Fedora Core 2 - libxml2
FEDORA-2004-353
Published: 2004-11-02 17:11:14
Updated: 2004-11-02 17:11:14

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-353
2004-10-28
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : libxml2
Version     : 2.6.15
Release     : 2
Summary     : Library providing XML and HTML support
Description :
This library allows to manipulate XML files. It includes support
to read, modify and write XML and HTML files. There is DTDs support
this includes parsing and validation even with complex DtDs, either
at parse time or later once the document has been modified. The output
can be a simple SAX stream or and in-memory DOM like representations.
In this case one can use the built-in XPath and XPointer implementation
to select subnodes or ranges. A flexible Input/Output mechanism is
available, with existing HTTP and FTP modules and combined to an
URI library.

---------------------------------------------------------------------
Update Information:

   Updated libxml2 packages fixes security vulnerabilities

libxml2 is a library for manipulating XML files.

Multiple buffer overflow bugs have been found libxml2 versions prior to
2.6.14.  If an attacker can trick a user into passing a specially crafted
FTP URL or FTP proxy URL to libxml2, it could be possible to execute
arbitrary code.  Additionally, if an attacker can return a specially
crafted DNS request to libxml, it is possible to execute arbitrary code.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0989 to this issue.

All users are advised to upgrade to these updated packages, which contain
fixes and are not vulnerable to this issue.

---------------------------------------------------------------------
* Wed Oct 27 2004 Daniel Veillard <veillard@redhat.com> 2.6.15-2

- upstream release 2.6.15 see http://xmlsoft.org/news.html
- incorporate a security fix for #137266 security problem
  http://www.securityfocus.com/archive/1/379383/2004-10-24/2004-10-30/0


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

18b21e3d001164d71a53d121c0fd806f  SRPMS/libxml2-2.6.15-2.src.rpm
1096a0ad82686ac816a9d5c2318cc3d0  x86_64/libxml2-2.6.15-2.x86_64.rpm
0243c634a62b2b7fb39f79fdd0c688b0  x86_64/libxml2-devel-2.6.15-2.x86_64.rpm
ff7dfc244ccd5c298ddf41e6d0efbc48  x86_64/libxml2-python-2.6.15-2.x86_64.rpm
97a6d139218ab8ab05d98bfdfdd5c45b  x86_64/debug/libxml2-debuginfo-2.6.15-2.x86_64.rpm
f1181cf6048cca3bcc44fec39a3706d0  i386/libxml2-2.6.15-2.i386.rpm
e45b080e51a9960089256fb48898689e  i386/libxml2-devel-2.6.15-2.i386.rpm
f9997ba6ed497fa060a521ad07b6b0ad  i386/libxml2-python-2.6.15-2.i386.rpm
d0480ee25c1cc4d7f30da0899f2668d7  i386/debug/libxml2-debuginfo-2.6.15-2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

--
Daniel Veillard      | Red Hat Desktop team http://redhat.com/
veillard@redhat.com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list



 

Privacy Statement
Copyright 2010, SecurityFocus