian: DSA-2128-1: New libxml2 packages fix potential code execution

    Date 01 Dec 2010
    146
    Posted By LinuxSecurity Advisories
    Bui Quang Minh discovered that libxml2, a library for parsing and handling XML data files, does not well process a malformed XPATH, causing crash and allowing arbitrary code execution.
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2128-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                        Giuseppe Iuculano
    December 01, 2010                     https://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : libxml2
    Vulnerability  : invalid memory access
    Problem type   : local (remote)
    Debian-specific: no
    CVE ID         : CVE-2010-4008
    
    Bui Quang Minh discovered that libxml2, a library for parsing and
    handling XML data files, does not well process a malformed XPATH,
    causing crash and allowing arbitrary code execution.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 2.6.32.dfsg-5+lenny2.
    
    For the testing (squeeze) and unstable (sid) distribution, this problem
    has been fixed in version 2.7.8.dfsg-1.
    
    We recommend that you upgrade your libxml2 package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg.orig.tar.gz
        Size/MD5 checksum:  3425843 bb11c95674e775b791dab2d15e630fa4
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2.dsc
        Size/MD5 checksum:     1985 e1a498ed2e38225c5d10aaf834d9e0b9
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2.diff.gz
        Size/MD5 checksum:    83947 7af1ff46c9cacd57e7f977b295b39084
    
    Architecture independent packages:
    
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.32.dfsg-5+lenny2_all.deb
        Size/MD5 checksum:  1307172 ceec72214783bdfc9d7643ea31a61d50
    
    alpha architecture (DEC Alpha)
    
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_alpha.deb
        Size/MD5 checksum:   920664 429d086d4861511c6d9130bd7a165698
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_alpha.deb
        Size/MD5 checksum:   856680 fccba5f6884b74e873730e3140e0bad5
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_alpha.deb
        Size/MD5 checksum:   920616 33f850cafef51a45ef04714c9900e737
      https://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_alpha.deb
        Size/MD5 checksum:   292784 2f2ad873f9f50a0400960264ba823aec
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_alpha.deb
        Size/MD5 checksum:    38026 e3f0bf3fe0f804bcd39df854e420cee6
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_amd64.deb
        Size/MD5 checksum:   988474 ea406c325fe1d3cf8e80eed39ff61f7e
      https://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_amd64.deb
        Size/MD5 checksum:   295940 2a1754d35048a827dfeac4ee25f238d5
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_amd64.deb
        Size/MD5 checksum:    37328 0b6af9c052e005c439658215027eeead
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_amd64.deb
        Size/MD5 checksum:   774114 0c714b77c96e4d840048edbce00d959f
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_amd64.deb
        Size/MD5 checksum:   860726 cf7d9638a12709f527898f9c91ec389d
    
    arm architecture (ARM)
    
      https://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_arm.deb
        Size/MD5 checksum:   246210 484d790396e82318e4eb5e38903497d9
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_arm.deb
        Size/MD5 checksum:   898986 5cbab6f3b7fa8df4a406d03eaa5762a2
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_arm.deb
        Size/MD5 checksum:   685530 9b9ea967472806e4f4b0d713d7198706
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_arm.deb
        Size/MD5 checksum:   782546 1dec5ad219c1f69439936f172323b4d3
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_arm.deb
        Size/MD5 checksum:    35174 f15d1f05b68e8299b2084315feea6078
    
    armel architecture (ARM EABI)
    
      https://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_armel.deb
        Size/MD5 checksum:   247756 4809a4f17729bfec952e25aeff5f612b
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_armel.deb
        Size/MD5 checksum:   906754 ee3e37855a6699771d3612180632a1df
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_armel.deb
        Size/MD5 checksum:   790732 0df793cc442fd5aff099c60852cfd031
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_armel.deb
        Size/MD5 checksum:    34258 95bb668363b085e6fea0848444ff0a42
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_armel.deb
        Size/MD5 checksum:   692210 acb1820adf968e8011d16b94cdc6d18c
    
    hppa architecture (HP PA RISC)
    
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_hppa.deb
        Size/MD5 checksum:   867348 656a379b6cd2f3bc167c4c580f4f9588
      https://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_hppa.deb
        Size/MD5 checksum:   300124 646af54075ce65b1f318773e55f3b8ae
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_hppa.deb
        Size/MD5 checksum:    36974 6595d5ef74d9710d4498159da8fe8879
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_hppa.deb
        Size/MD5 checksum:   931526 94752ea0ec5e56c0ce2bfa6fd8ffc7c2
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_hppa.deb
        Size/MD5 checksum:   889446 3342e94f7cb0f5c89f4a95969750d6fe
    
    i386 architecture (Intel ia32)
    
      https://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_i386.deb
        Size/MD5 checksum:   264698 ce75352a38803aa7d94111c44ccc7a30
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_i386.deb
        Size/MD5 checksum:   945316 95cf7cbbb06087b7f18c52f897b4ba78
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_i386.deb
        Size/MD5 checksum:   814750 df1f647ba1306ce5138b50f06089d3db
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_i386.deb
        Size/MD5 checksum:   698690 4e54bd82a4b679478806da0e14212268
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_i386.deb
        Size/MD5 checksum:    33754 92c4c50e1a3f6160ab72316d1cf678ba
    
    ia64 architecture (Intel ia64)
    
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_ia64.deb
        Size/MD5 checksum:    48096 df26f8dc1b4e78de97d22fb6f328844d
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_ia64.deb
        Size/MD5 checksum:  1144394 8a3e9d36f7bcebc74fe83f2f602197c6
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_ia64.deb
        Size/MD5 checksum:  1150678 6efac0dc67e48b20922bc321ad14b1ed
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_ia64.deb
        Size/MD5 checksum:   926300 8381127e0f7f55f23a5a798ec6a043b5
      https://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_ia64.deb
        Size/MD5 checksum:   320066 c18be638d183a965bcff61cbef015b44
    
    mipsel architecture (MIPS (Little Endian))
    
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_mipsel.deb
        Size/MD5 checksum:   975846 27602acbf39c6086b0ccccc2a075888c
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_mipsel.deb
        Size/MD5 checksum:   809424 62a1a3153b1f2898bd36914b9d953a59
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_mipsel.deb
        Size/MD5 checksum:   821888 df10f6c3fa7dd05d6aeba73b8a82fe7a
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_mipsel.deb
        Size/MD5 checksum:    34188 489be157e2061a3e958a1c9693f6fb07
      https://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_mipsel.deb
        Size/MD5 checksum:   252622 ffe51c47bcaa9883addae4da42850e8a
    
    powerpc architecture (PowerPC)
    
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_powerpc.deb
        Size/MD5 checksum:   950566 3ad6dc272c21e8f849fb06cca054dcd6
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_powerpc.deb
        Size/MD5 checksum:    42054 1b29e288243c30441833b359a36cd09f
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_powerpc.deb
        Size/MD5 checksum:   834730 e79241dec4e3e7328e305a8fb0505d18
      https://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_powerpc.deb
        Size/MD5 checksum:   285718 df9b1705a6faea8bd1a3f0db9464f4c1
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_powerpc.deb
        Size/MD5 checksum:   789938 1831f4e506ea36d5d6dbf4af3864835e
    
    s390 architecture (IBM S/390)
    
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_s390.deb
        Size/MD5 checksum:    38078 b238d71479ae8c7dfdce22b7b96e96f6
      https://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_s390.deb
        Size/MD5 checksum:   297668 87fc74097472950250bdef49cfc1401d
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_s390.deb
        Size/MD5 checksum:   854128 bba7607e556f4d03578a6fd7b206c542
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_s390.deb
        Size/MD5 checksum:   762632 aaf2e13c002c2128fd8f06b49e8b0079
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_s390.deb
        Size/MD5 checksum:   968000 20682a3eddbc11161cabe014eb67cc2f
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_sparc.deb
        Size/MD5 checksum:    36538 c94d075d63dfa8c35cdca960d12e1ba7
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_sparc.deb
        Size/MD5 checksum:   845248 9b9da876e13164f4346e7efcf9b94a96
      https://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_sparc.deb
        Size/MD5 checksum:   279186 1f5a7299a4c7fbf27d73d017909679e9
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_sparc.deb
        Size/MD5 checksum:   727602 b1b0633a4bdb40f1e0a341a1b86c812c
      https://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_sparc.deb
        Size/MD5 checksum:   803608 8a339109db809222dd0dd9e795062fa2
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and https://packages.debian.org/
    

    Advisories

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.