Skip to navigation

Security Advisory libxml2 security update

Advisory: RHSA-2004:615-11
Type: Security Advisory
Severity: Moderate
Issued on: 2004-11-12
Last updated on: 2004-11-12
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2004-0989

Details

An updated libxml2 package that fixes multiple buffer overflows is now
available.

libxml2 is a library for manipulating XML files.

Multiple buffer overflow bugs have been found in libxml2 versions prior to
2.6.14. If an attacker can trick a user into passing a specially crafted
FTP URL or FTP proxy URL to an application that uses the vulnerable
functions of libxml2, it could be possible to execute arbitrary code.
Additionally, if an attacker can return a specially crafted DNS request to
libxml2, it could be possible to execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0989 to this issue.

All users are advised to upgrade to this updated package, which contains
backported patches and is not vulnerable to these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

IA-32:
libxml2-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: a4728e78eb8f4ef0de08ed56603190d9
libxml2-devel-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: b8dc36e2705dcd52c43cab58f47ce80c
libxml2-python-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: 940def8cd5897ada260211f8feec5782
 
x86_64:
libxml2-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: a4728e78eb8f4ef0de08ed56603190d9
libxml2-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 7e31b4b6e35f49f829e41e6af1ad582e
libxml2-devel-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 55d7a38b9ac300d0569838f527c07b5b
libxml2-python-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 9777f3c6ef99ac74b3a541440d6c9ee5
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
libxml2-2.4.19-6.ent.src.rpm
File outdated by:  RHSA-2008:0988
    MD5: 70a6392620837d0f90f134409a14a600
 
IA-32:
libxml2-2.4.19-6.ent.i386.rpm
File outdated by:  RHSA-2008:0988
    MD5: 41b2bc4d0ea5158e8428367cfdd3173a
libxml2-devel-2.4.19-6.ent.i386.rpm
File outdated by:  RHSA-2008:0988
    MD5: a6e5a78367c0fd6cee03d70300f47869
libxml2-python-2.4.19-6.ent.i386.rpm
File outdated by:  RHSA-2008:0988
    MD5: 6ccec5236ec52d2af4b9b320eeb67795
 
IA-64:
libxml2-2.4.19-6.ent.ia64.rpm
File outdated by:  RHSA-2008:0988
    MD5: a431799a54a9007b590bf6c79c298c8a
libxml2-devel-2.4.19-6.ent.ia64.rpm
File outdated by:  RHSA-2008:0988
    MD5: 839a442adbceaab846e8c05bcd7b819d
libxml2-python-2.4.19-6.ent.ia64.rpm
File outdated by:  RHSA-2008:0988
    MD5: 906b8ed8888f217056758a875275e7ef
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
libxml2-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: a4728e78eb8f4ef0de08ed56603190d9
libxml2-devel-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: b8dc36e2705dcd52c43cab58f47ce80c
libxml2-python-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: 940def8cd5897ada260211f8feec5782
 
IA-64:
libxml2-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: a4728e78eb8f4ef0de08ed56603190d9
libxml2-2.5.10-7.ia64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 90fe90652b6b9b7136d1d9a46f10bcb4
libxml2-devel-2.5.10-7.ia64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 99338cce66957593a07ab826b17c9786
libxml2-python-2.5.10-7.ia64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 3af2d80b7cc1924e087ae4e33a95008b
 
PPC:
libxml2-2.5.10-7.ppc.rpm
File outdated by:  RHSA-2009:1206
    MD5: fea5ce4cf6bf3808f199e147b2d17c00
libxml2-devel-2.5.10-7.ppc.rpm
File outdated by:  RHSA-2009:1206
    MD5: bdb2639136c3d1c3faff6bff7116c2e5
libxml2-python-2.5.10-7.ppc.rpm
File outdated by:  RHSA-2009:1206
    MD5: 852fca338e84047f0e34f27cbf9f6e5d
 
s390:
libxml2-2.5.10-7.s390.rpm
File outdated by:  RHSA-2009:1206
    MD5: a0f13283433d0c0f388a8166f6aa7ce6
libxml2-devel-2.5.10-7.s390.rpm
File outdated by:  RHSA-2009:1206
    MD5: 60632559a055597438d999d15ce74e33
libxml2-python-2.5.10-7.s390.rpm
File outdated by:  RHSA-2009:1206
    MD5: a3564845c635dd62a36e67d3deebeec7
 
s390x:
libxml2-2.5.10-7.s390.rpm
File outdated by:  RHSA-2009:1206
    MD5: a0f13283433d0c0f388a8166f6aa7ce6
libxml2-2.5.10-7.s390x.rpm
File outdated by:  RHSA-2009:1206
    MD5: 61750334b52f18046f31ba9e2138364d
libxml2-devel-2.5.10-7.s390x.rpm
File outdated by:  RHSA-2009:1206
    MD5: 357695ac14f87be1c6334184e847df53
libxml2-python-2.5.10-7.s390x.rpm
File outdated by:  RHSA-2009:1206
    MD5: cabdafa60379423292d926999ab5ba3f
 
x86_64:
libxml2-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: a4728e78eb8f4ef0de08ed56603190d9
libxml2-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 7e31b4b6e35f49f829e41e6af1ad582e
libxml2-devel-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 55d7a38b9ac300d0569838f527c07b5b
libxml2-python-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 9777f3c6ef99ac74b3a541440d6c9ee5
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
libxml2-2.4.19-6.ent.src.rpm
File outdated by:  RHSA-2008:0988
    MD5: 70a6392620837d0f90f134409a14a600
 
IA-32:
libxml2-2.4.19-6.ent.i386.rpm
File outdated by:  RHSA-2008:0988
    MD5: 41b2bc4d0ea5158e8428367cfdd3173a
libxml2-devel-2.4.19-6.ent.i386.rpm
File outdated by:  RHSA-2008:0988
    MD5: a6e5a78367c0fd6cee03d70300f47869
libxml2-python-2.4.19-6.ent.i386.rpm
File outdated by:  RHSA-2008:0988
    MD5: 6ccec5236ec52d2af4b9b320eeb67795
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
libxml2-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: a4728e78eb8f4ef0de08ed56603190d9
libxml2-devel-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: b8dc36e2705dcd52c43cab58f47ce80c
libxml2-python-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: 940def8cd5897ada260211f8feec5782
 
IA-64:
libxml2-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: a4728e78eb8f4ef0de08ed56603190d9
libxml2-2.5.10-7.ia64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 90fe90652b6b9b7136d1d9a46f10bcb4
libxml2-devel-2.5.10-7.ia64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 99338cce66957593a07ab826b17c9786
libxml2-python-2.5.10-7.ia64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 3af2d80b7cc1924e087ae4e33a95008b
 
x86_64:
libxml2-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: a4728e78eb8f4ef0de08ed56603190d9
libxml2-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 7e31b4b6e35f49f829e41e6af1ad582e
libxml2-devel-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 55d7a38b9ac300d0569838f527c07b5b
libxml2-python-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 9777f3c6ef99ac74b3a541440d6c9ee5
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
libxml2-2.4.19-6.ent.src.rpm
File outdated by:  RHSA-2008:0988
    MD5: 70a6392620837d0f90f134409a14a600
 
IA-32:
libxml2-2.4.19-6.ent.i386.rpm
File outdated by:  RHSA-2008:0988
    MD5: 41b2bc4d0ea5158e8428367cfdd3173a
libxml2-devel-2.4.19-6.ent.i386.rpm
File outdated by:  RHSA-2008:0988
    MD5: a6e5a78367c0fd6cee03d70300f47869
libxml2-python-2.4.19-6.ent.i386.rpm
File outdated by:  RHSA-2008:0988
    MD5: 6ccec5236ec52d2af4b9b320eeb67795
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
libxml2-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: a4728e78eb8f4ef0de08ed56603190d9
libxml2-devel-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: b8dc36e2705dcd52c43cab58f47ce80c
libxml2-python-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: 940def8cd5897ada260211f8feec5782
 
IA-64:
libxml2-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: a4728e78eb8f4ef0de08ed56603190d9
libxml2-2.5.10-7.ia64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 90fe90652b6b9b7136d1d9a46f10bcb4
libxml2-devel-2.5.10-7.ia64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 99338cce66957593a07ab826b17c9786
libxml2-python-2.5.10-7.ia64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 3af2d80b7cc1924e087ae4e33a95008b
 
x86_64:
libxml2-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206
    MD5: a4728e78eb8f4ef0de08ed56603190d9
libxml2-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 7e31b4b6e35f49f829e41e6af1ad582e
libxml2-devel-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 55d7a38b9ac300d0569838f527c07b5b
libxml2-python-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206
    MD5: 9777f3c6ef99ac74b3a541440d6c9ee5
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
libxml2-2.4.19-6.ent.src.rpm
File outdated by:  RHSA-2008:0988
    MD5: 70a6392620837d0f90f134409a14a600
 
IA-64:
libxml2-2.4.19-6.ent.ia64.rpm
File outdated by:  RHSA-2008:0988
    MD5: a431799a54a9007b590bf6c79c298c8a
libxml2-devel-2.4.19-6.ent.ia64.rpm
File outdated by:  RHSA-2008:0988
    MD5: 839a442adbceaab846e8c05bcd7b819d
libxml2-python-2.4.19-6.ent.ia64.rpm
File outdated by:  RHSA-2008:0988
    MD5: 906b8ed8888f217056758a875275e7ef
 

Bugs fixed (see bugzilla for more information)

137264 - CAN-2004-0989 multiple buffer overflows


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/