User: Password:
|
|
Subscribe / Log in / New account

Fedora alert FEDORA-2009-8594 (libxml)

From:  updates@fedoraproject.org
To:  fedora-package-announce@redhat.com
Subject:  [SECURITY] Fedora 10 Update: libxml-1.8.17-24.fc10
Date:  Sat, 15 Aug 2009 08:20:49 +0000
Message-ID:  <20090815082049.12C9F10F85B@bastion2.fedora.phx.redhat.com>
Archive-link:  Article, Thread

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-8594 2009-08-15 07:20:42 -------------------------------------------------------------------------------- Name : libxml Product : Fedora 10 Version : 1.8.17 Release : 24.fc10 URL : http://veillard.com/XML/ Summary : Old XML library for Gnome-1 application compatibility Description : This library allows old Gnome-1 applications to manipulate XML files. -------------------------------------------------------------------------------- Update Information: This update includes patches from RHEL-3 addressing a number of security vulnerabilities: - CVE-2004-0110 (arbitrary code execution via a long URL) - CVE-2004-0989 (arbitrary code execution via a long URL) - CVE-2009-2414 (stack consumption DoS vulnerabilities) - CVE-2009-2416 (use-after-free DoS vulnerabilities) -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 12 2009 Paul Howarth <paul@city-fan.org> 1:1.8.17-24 - renumber existing patches to free up low-numbered patches for EL-3 patches - add patch for CAN-2004-0110 and CAN-2004-0989 (#139090) - add patch for CVE-2009-2414 and CVE-2009-2416 (#515195, #515205) * Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> 1:1.8.17-23 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Mon Apr 20 2009 Paul Howarth <paul@city-fan.org> 1:1.8.17-22 - rebuild for %{_isa} provides/requires * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> 1:1.8.17-21 - rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #430644 - CVE-2004-0110 libxml2 long URL causes SEGV https://bugzilla.redhat.com/show_bug.cgi?id=430644 [ 2 ] Bug #430645 - CVE-2004-0989 libxml2 various overflows https://bugzilla.redhat.com/show_bug.cgi?id=430645 [ 3 ] Bug #515195 - CVE-2009-2414 libxml, libxml2: Stack overflow by parsing root XML element DTD definition https://bugzilla.redhat.com/show_bug.cgi?id=515195 [ 4 ] Bug #515205 - CVE-2009-2416 libxml, libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types https://bugzilla.redhat.com/show_bug.cgi?id=515205 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libxml' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds