Debian 3.0 DSA 582-1 Critical: Libxml Remote Code Execution
debian
November 2, 2004
"infamous41md" discovered several buffer overflows in libxml and libxml2, the XML C parser and toolkits for GNOME
Topics Covered
Summary
"infamous41md" discovered several buffer overflows in libxml and
libxml2, the XML C parser and toolkits for GNOME. Missing boundary
checks could cause several buffers to be overflown, which may cause
the client to execute arbitrary code.
The following vulnerability matrix lists corrected versions of these
libraries:
For the stable distribution (woody) these problems have been fixed in
version 1.8.17-2woody2 of libxml and in version 2.4.19-4woody2 of
libxml2.
For the unstable distribution (sid) these problems have been fixed in
version 1.8.17-9 of libxml and in version 2.6.11-5 of libxml2.
These problems have also been fixed in version 2.6.15-1 of libxml2 in
the experimental distribution.
We recommend that you upgrade your libxml packages.
Upgrade Instructions
--------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will upda...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: libxml, libxml2
CVE ID: CAN-2004-0989
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!