Dva propusta paketa libxml2

U radu programskog paketa libxml2 uočena su dva nova sigurnosna propusta. Udaljeni napadač ih može iskoristiti za DoS (eng. Denial of Service) napad.

Paket:	libxml 2.x
Operacijski sustavi:	Mandriva Linux 2009.0, Mandriva Linux 2010.1, Mandriva Linux 2011, Mandriva Linux Enterprise Server 5.0
Kritičnost:	7.5
Problem:	neodgovarajuće rukovanje memorijom
Iskorištavanje:	udaljeno
Posljedica:	uskraćivanje usluga (DoS)
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-2821, CVE-2011-2834
Izvorni ID preporuke:	MDVSA-2011:145
Izvor:	Mandriva

Problem:
Sigurnosne ranjivosti se javljaju zbog nepravilnog rukovanja memorijom.
Posljedica:
Udaljeni napadač navedene ranjivosti može iskoristiti za napad uskraćivanjem usluga (DoS).
Rješenje:
Svim se korisnicima navedenog programskog paketa, u svrhu zaštite sigurnosti, savjetuje nadogradnja paketa na novije inačice.

Izvorni tekst preporuke

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:145
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libxml2
 Date    : October 9, 2011
 Affected: 2009.0, 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Double free vulnerabilities in libxml2 allows remote attackers to cause
 a denial of service or possibly have unspecified other impact via a
 crafted XPath expression and via vectors related to XPath handling
 (CVE-2011-2821, CVE-2011-2834).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2821
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2834
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 209b07b6de051ff5aec516f90d0422f4 
2009.0/i586/libxml2_2-2.7.1-1.8mdv2009.0.i586.rpm
 79a2f6e4f012fdd417f379e0b0036d54 
2009.0/i586/libxml2-devel-2.7.1-1.8mdv2009.0.i586.rpm
 cb0134183154b0014b08aad4b37ea73a 
2009.0/i586/libxml2-python-2.7.1-1.8mdv2009.0.i586.rpm
 118448ed71392dd8c2684277b49e4b74 
2009.0/i586/libxml2-utils-2.7.1-1.8mdv2009.0.i586.rpm 
 b684a79602cb5e1bbf368642d85f68fa 
2009.0/SRPMS/libxml2-2.7.1-1.8mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 998b5bb8b7d018f03136b646e1b06fdb 
2009.0/x86_64/lib64xml2_2-2.7.1-1.8mdv2009.0.x86_64.rpm
 b1df1cc7c73c6e8d5b3bc0d39f43fa8d 
2009.0/x86_64/lib64xml2-devel-2.7.1-1.8mdv2009.0.x86_64.rpm
 b2e99d7897c1bd6263017f02e98623ae 
2009.0/x86_64/libxml2-python-2.7.1-1.8mdv2009.0.x86_64.rpm
 b7dcd0efbe0280e34fe007e278932a77 
2009.0/x86_64/libxml2-utils-2.7.1-1.8mdv2009.0.x86_64.rpm 
 b684a79602cb5e1bbf368642d85f68fa 
2009.0/SRPMS/libxml2-2.7.1-1.8mdv2009.0.src.rpm

 Mandriva Linux 2010.1:
 b390da9668b76bcf7ffcc8a7bbb53cb5 
2010.1/i586/libxml2_2-2.7.7-1.4mdv2010.2.i586.rpm
 be6fd2244124176aabf9f89b051f7542 
2010.1/i586/libxml2-devel-2.7.7-1.4mdv2010.2.i586.rpm
 dceee4844d365d68c4fe84c69bdd45cc 
2010.1/i586/libxml2-python-2.7.7-1.4mdv2010.2.i586.rpm
 0e45e718e4ef244cb3da314d7d5fe170 
2010.1/i586/libxml2-utils-2.7.7-1.4mdv2010.2.i586.rpm 
 a1f749d4ef5dc23d760d2d8dc79b7e80 
2010.1/SRPMS/libxml2-2.7.7-1.4mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 8e9c6a2893459d61c8987a4791838c7f 
2010.1/x86_64/lib64xml2_2-2.7.7-1.4mdv2010.2.x86_64.rpm
 5a65bad0467ce6c6bccadedbd6ba7300 
2010.1/x86_64/lib64xml2-devel-2.7.7-1.4mdv2010.2.x86_64.rpm
 4b4add103bd98bfb13d92a83bd69d232 
2010.1/x86_64/libxml2-python-2.7.7-1.4mdv2010.2.x86_64.rpm
 67c5b1c6e287b153c521c125d7f4c40a 
2010.1/x86_64/libxml2-utils-2.7.7-1.4mdv2010.2.x86_64.rpm 
 a1f749d4ef5dc23d760d2d8dc79b7e80 
2010.1/SRPMS/libxml2-2.7.7-1.4mdv2010.2.src.rpm

 Mandriva Linux 2011:
 a06dd522b3cac6eb67be595b34edab80 
2011/i586/libxml2_2-2.7.8-6.2-mdv2011.0.i586.rpm
 d5356190d0ca32bb10d7df3bf4b53626 
2011/i586/libxml2-devel-2.7.8-6.2-mdv2011.0.i586.rpm
 c536fdef7c40640e2c22442ca17c2685 
2011/i586/libxml2-python-2.7.8-6.2-mdv2011.0.i586.rpm
 d414c5f632c4fb9ccf8452269548c5d4 
2011/i586/libxml2-utils-2.7.8-6.2-mdv2011.0.i586.rpm 
 cae1d275c88bbb8f2d4ea3bc62c15066  2011/SRPMS/libxml2-2.7.8-6.2.src.rpm

 Mandriva Linux 2011/X86_64:
 2335fd4f854387849e11cbb3a373f619 
2011/x86_64/lib64xml2_2-2.7.8-6.2-mdv2011.0.x86_64.rpm
 64e6582b9f726f4eaa9a5d79f3277081 
2011/x86_64/lib64xml2-devel-2.7.8-6.2-mdv2011.0.x86_64.rpm
 9d35412e2549537879ea108350d7a252 
2011/x86_64/libxml2-python-2.7.8-6.2-mdv2011.0.x86_64.rpm
 8adc79ebc7ce22b78677467a64fd9074 
2011/x86_64/libxml2-utils-2.7.8-6.2-mdv2011.0.x86_64.rpm 
 cae1d275c88bbb8f2d4ea3bc62c15066  2011/SRPMS/libxml2-2.7.8-6.2.src.rpm

 Mandriva Enterprise Server 5:
 dd45c34e2b9c3427a3e3322122918855 
mes5/i586/libxml2_2-2.7.1-1.8mdvmes5.2.i586.rpm
 e1ec6cbbf6db0ac41b80591c5697b72d 
mes5/i586/libxml2-devel-2.7.1-1.8mdvmes5.2.i586.rpm
 44c69acf5ea338eeb1c2a885cd6d990b 
mes5/i586/libxml2-python-2.7.1-1.8mdvmes5.2.i586.rpm
 50f4aab7fe60e69a38f5da6b3989c636 
mes5/i586/libxml2-utils-2.7.1-1.8mdvmes5.2.i586.rpm 
 bbcb0ee0595285d0195be0b433b01f51 
mes5/SRPMS/libxml2-2.7.1-1.8mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 2f5601898b050b63c6bcc67859b371cc 
mes5/x86_64/lib64xml2_2-2.7.1-1.8mdvmes5.2.x86_64.rpm
 88c3f00377c5bec85a213459cb88f0cd 
mes5/x86_64/lib64xml2-devel-2.7.1-1.8mdvmes5.2.x86_64.rpm
 8ccdad600cdae46d594f5ca37b1bcd57 
mes5/x86_64/libxml2-python-2.7.1-1.8mdvmes5.2.x86_64.rpm
 8ccf73d9975c8d88844af0230095e6eb 
mes5/x86_64/libxml2-utils-2.7.1-1.8mdvmes5.2.x86_64.rpm 
 bbcb0ee0595285d0195be0b433b01f51 
mes5/SRPMS/libxml2-2.7.1-1.8mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOkc1HmqjQ0CJFipgRAjvzAJ4722/SxBvXd4qHdzYjvXjyOggU9ACg7Klc
ZReJPcU+Y7vdYaWPNy9r0/w=
=DRnl
-----END PGP SIGNATURE-----

Dva propusta paketa libxml2

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Dva propusta paketa libxml2

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti