what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2012-176

Mandriva Linux Security Advisory 2012-176
Posted Dec 3, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-176 - A heap-buffer overflow was found in the way libxml2 decoded certain XML entities. A remote attacker could provide a specially-crafted XML file, which once opened in an application linked against libxml would cause that application to crash, or, potentially, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-5134
SHA-256 | 56848c6837d5dd168d8703f830f93c6aac1b8727f6e78d33bec04ca7064d1519

Mandriva Linux Security Advisory 2012-176

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:176
http://www.mandriva.com/security/
_______________________________________________________________________

Package : libxml2
Date : December 2, 2012
Affected: 2011., Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability was found and corrected in libxml2:

A heap-buffer overflow was found in the way libxml2 decoded certain
XML entitites. A remote attacker could provide a specially-crafted
XML file, which once opened in an application linked against libxml
would cause that application to crash, or, potentially, execute
arbitrary code with the privileges of the user running the application
(CVE-2012-5134).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2011:
b77de360ca61239e7b28f0ecc046a8df 2011/i586/libxml2_2-2.7.8-6.8-mdv2011.0.i586.rpm
e7242a7bb8c253caed9a1e31dc13a91f 2011/i586/libxml2-devel-2.7.8-6.8-mdv2011.0.i586.rpm
9cd0fd59447fac1f0e3a8fdf953a3d38 2011/i586/libxml2-python-2.7.8-6.8-mdv2011.0.i586.rpm
9004f9264ec86f2f8ec402e7782fe079 2011/i586/libxml2-utils-2.7.8-6.8-mdv2011.0.i586.rpm
e164bcea2d67fc4f565b78b40d6ffdd7 2011/SRPMS/libxml2-2.7.8-6.8.src.rpm

Mandriva Linux 2011/X86_64:
3f04ec8d2e1a85598b17237f8a2ac9b8 2011/x86_64/lib64xml2_2-2.7.8-6.8-mdv2011.0.x86_64.rpm
0fa0d04eef390f3f99310294c5464c66 2011/x86_64/lib64xml2-devel-2.7.8-6.8-mdv2011.0.x86_64.rpm
624573d764b618c19cb24071e1b9b3d1 2011/x86_64/libxml2-python-2.7.8-6.8-mdv2011.0.x86_64.rpm
d654460ab7a2556d14aeb7df74fd0eee 2011/x86_64/libxml2-utils-2.7.8-6.8-mdv2011.0.x86_64.rpm
e164bcea2d67fc4f565b78b40d6ffdd7 2011/SRPMS/libxml2-2.7.8-6.8.src.rpm

Mandriva Enterprise Server 5:
cf6c7e82a296e5e05aea67a4c163326d mes5/i586/libxml2_2-2.7.1-1.14mdvmes5.2.i586.rpm
9faf040efb0aa5ca173b25c52ff92a93 mes5/i586/libxml2-devel-2.7.1-1.14mdvmes5.2.i586.rpm
06cd79c7ab5a8217b3dbe8b50a542ab6 mes5/i586/libxml2-python-2.7.1-1.14mdvmes5.2.i586.rpm
7304980efce76b79cf9d81e8d03b6271 mes5/i586/libxml2-utils-2.7.1-1.14mdvmes5.2.i586.rpm
6917e3c972fa5e115766c7c8395a47e6 mes5/SRPMS/libxml2-2.7.1-1.14mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
63463113fd1d520b864e96429ab2c79a mes5/x86_64/lib64xml2_2-2.7.1-1.14mdvmes5.2.x86_64.rpm
7990c8354872ac1559040a64436fca79 mes5/x86_64/lib64xml2-devel-2.7.1-1.14mdvmes5.2.x86_64.rpm
46f79f00ea4d2d1fbf130ef30c6bb93b mes5/x86_64/libxml2-python-2.7.1-1.14mdvmes5.2.x86_64.rpm
6b8aa5a433ed9ecad1b5a2bc8972b93f mes5/x86_64/libxml2-utils-2.7.1-1.14mdvmes5.2.x86_64.rpm
6917e3c972fa5e115766c7c8395a47e6 mes5/SRPMS/libxml2-2.7.1-1.14mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQu6B/mqjQ0CJFipgRAgN/AJ0VQWb9bOhKFa4Y4yElsZvjvLxVjQCcD9X5
E1vY658q8IAQyMqNmQuYciA=
=E8kB
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close