Mandriva Linux Security Advisory - A heap-based buffer overflow was found in how libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or possibly execute arbitrary code. The updated packages have been patched to prevent this issue. As well, the patch to fix CVE-2008-3281 has been updated to remove the hard-coded entity limit that was set to 5M, instead using XML entity density heuristics. Many thanks to Daniel Veillard of Red Hat for his hard work in tracking down and dealing with the edge cases discovered with the initial fix to this issue.
1e3f41aed1bbde242e20d768dd1cd631a00b1b0292f0e84a50929112613e0636
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:192
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libxml2
Date : September 11, 2008
Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A heap-based buffer overflow was found in how libxml2 handled long
XML entity names. If an application linked against libxml2 processed
untrusted malformed XML content, it could cause the application to
crash or possibly execute arbitrary code (CVE-2008-3529).
The updated packages have been patched to prevent this issue.
As well, the patch to fix CVE-2008-3281 has been updated to remove
the hard-coded entity limit that was set to 5M, instead using XML
entity density heuristics. Many thanks to Daniel Veillard of Red Hat
for his hard work in tracking down and dealing with the edge cases
discovered with the initial fix to this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
9250adec77a5118119d5000f2305540f 2007.1/i586/libxml2-2.6.27-3.4mdv2007.1.i586.rpm
103dba08606f0038f3a9f4107ceba442 2007.1/i586/libxml2-devel-2.6.27-3.4mdv2007.1.i586.rpm
a388bf596ef6725fb5baadb4e056a0bd 2007.1/i586/libxml2-python-2.6.27-3.4mdv2007.1.i586.rpm
d2333e42a538101e36eab7d12467e08b 2007.1/i586/libxml2-utils-2.6.27-3.4mdv2007.1.i586.rpm
94a25c63f54693b7ac289223a6a3a687 2007.1/SRPMS/libxml2-2.6.27-3.4mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
343f8656039b69716fe712eeb2d1bf4e 2007.1/x86_64/lib64xml2-2.6.27-3.4mdv2007.1.x86_64.rpm
320d8dd8245f5ec6db46bedaf07afb3e 2007.1/x86_64/lib64xml2-devel-2.6.27-3.4mdv2007.1.x86_64.rpm
fb6f52df6831cda42db46502cc761475 2007.1/x86_64/lib64xml2-python-2.6.27-3.4mdv2007.1.x86_64.rpm
8440fc08fee99f18a81a32035fac166a 2007.1/x86_64/libxml2-utils-2.6.27-3.4mdv2007.1.x86_64.rpm
94a25c63f54693b7ac289223a6a3a687 2007.1/SRPMS/libxml2-2.6.27-3.4mdv2007.1.src.rpm
Mandriva Linux 2008.0:
c53b40d9c7ebec036f9175c8f4e87b3b 2008.0/i586/libxml2_2-2.6.30-1.4mdv2008.0.i586.rpm
4a4ed97086b52cab3bbd34fe4d7003a0 2008.0/i586/libxml2-devel-2.6.30-1.4mdv2008.0.i586.rpm
d3898465dc2797a2b20be8310dd4f484 2008.0/i586/libxml2-python-2.6.30-1.4mdv2008.0.i586.rpm
34c524fa03b470093bd0b0c679bcb9c4 2008.0/i586/libxml2-utils-2.6.30-1.4mdv2008.0.i586.rpm
2dc2f4732992e27aea4c5a098c631ae8 2008.0/SRPMS/libxml2-2.6.30-1.4mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
20ac98b346a1f18b90504cb623c530d8 2008.0/x86_64/lib64xml2_2-2.6.30-1.4mdv2008.0.x86_64.rpm
fd5907e801bf4f64ee79d097fcaec2b6 2008.0/x86_64/lib64xml2-devel-2.6.30-1.4mdv2008.0.x86_64.rpm
20f45401e501b9639a9b53d82a4e031f 2008.0/x86_64/libxml2-python-2.6.30-1.4mdv2008.0.x86_64.rpm
22be20e194ba2177a47d831ee8c82f47 2008.0/x86_64/libxml2-utils-2.6.30-1.4mdv2008.0.x86_64.rpm
2dc2f4732992e27aea4c5a098c631ae8 2008.0/SRPMS/libxml2-2.6.30-1.4mdv2008.0.src.rpm
Mandriva Linux 2008.1:
61e96824adc6e61b2764bb3a85e2e76d 2008.1/i586/libxml2_2-2.6.31-1.3mdv2008.1.i586.rpm
6d0cc51d32c7b6ecd609250aad302034 2008.1/i586/libxml2-devel-2.6.31-1.3mdv2008.1.i586.rpm
1e7c4ddd30677789de05cc464dde9790 2008.1/i586/libxml2-python-2.6.31-1.3mdv2008.1.i586.rpm
edd477e34b08f94956eeedd387b5e509 2008.1/i586/libxml2-utils-2.6.31-1.3mdv2008.1.i586.rpm
b1078a83185c1c97fada7ea5e97df753 2008.1/SRPMS/libxml2-2.6.31-1.3mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
9d25e809ad31decb111a38301b2a74c1 2008.1/x86_64/lib64xml2_2-2.6.31-1.3mdv2008.1.x86_64.rpm
f35af82dffc02628edb1ce03113c3ba0 2008.1/x86_64/lib64xml2-devel-2.6.31-1.3mdv2008.1.x86_64.rpm
5819b393de9ff05be4d670c8e5d36080 2008.1/x86_64/libxml2-python-2.6.31-1.3mdv2008.1.x86_64.rpm
fb670bfb1a1673f99f3c3fc3a72b7777 2008.1/x86_64/libxml2-utils-2.6.31-1.3mdv2008.1.x86_64.rpm
b1078a83185c1c97fada7ea5e97df753 2008.1/SRPMS/libxml2-2.6.31-1.3mdv2008.1.src.rpm
Corporate 3.0:
82e733037c09b4b7770f5325c7ed1325 corporate/3.0/i586/libxml2-2.6.6-1.5.C30mdk.i586.rpm
d66da7916f188883fd164cb250431bba corporate/3.0/i586/libxml2-devel-2.6.6-1.5.C30mdk.i586.rpm
5df28181424b19132bbff6afa872475a corporate/3.0/i586/libxml2-python-2.6.6-1.5.C30mdk.i586.rpm
f7a86c3be6e4926fa101386a9cbbcbdd corporate/3.0/i586/libxml2-utils-2.6.6-1.5.C30mdk.i586.rpm
c64826e1b31ed0c5d4514780ecd52e2e corporate/3.0/SRPMS/libxml2-2.6.6-1.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
76e631bd88c68085dc2c5702235c2a99 corporate/3.0/x86_64/lib64xml2-2.6.6-1.5.C30mdk.x86_64.rpm
827f9f5bc3a1b869353e3c09879ea432 corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.5.C30mdk.x86_64.rpm
caafa3371f80f084e8a945b3114b4533 corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.5.C30mdk.x86_64.rpm
e37a70f9cd13a7e00982387a9ba97726 corporate/3.0/x86_64/libxml2-utils-2.6.6-1.5.C30mdk.x86_64.rpm
c64826e1b31ed0c5d4514780ecd52e2e corporate/3.0/SRPMS/libxml2-2.6.6-1.5.C30mdk.src.rpm
Corporate 4.0:
74eea161b5519eef6c16b2407126a847 corporate/4.0/i586/libxml2-2.6.21-3.4.20060mlcs4.i586.rpm
5d8d1e0e487022687c1c61fbaf91707e corporate/4.0/i586/libxml2-devel-2.6.21-3.4.20060mlcs4.i586.rpm
d5aa677468c9e8baae074a12f6c63c00 corporate/4.0/i586/libxml2-python-2.6.21-3.4.20060mlcs4.i586.rpm
d51b4b902bb911be69f6a17aeb07d8cf corporate/4.0/i586/libxml2-utils-2.6.21-3.4.20060mlcs4.i586.rpm
ce28651304236296e59d6d3be5525889 corporate/4.0/SRPMS/libxml2-2.6.21-3.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
812f2ae0ffa7a72546b07bd7de174453 corporate/4.0/x86_64/lib64xml2-2.6.21-3.4.20060mlcs4.x86_64.rpm
23ae06098f957e46affa75220cac50af corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.4.20060mlcs4.x86_64.rpm
93cb252dadfadd4249062f903e604f82 corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.4.20060mlcs4.x86_64.rpm
aeff512a1b349108017e93633fabcf08 corporate/4.0/x86_64/libxml2-utils-2.6.21-3.4.20060mlcs4.x86_64.rpm
ce28651304236296e59d6d3be5525889 corporate/4.0/SRPMS/libxml2-2.6.21-3.4.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIyaCLmqjQ0CJFipgRApioAJ9P7O5hzNQ4UuYvEIhTVLyyn9Tv9wCg4DSp
mZuI5mJOfDomJXN1l5E7NSw=
=tPwM
-----END PGP SIGNATURE-----