Description: | Description: The remote host is missing an update to libxml announced via advisory FEDORA-2009-8594.
This library allows old Gnome-1 applications to manipulate XML files.
Update Information:
This update includes patches from RHEL-3 addressing a number of security vulnerabilities: - CVE-2004-0110 (arbitrary code execution via a long URL) - CVE-2004-0989 (arbitrary code execution via a long URL) - CVE-2009-2414 (stack consumption DoS vulnerabilities) - CVE-2009-2416 (use-after-free DoS vulnerabilities)
ChangeLog:
* Wed Aug 12 2009 Paul Howarth 1:1.8.17-24 - renumber existing patches to free up low-numbered patches for EL-3 patches - add patch for CAN-2004-0110 and CAN-2004-0989 (#139090) - add patch for CVE-2009-2414 and CVE-2009-2416 (#515195, #515205) * Sat Jul 25 2009 Fedora Release Engineering 1:1.8.17-23 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Mon Apr 20 2009 Paul Howarth 1:1.8.17-22 - rebuild for %{_isa} provides/requires * Wed Feb 25 2009 Fedora Release Engineering 1:1.8.17-21 - rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
References:
[ 1 ] Bug #430644 - CVE-2004-0110 libxml2 long URL causes SEGV https://bugzilla.redhat.com/show_bug.cgi?id=430644 [ 2 ] Bug #430645 - CVE-2004-0989 libxml2 various overflows https://bugzilla.redhat.com/show_bug.cgi?id=430645 [ 3 ] Bug #515195 - CVE-2009-2414 libxml, libxml2: Stack overflow by parsing root XML element DTD definition https://bugzilla.redhat.com/show_bug.cgi?id=515195 [ 4 ] Bug #515205 - CVE-2009-2416 libxml, libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types https://bugzilla.redhat.com/show_bug.cgi?id=515205
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update libxml' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8594
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|