Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Scientific Linux: CVE-2012-5134 Important Libxml2 Update for crash Risk

Scientific Large Esm H446
Important: libxml2 security update
Date: Thu, 29 Nov 2012 15:44:31 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: Security ERRATA Important: libxml2 on SL5.x, SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: libxml2 security update
Issue Date: 2012-11-29
CVE Numbers: CVE-2012-5134
--

A heap-based buffer underflow flaw was found in the way libxml2 decoded
certain entities. A remote attacker could provide a specially-crafted XML
file that, when opened in an application linked against libxml2, would
cause the application to crash or, potentially, execute arbitrary code with
the privileges of the user running the application. (CVE-2012-5134)

The desktop must be restarted (log out, then log back in) for this update
to take effect.
--

SL5
 x86_64
 libxml2-2.6.26-2.1.15.el5_8.6.i386.rpm
 libxml2-2.6.26-2.1.15.el5_8.6.x86_64.rpm
 libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.i386.rpm
 libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.x86_64.rpm
 libxml2-python-2.6.26-2.1.15.el5_8.6.x86_64.rpm
 libxml2-devel-2.6.26-2.1.15.el5_8.6.i386.rpm
 libxml2-devel-2.6.26-2.1.15.el5_8.6.x86_64.rpm
 i386
 libxml2-2.6.26-2.1.15.el5_8.6.i386.rpm
 libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.i386.rpm
 libxml2-python-2.6.26-2.1.15.el5_8.6.i386.rpm
 libxml2-devel-2.6.26-2.1.15.el5_8.6.i386.rpm
SL6
 x86_64
 libxml2-2.7.6-8.el6_3.4.i686.rpm
 libxml2-2.7.6-8.el6_3.4.x86_64.rpm
 libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm
 libxml2-debuginfo-2.7.6-8.el6_3.4.x86_64.rpm
 libxml2-python-2.7.6-8.el6_3.4.x86_64.rpm
 libxml2-devel-2.7.6-8.el6_3.4.i686.rpm
 libxml2-devel-2.7.6-8.el6_3.4.x86_64.rpm
 libxml2-static-2.7.6-8.el6_3.4.x86_64.rpm
 i386
 libxml2-2.7.6-8.el6_3.4.i686.rpm
 libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm
 libxml2-python-2.7.6-8.el6_3.4.i686.rpm
 libxml2-devel-2.7.6-8.el6_3.4.i686.rpm
 libxml2-static-2.7.6-8.el6_3.4.i686.rpm

- Scientific Linux Development Team
Your message here