What Are You Looking For?

Sign Up
Date:         Tue, 11 Aug 2009 14:23:51 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Moderate: libxml and libxml2 on SL3.x, SL4.x,
              SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Moderate: libxml and libxml2 security update
Issue date:	2009-08-10
CVE Names:	CVE-2009-2414 CVE-2009-2416

CVE-2009-2414 libxml, libxml2, mingw32-libxml2: Stack overflow by 
parsing root XML element DTD definition
CVE-2009-2416 libxml, libxml2, mingw32-libxml2: Pointer use-after-free 
flaws by parsing Notation and Enumeration attribute types

A stack overflow flaw was found in the way libxml processes the root XML
document element definition in a DTD. A remote attacker could provide a
specially-crafted XML file, which once opened by a local, unsuspecting
user, would lead to denial of service (application crash). (CVE-2009-2414)

Multiple use-after-free flaws were found in the way libxml parses the
Notation and Enumeration attribute types. A remote attacker could provid
a specially-crafted XML file, which once opened by a local, unsuspecting
user, would lead to denial of service (application crash). (CVE-2009-2416)

The desktop must be restarted (log out, then log back in) for this 
update to take effect.

SL 3.0.x

       SRPMS:
libxml-1.8.17-9.3.src.rpm
libxml2-2.5.10-15.src.rpm
       i386:
libxml-1.8.17-9.3.i386.rpm
libxml2-2.5.10-15.i386.rpm
libxml2-devel-2.5.10-15.i386.rpm
libxml2-python-2.5.10-15.i386.rpm
libxml-devel-1.8.17-9.3.i386.rpm
       x86_64:
libxml-1.8.17-9.3.i386.rpm
libxml-1.8.17-9.3.x86_64.rpm
libxml2-2.5.10-15.i386.rpm
libxml2-2.5.10-15.x86_64.rpm
libxml2-devel-2.5.10-15.x86_64.rpm
libxml2-python-2.5.10-15.x86_64.rpm
libxml-devel-1.8.17-9.3.x86_64.rpm

SL 4.x

       SRPMS:
libxml2-2.6.16-12.7.src.rpm
       i386:
libxml2-2.6.16-12.7.i386.rpm
libxml2-devel-2.6.16-12.7.i386.rpm
libxml2-python-2.6.16-12.7.i386.rpm
       x86_64:
libxml2-2.6.16-12.7.i386.rpm
libxml2-2.6.16-12.7.x86_64.rpm
libxml2-devel-2.6.16-12.7.x86_64.rpm
libxml2-python-2.6.16-12.7.x86_64.rpm

SL 5.x

       SRPMS:
libxml2-2.6.26-2.1.2.8.src.rpm
       i386:
libxml2-2.6.26-2.1.2.8.i386.rpm
libxml2-devel-2.6.26-2.1.2.8.i386.rpm
libxml2-python-2.6.26-2.1.2.8.i386.rpm
       x86_64:
libxml2-2.6.26-2.1.2.8.i386.rpm
libxml2-2.6.26-2.1.2.8.x86_64.rpm
libxml2-devel-2.6.26-2.1.2.8.i386.rpm
libxml2-devel-2.6.26-2.1.2.8.x86_64.rpm
libxml2-python-2.6.26-2.1.2.8.x86_64.rpm


-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-2414 Moderate: libxml and libxml2 SL3.x, SL4.x,

Moderate: libxml and libxml2 security update

Summary

Date:         Tue, 11 Aug 2009 14:23:51 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA Moderate: libxml and libxml2 on SL3.x, SL4.x,              SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Moderate: libxml and libxml2 security updateIssue date:	2009-08-10CVE Names:	CVE-2009-2414 CVE-2009-2416CVE-2009-2414 libxml, libxml2, mingw32-libxml2: Stack overflow by parsing root XML element DTD definitionCVE-2009-2416 libxml, libxml2, mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute typesA stack overflow flaw was found in the way libxml processes the root XMLdocument element definition in a DTD. A remote attacker could provide aspecially-crafted XML file, which once opened by a local, unsuspectinguser, would lead to denial of service (application crash). (CVE-2009-2414)Multiple use-after-free flaws were found in the way libxml parses theNotation and Enumeration attribute types. A remote attacker could provida specially-crafted XML file, which once opened by a local, unsuspectinguser, would lead to denial of service (application crash). (CVE-2009-2416)The desktop must be restarted (log out, then log back in) for this update to take effect.SL 3.0.x       SRPMS:libxml-1.8.17-9.3.src.rpmlibxml2-2.5.10-15.src.rpm       i386:libxml-1.8.17-9.3.i386.rpmlibxml2-2.5.10-15.i386.rpmlibxml2-devel-2.5.10-15.i386.rpmlibxml2-python-2.5.10-15.i386.rpmlibxml-devel-1.8.17-9.3.i386.rpm       x86_64:libxml-1.8.17-9.3.i386.rpmlibxml-1.8.17-9.3.x86_64.rpmlibxml2-2.5.10-15.i386.rpmlibxml2-2.5.10-15.x86_64.rpmlibxml2-devel-2.5.10-15.x86_64.rpmlibxml2-python-2.5.10-15.x86_64.rpmlibxml-devel-1.8.17-9.3.x86_64.rpmSL 4.x       SRPMS:libxml2-2.6.16-12.7.src.rpm       i386:libxml2-2.6.16-12.7.i386.rpmlibxml2-devel-2.6.16-12.7.i386.rpmlibxml2-python-2.6.16-12.7.i386.rpm       x86_64:libxml2-2.6.16-12.7.i386.rpmlibxml2-2.6.16-12.7.x86_64.rpmlibxml2-devel-2.6.16-12.7.x86_64.rpmlibxml2-python-2.6.16-12.7.x86_64.rpmSL 5.x       SRPMS:libxml2-2.6.26-2.1.2.8.src.rpm       i386:libxml2-2.6.26-2.1.2.8.i386.rpmlibxml2-devel-2.6.26-2.1.2.8.i386.rpmlibxml2-python-2.6.26-2.1.2.8.i386.rpm       x86_64:libxml2-2.6.26-2.1.2.8.i386.rpmlibxml2-2.6.26-2.1.2.8.x86_64.rpmlibxml2-devel-2.6.26-2.1.2.8.i386.rpmlibxml2-devel-2.6.26-2.1.2.8.x86_64.rpmlibxml2-python-2.6.26-2.1.2.8.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

Kali vs. ParrotOS: 2 Versatile Linux Distros for Security Pros

Dec 9, 2023

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo