Login
Newsletter
Werbung
Sicherheit: Ausführen beliebiger Kommandos in libxml
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in libxml
ID: MDVSA-2011:131
Distribution: Mandriva
Plattformen: Mandriva Corporate 4.0, Mandriva 2009.0, Mandriva Enterprise Server 5.0, Mandriva 2010.1
Datum: Mo, 5. September 2011, 13:27
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1944
Applikationen: libxml2

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1315219332-3088-180

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:131
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libxml
 Date    : September 5, 2011
 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in
 libxml/libxml2:
 
 Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x
 through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent
 attackers to cause a denial of service (crash) and possibly execute
 arbitrary code via a crafted XML file that triggers a heap-based
 buffer overflow when adding a new namespace node, related to handling
 of XPath expressions (CVE-2011-1944).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1944
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 91a56eed57c4c5334b06dfa08cbc71c3 
 2009.0/i586/libxml1-1.8.17-14.2mdv2009.0.i586.rpm
 4b302ddcc4ec729431381b55b2a7f0f5 
 2009.0/i586/libxml1-devel-1.8.17-14.2mdv2009.0.i586.rpm
 07da42454f8b366c4eaad9c3454c0169 
 2009.0/i586/libxml2_2-2.7.1-1.7mdv2009.0.i586.rpm
 2f1a7997a3b3d990beb1920958c5e653 
 2009.0/i586/libxml2-devel-2.7.1-1.7mdv2009.0.i586.rpm
 088b45969e6ed600061f1443d66b8e03 
 2009.0/i586/libxml2-python-2.7.1-1.7mdv2009.0.i586.rpm
 4388c61a1fd0e29253788b5b0ed50b9f 
 2009.0/i586/libxml2-utils-2.7.1-1.7mdv2009.0.i586.rpm 
 0832d7b58dff4e3bebe76f32e0c7ce99 
 2009.0/SRPMS/libxml-1.8.17-14.2mdv2009.0.src.rpm
 06353372b3a8416494b67dd4ee0f1124 
 2009.0/SRPMS/libxml2-2.7.1-1.7mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 a671a890dcfe6acb098b0ef93b3a7277 
 2009.0/x86_64/lib64xml1-1.8.17-14.2mdv2009.0.x86_64.rpm
 8bcf9273a93a4d2d8092b128a3ba9b6b 
 2009.0/x86_64/lib64xml1-devel-1.8.17-14.2mdv2009.0.x86_64.rpm
 ca24cc56951cdaad1e91e49aab41b1e0 
 2009.0/x86_64/lib64xml2_2-2.7.1-1.7mdv2009.0.x86_64.rpm
 cef2fec84782932f31a33e5ea03296d5 
 2009.0/x86_64/lib64xml2-devel-2.7.1-1.7mdv2009.0.x86_64.rpm
 9d9982274c97538eaea39f84a2e59348 
 2009.0/x86_64/libxml2-python-2.7.1-1.7mdv2009.0.x86_64.rpm
 52af9613cb44df27be47c9ed836f1a62 
 2009.0/x86_64/libxml2-utils-2.7.1-1.7mdv2009.0.x86_64.rpm 
 0832d7b58dff4e3bebe76f32e0c7ce99 
 2009.0/SRPMS/libxml-1.8.17-14.2mdv2009.0.src.rpm
 06353372b3a8416494b67dd4ee0f1124 
 2009.0/SRPMS/libxml2-2.7.1-1.7mdv2009.0.src.rpm

 Mandriva Linux 2010.1:
 fe18b539e7c96fd88579e468b61a998d 
 2010.1/i586/libxml1-1.8.17-16.1mdv2010.2.i586.rpm
 613776b0f23dc278ac80a5f55a4895c4 
 2010.1/i586/libxml1-devel-1.8.17-16.1mdv2010.2.i586.rpm
 48a053d4bd69449ad6b946e8c944b6db 
 2010.1/i586/libxml2_2-2.7.7-1.3mdv2010.2.i586.rpm
 2642e7a2bd1f5173581808b8639ce843 
 2010.1/i586/libxml2-devel-2.7.7-1.3mdv2010.2.i586.rpm
 8c438c598bee68ff0014e1d7bb0e2025 
 2010.1/i586/libxml2-python-2.7.7-1.3mdv2010.2.i586.rpm
 4b886076f75ff7e935fff0c0857fad50 
 2010.1/i586/libxml2-utils-2.7.7-1.3mdv2010.2.i586.rpm 
 1cd36384a94985bf4d162dc3c9600f07 
 2010.1/SRPMS/libxml-1.8.17-16.1mdv2010.2.src.rpm
 2667d2e2762160cc57742fec24ecb9fe 
 2010.1/SRPMS/libxml2-2.7.7-1.3mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 5ea2dfe12abf2f3eb7bee79de1ebeeca 
 2010.1/x86_64/lib64xml1-1.8.17-16.1mdv2010.2.x86_64.rpm
 17b07159ee11d98a4960f51d798c85f7 
 2010.1/x86_64/lib64xml1-devel-1.8.17-16.1mdv2010.2.x86_64.rpm
 0bb5a486250b26e842eba791d950037b 
 2010.1/x86_64/lib64xml2_2-2.7.7-1.3mdv2010.2.x86_64.rpm
 ca633e675ae7e47374cf08a4317b2a6e 
 2010.1/x86_64/lib64xml2-devel-2.7.7-1.3mdv2010.2.x86_64.rpm
 f86f1c06557db0dc16e9c91e3948f1b3 
 2010.1/x86_64/libxml2-python-2.7.7-1.3mdv2010.2.x86_64.rpm
 7643a6230845023113e69a8f8b6823e9 
 2010.1/x86_64/libxml2-utils-2.7.7-1.3mdv2010.2.x86_64.rpm 
 1cd36384a94985bf4d162dc3c9600f07 
 2010.1/SRPMS/libxml-1.8.17-16.1mdv2010.2.src.rpm
 2667d2e2762160cc57742fec24ecb9fe 
 2010.1/SRPMS/libxml2-2.7.7-1.3mdv2010.2.src.rpm

 Corporate 4.0:
 402c97c08d9bf2ba42d0504a8ff33005 
 corporate/4.0/i586/libxml1-1.8.17-8.2.20060mlcs4.i586.rpm
 985da139b830931af9722d0c5d312294 
 corporate/4.0/i586/libxml1-devel-1.8.17-8.2.20060mlcs4.i586.rpm
 43cec07af16e82483b6427b1b3b4332d 
 corporate/4.0/i586/libxml2-2.6.21-3.8.20060mlcs4.i586.rpm
 d57401514fed3d02a97c6e1f8de9c2ed 
 corporate/4.0/i586/libxml2-devel-2.6.21-3.8.20060mlcs4.i586.rpm
 62dc3d0c18468831cabb88f0df1ea876 
 corporate/4.0/i586/libxml2-python-2.6.21-3.8.20060mlcs4.i586.rpm
 9d13363c56340d67f12968961c89af02 
 corporate/4.0/i586/libxml2-utils-2.6.21-3.8.20060mlcs4.i586.rpm 
 22ce70e90f2719288405f1d4282c55ea 
 corporate/4.0/SRPMS/libxml-1.8.17-8.2.20060mlcs4.src.rpm
 26425f4e3d07a58f1b4827a783b6077b 
 corporate/4.0/SRPMS/libxml2-2.6.21-3.8.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 92ef0e8a9d2448cd24a85f4d7a35190b 
 corporate/4.0/x86_64/lib64xml1-1.8.17-8.2.20060mlcs4.x86_64.rpm
 bd6f5650ff6cde96c05c3f4c5a09440b 
 corporate/4.0/x86_64/lib64xml1-devel-1.8.17-8.2.20060mlcs4.x86_64.rpm
 6c05200933b04e0f0f71b7600de61189 
 corporate/4.0/x86_64/lib64xml2-2.6.21-3.8.20060mlcs4.x86_64.rpm
 6756b137efaebf0b1419520fc9902054 
 corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.8.20060mlcs4.x86_64.rpm
 cea73dd9d481f07246a0664b142dd45d 
 corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.8.20060mlcs4.x86_64.rpm
 e2637f851df5fd149c5401417cb73896 
 corporate/4.0/x86_64/libxml2-utils-2.6.21-3.8.20060mlcs4.x86_64.rpm 
 22ce70e90f2719288405f1d4282c55ea 
 corporate/4.0/SRPMS/libxml-1.8.17-8.2.20060mlcs4.src.rpm
 26425f4e3d07a58f1b4827a783b6077b 
 corporate/4.0/SRPMS/libxml2-2.6.21-3.8.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 c03b908359fb7ef82e44dc59edc13b47 
 mes5/i586/libxml1-1.8.17-14.2mdvmes5.2.i586.rpm
 30267679811b29923781a45ae90190e7 
 mes5/i586/libxml1-devel-1.8.17-14.2mdvmes5.2.i586.rpm
 4241bca8cc29970da37cdffb2a8d6103 
 mes5/i586/libxml2_2-2.7.1-1.7mdvmes5.2.i586.rpm
 b32c170ab352b018752bd0c43b35bb94 
 mes5/i586/libxml2-devel-2.7.1-1.7mdvmes5.2.i586.rpm
 1e0d8a63466d2268dc282cf87124d47e 
 mes5/i586/libxml2-python-2.7.1-1.7mdvmes5.2.i586.rpm
 933577bbf7b4053a0fb464900fe33c9b 
 mes5/i586/libxml2-utils-2.7.1-1.7mdvmes5.2.i586.rpm 
 ec3cfda9b1d0a101c764f91144b705b2 
 mes5/SRPMS/libxml-1.8.17-14.2mdvmes5.2.src.rpm
 f202196d22e25ee400bc9cc8dc4fbc7e 
 mes5/SRPMS/libxml2-2.7.1-1.7mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 9436d1e3965fdf642d6dbec17fa341ad 
 mes5/x86_64/lib64xml1-1.8.17-14.2mdvmes5.2.x86_64.rpm
 c08042169fae24bc4e9df16374c8bb7e 
 mes5/x86_64/lib64xml1-devel-1.8.17-14.2mdvmes5.2.x86_64.rpm
 ad465eb0990cef9c184f5441d7e96494 
 mes5/x86_64/lib64xml2_2-2.7.1-1.7mdvmes5.2.x86_64.rpm
 5ac8d3dbb5a82432ade622003d2fc7f5 
 mes5/x86_64/lib64xml2-devel-2.7.1-1.7mdvmes5.2.x86_64.rpm
 89caf5e28075d8ab6c9267b9b3c24994 
 mes5/x86_64/libxml2-python-2.7.1-1.7mdvmes5.2.x86_64.rpm
 cf2f64221393aef59c831247eb43f5cb 
 mes5/x86_64/libxml2-utils-2.7.1-1.7mdvmes5.2.x86_64.rpm 
 ec3cfda9b1d0a101c764f91144b705b2 
 mes5/SRPMS/libxml-1.8.17-14.2mdvmes5.2.src.rpm
 f202196d22e25ee400bc9cc8dc4fbc7e 
 mes5/SRPMS/libxml2-2.7.1-1.7mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFOZHbtmqjQ0CJFipgRAqh2AKDqS5jbfqbrXff3BpiuK+J3SrnUGQCgprjv
wqYuPQPlDnvb61gW67APqQI=
=97Xc
-----END PGP SIGNATURE-----


------------=_1315219332-3088-180
Content-Type: text/plain; charset="UTF-8";
 name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1315219332-3088-180--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung