LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Scientific Linux alert SL-libx-20121129 (libxml2)



From:
    	      Pat Riehecky <riehecky@fnal.gov> 


To:
    	      "SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV"
	<SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV> 


Subject:
    	      Security ERRATA Important: libxml2 on SL5.x, SL6.x i386/x86_64 


Date:
    	      Thu, 29 Nov 2012 15:44:31 -0600


Message-ID:
    	      <50B7D73F.4060105@fnal.gov>


Archive-link:
    	      Article, Thread
              


Synopsis:          Important: libxml2 security update
Issue Date:        2012-11-29
CVE Numbers:       CVE-2012-5134
--

A heap-based buffer underflow flaw was found in the way libxml2 decoded
certain entities. A remote attacker could provide a specially-crafted XML
file that, when opened in an application linked against libxml2, would
cause the application to crash or, potentially, execute arbitrary code with
the privileges of the user running the application. (CVE-2012-5134)

The desktop must be restarted (log out, then log back in) for this update
to take effect.
--

SL5
   x86_64
     libxml2-2.6.26-2.1.15.el5_8.6.i386.rpm
     libxml2-2.6.26-2.1.15.el5_8.6.x86_64.rpm
     libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.i386.rpm
     libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.x86_64.rpm
     libxml2-python-2.6.26-2.1.15.el5_8.6.x86_64.rpm
     libxml2-devel-2.6.26-2.1.15.el5_8.6.i386.rpm
     libxml2-devel-2.6.26-2.1.15.el5_8.6.x86_64.rpm
   i386
     libxml2-2.6.26-2.1.15.el5_8.6.i386.rpm
     libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.i386.rpm
     libxml2-python-2.6.26-2.1.15.el5_8.6.i386.rpm
     libxml2-devel-2.6.26-2.1.15.el5_8.6.i386.rpm
SL6
   x86_64
     libxml2-2.7.6-8.el6_3.4.i686.rpm
     libxml2-2.7.6-8.el6_3.4.x86_64.rpm
     libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm
     libxml2-debuginfo-2.7.6-8.el6_3.4.x86_64.rpm
     libxml2-python-2.7.6-8.el6_3.4.x86_64.rpm
     libxml2-devel-2.7.6-8.el6_3.4.i686.rpm
     libxml2-devel-2.7.6-8.el6_3.4.x86_64.rpm
     libxml2-static-2.7.6-8.el6_3.4.x86_64.rpm
   i386
     libxml2-2.7.6-8.el6_3.4.i686.rpm
     libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm
     libxml2-python-2.7.6-8.el6_3.4.i686.rpm
     libxml2-devel-2.7.6-8.el6_3.4.i686.rpm
     libxml2-static-2.7.6-8.el6_3.4.i686.rpm

- Scientific Linux Development Team
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds