LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2011-7856 (libxml)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 14 Update: libxml-1.8.17-27.fc14 


Date:
    	      Sat, 02 Jul 2011 19:27:30 +0000


Message-ID:
    	      <20110702192730.57F78110E41@bastion02.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-7856
2011-06-03 05:04:03
--------------------------------------------------------------------------------

Name        : libxml
Product     : Fedora 14
Version     : 1.8.17
Release     : 27.fc14
URL         : http://veillard.com/XML/
Summary     : Old XML library for Gnome-1 application compatibility
Description :
This library allows old Gnome-1 applications to manipulate XML files.

--------------------------------------------------------------------------------
Update Information:

This update addresses CVE-2011-1944 (heap-based buffer overflow by adding a new namespace node to
an existing nodeset or merging nodesets). It is described in detail at
http://scarybeastsecurity.blogspot.com/2011/05/libxml-vul...

It also fixes the broken xpath implementation, which was crashing in the regression test suite on
32-bit architectures and failing some of the tests on all architectures.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun  3 2011 Paul Howarth <paul@city-fan.org> 1:1.8.17-27
- fix segfault and regressions in xpath tests
- use a patch rather than iconv to fix the ChangeLog encoding
* Thu Jun  2 2011 Paul Howarth <paul@city-fan.org> 1:1.8.17-26
- add patch for CVE-2011-1944 (#709751)
- add %check section and run regression tests (note that diffs appearing in
  the output do not cause the build to fail)
- nobody else likes macros for commands
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.8.17-25
- rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new
namespace node to an existing nodeset or merging nodesets
        https://bugzilla.redhat.com/show_bug.cgi?id=709747
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update libxml' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds