Ispravljen je sigurnosni propust otkriven u radu programskog paketa libxml2. Udaljeni su ga napadači mogli iskoristiti za izvođenje napada uskraćivanjem usluge (DoS).
Paket:
libxml 2.x
Operacijski sustavi:
Mandriva Linux 2010.1, Mandriva Linux 2011, Mandriva Linux Enterprise Server 5.0
Kritičnost:
8.7
Problem:
pogreška u programskoj funkciji
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-3102
Izvorni ID preporuke:
MDVSA-2012:098
Izvor:
Mandriva
Problem:
Propust je uzrokovan pogreškom u funkciji "xmlXPtrEvalXPtrPart()", a očituje se prilikom dekodiranja određenih XPointer vrijednosti.
Posljedica:
Napadačima omogućuje izvođenje DoS (eng. Denial of Service) napada.
Rješenje:
Korisnicima se preporuča korištenje ispravljenih inačica.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:098
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libxml2
Date : June 21, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in libxml2:
An Off-by-one error in libxml2 allows remote attackers to cause a
denial of service (out-of-bounds write) or possibly have unspecified
other impact via unknown vectors (CVE-2011-3102).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
c0461d223d25e8a2857c64953b2b4bbb
2010.1/i586/libxml2_2-2.7.7-1.8mdv2010.2.i586.rpm
7706b1ef1bf98997275d907f00115d40
2010.1/i586/libxml2-devel-2.7.7-1.8mdv2010.2.i586.rpm
ac3a4580937dfc0bea6a8b5a4440d3d7
2010.1/i586/libxml2-python-2.7.7-1.8mdv2010.2.i586.rpm
2543421fd9a764712956d9ec7cc29735
2010.1/i586/libxml2-utils-2.7.7-1.8mdv2010.2.i586.rpm
7b5cc8f7d4307694f994b4841298001a
2010.1/SRPMS/libxml2-2.7.7-1.8mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
be969eb2120f0ce934b4a3e439eeef9e
2010.1/x86_64/lib64xml2_2-2.7.7-1.8mdv2010.2.x86_64.rpm
b157a2a25300a94f43d9519f65b34fc5
2010.1/x86_64/lib64xml2-devel-2.7.7-1.8mdv2010.2.x86_64.rpm
c3e4d81eb93b56c97c3fc4a4de9898d1
2010.1/x86_64/libxml2-python-2.7.7-1.8mdv2010.2.x86_64.rpm
34ccac69c45a74aca6dc3b5ddbca3897
2010.1/x86_64/libxml2-utils-2.7.7-1.8mdv2010.2.x86_64.rpm
7b5cc8f7d4307694f994b4841298001a
2010.1/SRPMS/libxml2-2.7.7-1.8mdv2010.2.src.rpm
Mandriva Linux 2011:
fa3e1afaa06313e8e637e0e1bd8dc034
2011/i586/libxml2_2-2.7.8-6.6-mdv2011.0.i586.rpm
f9bf3505ce7dfdc2ea26bb5a3ead5a2b
2011/i586/libxml2-devel-2.7.8-6.6-mdv2011.0.i586.rpm
793a7f2e79156fd24256720972e00ae4
2011/i586/libxml2-python-2.7.8-6.6-mdv2011.0.i586.rpm
629e9ce8da67bd42d0b75c7a1d971598
2011/i586/libxml2-utils-2.7.8-6.6-mdv2011.0.i586.rpm
26a2ff0552ddc63b67578555c559933a 2011/SRPMS/libxml2-2.7.8-6.6.src.rpm
Mandriva Linux 2011/X86_64:
64f1f52da84a5bac34f4480f2243335d
2011/x86_64/lib64xml2_2-2.7.8-6.6-mdv2011.0.x86_64.rpm
f54abb23118e2a84b7294a94a9de9fec
2011/x86_64/lib64xml2-devel-2.7.8-6.6-mdv2011.0.x86_64.rpm
35f8648d5135a7ad82290658449e4419
2011/x86_64/libxml2-python-2.7.8-6.6-mdv2011.0.x86_64.rpm
f1b999261ab2ddbc75e39edf574682e0
2011/x86_64/libxml2-utils-2.7.8-6.6-mdv2011.0.x86_64.rpm
26a2ff0552ddc63b67578555c559933a 2011/SRPMS/libxml2-2.7.8-6.6.src.rpm
Mandriva Enterprise Server 5:
e8f78cba230875f00cc66e38a5d073ab
mes5/i586/libxml2_2-2.7.1-1.12mdvmes5.2.i586.rpm
8a05a37e788390d5bdf7c7d06bdb3d45
mes5/i586/libxml2-devel-2.7.1-1.12mdvmes5.2.i586.rpm
85aa790648a830200b25cd7d3c560f9b
mes5/i586/libxml2-python-2.7.1-1.12mdvmes5.2.i586.rpm
dd17b0e4dfad86cf598c8296053f70e1
mes5/i586/libxml2-utils-2.7.1-1.12mdvmes5.2.i586.rpm
5095525663e34a9c6e7b8bdae763be58
mes5/SRPMS/libxml2-2.7.1-1.12mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
7dc33151c191a90e7b5a7b26ee3e6335
mes5/x86_64/lib64xml2_2-2.7.1-1.12mdvmes5.2.x86_64.rpm
efd29140bba4ca35237798f6f14b3ac1
mes5/x86_64/lib64xml2-devel-2.7.1-1.12mdvmes5.2.x86_64.rpm
8d081103c58c000c3f7803911ce122a0
mes5/x86_64/libxml2-python-2.7.1-1.12mdvmes5.2.x86_64.rpm
6efed51b1b6a05f7fa2f864d17b12bc5
mes5/x86_64/libxml2-utils-2.7.1-1.12mdvmes5.2.x86_64.rpm
5095525663e34a9c6e7b8bdae763be58
mes5/SRPMS/libxml2-2.7.1-1.12mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFP4tCUmqjQ0CJFipgRAo9rAKC4sIZw21Mn38SOsU0jPtmiXCSm4QCeJFz8
+WSFZ3W+HdBn8JaKKGRLGAc=
=dP6J
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke