You are here

T-639: Debian update for libxml2

June 7, 2011 - 3:35pm

Addthis

PROBLEM:

libxml2 is vulnerable to buffer overflows, which allowed a crafted XML input file to potentially execute arbitrary code.

PLATFORM:

Package: libxml2 version 2.7.8. Other versions may also be affected

ABSTRACT:

Libxml2 XPath Nodeset Processing Vulnerability

reference LINKS:

Secunia Advisory: SA44817
Secunia Advisory: SA44711
DSA 2255-1
Vulnerability Report: Debian GNU/Linux 6.0
Download Package libxml2
Other Packages Related to libxml2

IMPACT ASSESSMENT:

High

Discussion:

Debian has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

For the oldstable distribution (lenny), this problem has been fixed in version 2.6.32.dfsg-5+lenny4.
For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 2.7.8.dfsg-3.

Impact:

The vulnerability is caused due to an error when reallocating memory in xpath.c during the processing of a XPath nodeset. This can be exploited to cause a heap-based buffer overflow via a specially crafted XPath expression.Successful exploitation may allow execution of arbitrary code.

Solution:

Libxml2 Toolkit
Download Debian

Addthis