From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------- Debian Security Advisory DSA-1859-1
[email protected] http://www.debian.org/security/ Nico Golde August 10th, 2009
http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : libxml2
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE IDs : CVE-2009-2416 CVE-2009-2414
Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml2, a library for parsing and handling XML data
files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. The Common Vulnerabilities and Exposures project identifies the following problems:
An XML document with specially-crafted Notation or Enumeration attribute
types in a DTD definition leads to the use of a pointers to memory areas
which have already been freed (CVE-2009-2416).
Missing checks for the depth of ELEMENT DTD definitions when parsing
child content can lead to extensive stack-growth due to a function
recursion which can be triggered via a crafted XML document (CVE-2009-2414).
For the oldstable distribution (etch), this problem has been fixed in
version 2.6.27.dfsg-6+etch1.
For the stable distribution (lenny), this problem has been fixed in
version 2.6.32.dfsg-5+lenny1.
For the testing (squeeze) and unstable (sid) distribution, this problem
will be fixed soon.
We recommend that you upgrade your libxml2 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz
Size/MD5 checksum: 3416175 5ff71b22f6253a6dd9afc1c34778dec3
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1.dsc
Size/MD5 checksum: 913 09efeb00dc3ad837c65ed86a2270261b
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1.diff.gz
Size/MD5 checksum: 147012 e5df821d4cc929b2ef8c7100059715d5
Architecture independent packages:
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-6+etch1_all.deb
Size/MD5 checksum: 1322916 726ca29b7ee850c407ac321f2ea112c7
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_alpha.deb
Size/MD5 checksum: 917136 f4cfcb4f316490b18974cecd8868aced
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_alpha.deb
Size/MD5 checksum: 184768 e475a83dc482cf3763af2f06cd00e7e1
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_alpha.deb
Size/MD5 checksum: 882132 5573e7841564516216b7ac6bb2d8cf63
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_alpha.deb
Size/MD5 checksum: 37990 5ab687646663b3719626727176029ba8
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_alpha.deb
Size/MD5 checksum: 821362 fd53ce835d76a42bd2adcffad97fe4a6
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_amd64.deb
Size/MD5 checksum: 36920 dceee52173b5c868003e83884eed8b7e
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_amd64.deb
Size/MD5 checksum: 891488 9871349948186c2c2abb61a74628877e
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_amd64.deb
Size/MD5 checksum: 797442 07005f45dcc655a7aac198b8ef177565
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_amd64.deb
Size/MD5 checksum: 746350 5af6719d16da6860f581346997577139
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_amd64.deb
Size/MD5 checksum: 184048 77365844e9195b07ac51b98d9ffde0b8
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_arm.deb
Size/MD5 checksum: 34680 86beed99d8058d792400e5d5bed13574
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_arm.deb
Size/MD5 checksum: 817634 41a02c48c5e88107975a39b0f02e053d
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_arm.deb
Size/MD5 checksum: 673336 95d92fe53aa97cf9f335c791977f57f7
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_arm.deb
Size/MD5 checksum: 165294 d3ca946df34d74b52398f13984f3ddfb
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_arm.deb
Size/MD5 checksum: 742362 fa86898a7ef0fb0cbd6d82fcafc3d886
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_hppa.deb
Size/MD5 checksum: 37436 735cfc6512d435e2b08adf4b3699a0be
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_hppa.deb
Size/MD5 checksum: 864542 cf7d6d7b8851af4bb42731d36421d0dd
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_hppa.deb
Size/MD5 checksum: 850264 1b911c0030934b91a71774e1fa998739
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_hppa.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)