From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-2128-1
[email protected] http://www.debian.org/security/ Giuseppe Iuculano December 01, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : libxml2
Vulnerability : invalid memory access
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2010-4008
Bui Quang Minh discovered that libxml2, a library for parsing and
handling XML data files, does not well process a malformed XPATH,
causing crash and allowing arbitrary code execution.
For the stable distribution (lenny), this problem has been fixed in
version 2.6.32.dfsg-5+lenny2.
For the testing (squeeze) and unstable (sid) distribution, this problem
has been fixed in version 2.7.8.dfsg-1.
We recommend that you upgrade your libxml2 package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg.orig.tar.gz
Size/MD5 checksum: 3425843 bb11c95674e775b791dab2d15e630fa4
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2.dsc
Size/MD5 checksum: 1985 e1a498ed2e38225c5d10aaf834d9e0b9
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2.diff.gz
Size/MD5 checksum: 83947 7af1ff46c9cacd57e7f977b295b39084
Architecture independent packages:
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.32.dfsg-5+lenny2_all.deb
Size/MD5 checksum: 1307172 ceec72214783bdfc9d7643ea31a61d50
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_alpha.deb
Size/MD5 checksum: 920664 429d086d4861511c6d9130bd7a165698
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_alpha.deb
Size/MD5 checksum: 856680 fccba5f6884b74e873730e3140e0bad5
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_alpha.deb
Size/MD5 checksum: 920616 33f850cafef51a45ef04714c9900e737
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_alpha.deb
Size/MD5 checksum: 292784 2f2ad873f9f50a0400960264ba823aec
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_alpha.deb
Size/MD5 checksum: 38026 e3f0bf3fe0f804bcd39df854e420cee6
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_amd64.deb
Size/MD5 checksum: 988474 ea406c325fe1d3cf8e80eed39ff61f7e
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_amd64.deb
Size/MD5 checksum: 295940 2a1754d35048a827dfeac4ee25f238d5
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_amd64.deb
Size/MD5 checksum: 37328 0b6af9c052e005c439658215027eeead
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_amd64.deb
Size/MD5 checksum: 774114 0c714b77c96e4d840048edbce00d959f
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_amd64.deb
Size/MD5 checksum: 860726 cf7d9638a12709f527898f9c91ec389d
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_arm.deb
Size/MD5 checksum: 246210 484d790396e82318e4eb5e38903497d9
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_arm.deb
Size/MD5 checksum: 898986 5cbab6f3b7fa8df4a406d03eaa5762a2
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_arm.deb
Size/MD5 checksum: 685530 9b9ea967472806e4f4b0d713d7198706
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_arm.deb
Size/MD5 checksum: 782546 1dec5ad219c1f69439936f172323b4d3
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_arm.deb
Size/MD5 checksum: 35174 f15d1f05b68e8299b2084315feea6078
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_armel.deb
Size/MD5 checksum: 247756 4809a4f17729bfec952e25aeff5f612b
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_armel.deb
Size/MD5 checksum: 906754 ee3e37855a6699771d3612180632a1df
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_armel.deb
Size/MD5 checksum: 790732 0df793cc442fd5aff099c60852cfd031
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_armel.deb
Size/MD5 checksum: 34258 95bb668363b085e6fea0848444ff0a42
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_armel.deb
Size/MD5 checksum: 692210 acb1820adf968e8011d16b94cdc6d18c
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_hppa.deb
Size/MD5 checksum: 867348 656a379b6cd2f3bc167c4c580f4f9588
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)