Fedora Core 2 LIBXML2 Update FEDORA-2004-353 Critical Buffer Overflow

This library allows to manipulate XML files. It includes support

to read, modify and write XML and HTML files. There is DTDs support

this includes parsing and validation even with complex DtDs, either

at parse time or later once the document has been modified. The output

can be a simple SAX stream or and in-memory DOM like representations.

In this case one can use the built-in XPath and XPointer implementation

to select subnodes or ranges. A flexible Input/Output mechanism is

available, with existing HTTP and FTP modules and combined to an

URI library.

Updated libxml2 packages fixes security vulnerabilities

libxml2 is a library for manipulating XML files.

Multiple buffer overflow bugs have been found libxml2 versions prior to 2.6.14. If an attacker can trick a user into passing a specially crafted FTP URL or FTP proxy URL to libxml2, it could be possible to execute arbitrary code. Additionally, if an attacker can return a specially crafted DNS request to libxml, it is possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0989 to this issue.

All users are advised to upgrade to these updated packages, which contain fixes and are not vulnerable to this issue.

* Wed Oct 27 2004 Daniel Veillard <veillard@redhat.com> 2.6.15-2

- upstream release 2.6.15 see NEWS · master · GNOME / libxml2 · GitLab - incorporate a security fix for #137266 security problem

This update can be downloaded from:

18b21e3d001164d71a53d121c0fd806f SRPMS/libxml2-2.6.15-2.src.rpm 1096a0ad82686ac816a9...