What Are You Looking For?

Sign Up
Date:         Tue, 18 Nov 2008 14:36:13 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Important: libxml2 security update
Issue date:	2008-11-17
CVE Names:	CVE-2008-4225 CVE-2008-4226

An integer overflow flaw causing a heap-based buffer overflow was found in
the libxml2 XML parser. If an application linked against libxml2 processed
untrusted, malformed XML content, it could cause the application to crash
or, possibly, execute arbitrary code. (CVE-2008-4226)

A denial of service flaw was discovered in the libxml2 XML parser. If an
application linked against libxml2 processed untrusted, malformed XML
content, it could cause the application to enter an infinite loop.
(CVE-2008-4225)

SL 3.0.x

      SRPMS:
libxml2-2.5.10-14.src.rpm
      i386:
libxml2-2.5.10-14.i386.rpm
libxml2-devel-2.5.10-14.i386.rpm
libxml2-python-2.5.10-14.i386.rpm
      x86_64:
libxml2-2.5.10-14.i386.rpm
libxml2-2.5.10-14.x86_64.rpm
libxml2-devel-2.5.10-14.x86_64.rpm
libxml2-python-2.5.10-14.x86_64.rpm

SL 4.x

      SRPMS:
libxml2-2.6.16-12.6.src.rpm
      i386:
libxml2-2.6.16-12.6.i386.rpm
libxml2-devel-2.6.16-12.6.i386.rpm
libxml2-python-2.6.16-12.6.i386.rpm
      x86_64:
libxml2-2.6.16-12.6.i386.rpm
libxml2-2.6.16-12.6.x86_64.rpm
libxml2-devel-2.6.16-12.6.x86_64.rpm
libxml2-python-2.6.16-12.6.x86_64.rpm

SL 5.x

      SRPMS:
libxml2-2.6.26-2.1.2.7.src.rpm
      i386:
libxml2-2.6.26-2.1.2.7.i386.rpm
libxml2-devel-2.6.26-2.1.2.7.i386.rpm
libxml2-python-2.6.26-2.1.2.7.i386.rpm
      x86_64:
libxml2-2.6.26-2.1.2.7.i386.rpm
libxml2-2.6.26-2.1.2.7.x86_64.rpm
libxml2-devel-2.6.26-2.1.2.7.i386.rpm
libxml2-devel-2.6.26-2.1.2.7.x86_64.rpm
libxml2-python-2.6.26-2.1.2.7.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2008-4225 libxml2 SL3.x, SL4.x, SL5.x i386/x86_64

Important: libxml2 security update

Summary

Date:         Tue, 18 Nov 2008 14:36:13 -0600Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA for libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Important: libxml2 security updateIssue date:	2008-11-17CVE Names:	CVE-2008-4225 CVE-2008-4226An integer overflow flaw causing a heap-based buffer overflow was found inthe libxml2 XML parser. If an application linked against libxml2 processeduntrusted, malformed XML content, it could cause the application to crashor, possibly, execute arbitrary code. (CVE-2008-4226)A denial of service flaw was discovered in the libxml2 XML parser. If anapplication linked against libxml2 processed untrusted, malformed XMLcontent, it could cause the application to enter an infinite loop.(CVE-2008-4225)SL 3.0.x      SRPMS:libxml2-2.5.10-14.src.rpm      i386:libxml2-2.5.10-14.i386.rpmlibxml2-devel-2.5.10-14.i386.rpmlibxml2-python-2.5.10-14.i386.rpm      x86_64:libxml2-2.5.10-14.i386.rpmlibxml2-2.5.10-14.x86_64.rpmlibxml2-devel-2.5.10-14.x86_64.rpmlibxml2-python-2.5.10-14.x86_64.rpmSL 4.x      SRPMS:libxml2-2.6.16-12.6.src.rpm      i386:libxml2-2.6.16-12.6.i386.rpmlibxml2-devel-2.6.16-12.6.i386.rpmlibxml2-python-2.6.16-12.6.i386.rpm      x86_64:libxml2-2.6.16-12.6.i386.rpmlibxml2-2.6.16-12.6.x86_64.rpmlibxml2-devel-2.6.16-12.6.x86_64.rpmlibxml2-python-2.6.16-12.6.x86_64.rpmSL 5.x      SRPMS:libxml2-2.6.26-2.1.2.7.src.rpm      i386:libxml2-2.6.26-2.1.2.7.i386.rpmlibxml2-devel-2.6.26-2.1.2.7.i386.rpmlibxml2-python-2.6.26-2.1.2.7.i386.rpm      x86_64:libxml2-2.6.26-2.1.2.7.i386.rpmlibxml2-2.6.26-2.1.2.7.x86_64.rpmlibxml2-devel-2.6.26-2.1.2.7.i386.rpmlibxml2-devel-2.6.26-2.1.2.7.x86_64.rpmlibxml2-python-2.6.26-2.1.2.7.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo