Security Advisory libxml2 security update

Advisory: RHSA-2004:615-11
Type: Security Advisory
Severity: Moderate
Issued on: 2004-11-12
Last updated on: 2004-11-12
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2004-0989

Details

An updated libxml2 package that fixes multiple buffer overflows is now
available.

libxml2 is a library for manipulating XML files.

Multiple buffer overflow bugs have been found in libxml2 versions prior to
2.6.14. If an attacker can trick a user into passing a specially crafted
FTP URL or FTP proxy URL to an application that uses the vulnerable
functions of libxml2, it could be possible to execute arbitrary code.
Additionally, if an attacker can return a specially crafted DNS request to
libxml2, it could be possible to execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0989 to this issue.

All users are advised to upgrade to this updated package, which contains
backported patches and is not vulnerable to these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
libxml2-2.5.10-7.src.rpm
File outdated by:  RHSA-2009:1206		     6fa09ee8498feca89d074f2520f838e7
 
IA-32:
libxml2-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206		     a4728e78eb8f4ef0de08ed56603190d9
libxml2-devel-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206		     b8dc36e2705dcd52c43cab58f47ce80c
libxml2-python-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206		     940def8cd5897ada260211f8feec5782
 
x86_64:
libxml2-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206		     7e31b4b6e35f49f829e41e6af1ad582e
libxml2-devel-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206		     55d7a38b9ac300d0569838f527c07b5b
libxml2-python-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206		     9777f3c6ef99ac74b3a541440d6c9ee5
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
libxml2-2.4.19-6.ent.src.rpm
File outdated by:  RHSA-2008:0988		     70a6392620837d0f90f134409a14a600
 
IA-32:
libxml2-2.4.19-6.ent.i386.rpm
File outdated by:  RHSA-2008:0988		     41b2bc4d0ea5158e8428367cfdd3173a
libxml2-devel-2.4.19-6.ent.i386.rpm
File outdated by:  RHSA-2008:0988		     a6e5a78367c0fd6cee03d70300f47869
libxml2-python-2.4.19-6.ent.i386.rpm
File outdated by:  RHSA-2008:0988		     6ccec5236ec52d2af4b9b320eeb67795
 
IA-64:
libxml2-2.4.19-6.ent.ia64.rpm
File outdated by:  RHSA-2008:0988		     a431799a54a9007b590bf6c79c298c8a
libxml2-devel-2.4.19-6.ent.ia64.rpm
File outdated by:  RHSA-2008:0988		     839a442adbceaab846e8c05bcd7b819d
libxml2-python-2.4.19-6.ent.ia64.rpm
File outdated by:  RHSA-2008:0988		     906b8ed8888f217056758a875275e7ef
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
libxml2-2.5.10-7.src.rpm
File outdated by:  RHSA-2009:1206		     6fa09ee8498feca89d074f2520f838e7
 
IA-32:
libxml2-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206		     a4728e78eb8f4ef0de08ed56603190d9
libxml2-devel-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206		     b8dc36e2705dcd52c43cab58f47ce80c
libxml2-python-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206		     940def8cd5897ada260211f8feec5782
 
IA-64:
libxml2-2.5.10-7.ia64.rpm
File outdated by:  RHSA-2009:1206		     90fe90652b6b9b7136d1d9a46f10bcb4
libxml2-devel-2.5.10-7.ia64.rpm
File outdated by:  RHSA-2009:1206		     99338cce66957593a07ab826b17c9786
libxml2-python-2.5.10-7.ia64.rpm
File outdated by:  RHSA-2009:1206		     3af2d80b7cc1924e087ae4e33a95008b
 
PPC:
libxml2-2.5.10-7.ppc.rpm
File outdated by:  RHSA-2009:1206		     fea5ce4cf6bf3808f199e147b2d17c00
libxml2-devel-2.5.10-7.ppc.rpm
File outdated by:  RHSA-2009:1206		     bdb2639136c3d1c3faff6bff7116c2e5
libxml2-python-2.5.10-7.ppc.rpm
File outdated by:  RHSA-2009:1206		     852fca338e84047f0e34f27cbf9f6e5d
 
s390:
libxml2-2.5.10-7.s390.rpm
File outdated by:  RHSA-2009:1206		     a0f13283433d0c0f388a8166f6aa7ce6
libxml2-devel-2.5.10-7.s390.rpm
File outdated by:  RHSA-2009:1206		     60632559a055597438d999d15ce74e33
libxml2-python-2.5.10-7.s390.rpm
File outdated by:  RHSA-2009:1206		     a3564845c635dd62a36e67d3deebeec7
 
s390x:
libxml2-2.5.10-7.s390x.rpm
File outdated by:  RHSA-2009:1206		     61750334b52f18046f31ba9e2138364d
libxml2-devel-2.5.10-7.s390x.rpm
File outdated by:  RHSA-2009:1206		     357695ac14f87be1c6334184e847df53
libxml2-python-2.5.10-7.s390x.rpm
File outdated by:  RHSA-2009:1206		     cabdafa60379423292d926999ab5ba3f
 
x86_64:
libxml2-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206		     7e31b4b6e35f49f829e41e6af1ad582e
libxml2-devel-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206		     55d7a38b9ac300d0569838f527c07b5b
libxml2-python-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206		     9777f3c6ef99ac74b3a541440d6c9ee5
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
libxml2-2.4.19-6.ent.src.rpm
File outdated by:  RHSA-2008:0988		     70a6392620837d0f90f134409a14a600
 
IA-32:
libxml2-2.4.19-6.ent.i386.rpm
File outdated by:  RHSA-2008:0988		     41b2bc4d0ea5158e8428367cfdd3173a
libxml2-devel-2.4.19-6.ent.i386.rpm
File outdated by:  RHSA-2008:0988		     a6e5a78367c0fd6cee03d70300f47869
libxml2-python-2.4.19-6.ent.i386.rpm
File outdated by:  RHSA-2008:0988		     6ccec5236ec52d2af4b9b320eeb67795
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
libxml2-2.5.10-7.src.rpm
File outdated by:  RHSA-2009:1206		     6fa09ee8498feca89d074f2520f838e7
 
IA-32:
libxml2-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206		     a4728e78eb8f4ef0de08ed56603190d9
libxml2-devel-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206		     b8dc36e2705dcd52c43cab58f47ce80c
libxml2-python-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206		     940def8cd5897ada260211f8feec5782
 
IA-64:
libxml2-2.5.10-7.ia64.rpm
File outdated by:  RHSA-2009:1206		     90fe90652b6b9b7136d1d9a46f10bcb4
libxml2-devel-2.5.10-7.ia64.rpm
File outdated by:  RHSA-2009:1206		     99338cce66957593a07ab826b17c9786
libxml2-python-2.5.10-7.ia64.rpm
File outdated by:  RHSA-2009:1206		     3af2d80b7cc1924e087ae4e33a95008b
 
x86_64:
libxml2-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206		     7e31b4b6e35f49f829e41e6af1ad582e
libxml2-devel-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206		     55d7a38b9ac300d0569838f527c07b5b
libxml2-python-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206		     9777f3c6ef99ac74b3a541440d6c9ee5
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
libxml2-2.4.19-6.ent.src.rpm
File outdated by:  RHSA-2008:0988		     70a6392620837d0f90f134409a14a600
 
IA-32:
libxml2-2.4.19-6.ent.i386.rpm
File outdated by:  RHSA-2008:0988		     41b2bc4d0ea5158e8428367cfdd3173a
libxml2-devel-2.4.19-6.ent.i386.rpm
File outdated by:  RHSA-2008:0988		     a6e5a78367c0fd6cee03d70300f47869
libxml2-python-2.4.19-6.ent.i386.rpm
File outdated by:  RHSA-2008:0988		     6ccec5236ec52d2af4b9b320eeb67795
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
libxml2-2.5.10-7.src.rpm
File outdated by:  RHSA-2009:1206		     6fa09ee8498feca89d074f2520f838e7
 
IA-32:
libxml2-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206		     a4728e78eb8f4ef0de08ed56603190d9
libxml2-devel-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206		     b8dc36e2705dcd52c43cab58f47ce80c
libxml2-python-2.5.10-7.i386.rpm
File outdated by:  RHSA-2009:1206		     940def8cd5897ada260211f8feec5782
 
IA-64:
libxml2-2.5.10-7.ia64.rpm
File outdated by:  RHSA-2009:1206		     90fe90652b6b9b7136d1d9a46f10bcb4
libxml2-devel-2.5.10-7.ia64.rpm
File outdated by:  RHSA-2009:1206		     99338cce66957593a07ab826b17c9786
libxml2-python-2.5.10-7.ia64.rpm
File outdated by:  RHSA-2009:1206		     3af2d80b7cc1924e087ae4e33a95008b
 
x86_64:
libxml2-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206		     7e31b4b6e35f49f829e41e6af1ad582e
libxml2-devel-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206		     55d7a38b9ac300d0569838f527c07b5b
libxml2-python-2.5.10-7.x86_64.rpm
File outdated by:  RHSA-2009:1206		     9777f3c6ef99ac74b3a541440d6c9ee5
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
libxml2-2.4.19-6.ent.src.rpm
File outdated by:  RHSA-2008:0988		     70a6392620837d0f90f134409a14a600
 
IA-64:
libxml2-2.4.19-6.ent.ia64.rpm
File outdated by:  RHSA-2008:0988		     a431799a54a9007b590bf6c79c298c8a
libxml2-devel-2.4.19-6.ent.ia64.rpm
File outdated by:  RHSA-2008:0988		     839a442adbceaab846e8c05bcd7b819d
libxml2-python-2.4.19-6.ent.ia64.rpm
File outdated by:  RHSA-2008:0988		     906b8ed8888f217056758a875275e7ef
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

137264 - CAN-2004-0989 multiple buffer overflows


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0989
http://www.securityfocus.com/archive/1/379383/2004-10-24/2004-10-30/0

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/