A libxml2 security update is available for Fedora Core 2
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-353
2004-10-28
---------------------------------------------------------------------
Product : Fedora Core 2
Name : libxml2
Version : 2.6.15
Release : 2
Summary : Library providing XML and HTML support
Description :
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library.
---------------------------------------------------------------------
Update Information:
Updated libxml2 packages fixes security vulnerabilities
libxml2 is a library for manipulating XML files.
Multiple buffer overflow bugs have been found libxml2 versions prior to 2.6.14. If an attacker can trick a user into passing a specially crafted FTP URL or FTP proxy URL to libxml2, it could be possible to execute arbitrary code. Additionally, if an attacker can return a specially crafted DNS request to libxml, it is possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0989 to this issue.
All users are advised to upgrade to these updated packages, which contain fixes and are not vulnerable to this issue.
---------------------------------------------------------------------
* Wed Oct 27 2004 Daniel Veillard veillard@redhat.com 2.6.15-2
- upstream release 2.6.15 see http://xmlsoft.org/news.html
- incorporate a security fix for #137266 security problem
http://www.securityfocus.com/archive/1/379383/2004-10-24/2004-10-30/0
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
18b21e3d001164d71a53d121c0fd806f SRPMS/libxml2-2.6.15-2.src.rpm
1096a0ad82686ac816a9d5c2318cc3d0 x86_64/libxml2-2.6.15-2.x86_64.rpm
0243c634a62b2b7fb39f79fdd0c688b0 x86_64/libxml2-devel-2.6.15-2.x86_64.rpm
ff7dfc244ccd5c298ddf41e6d0efbc48 x86_64/libxml2-python-2.6.15-2.x86_64.rpm
97a6d139218ab8ab05d98bfdfdd5c45b x86_64/debug/libxml2-debuginfo-2.6.15-2.x86_64.rpm
f1181cf6048cca3bcc44fec39a3706d0 i386/libxml2-2.6.15-2.i386.rpm
e45b080e51a9960089256fb48898689e i386/libxml2-devel-2.6.15-2.i386.rpm
f9997ba6ed497fa060a521ad07b6b0ad i386/libxml2-python-2.6.15-2.i386.rpm
d0480ee25c1cc4d7f30da0899f2668d7 i386/debug/libxml2-debuginfo-2.6.15-2.i386.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-353
2004-10-28
---------------------------------------------------------------------
Product : Fedora Core 2
Name : libxml2
Version : 2.6.15
Release : 2
Summary : Library providing XML and HTML support
Description :
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library.
---------------------------------------------------------------------
Update Information:
Updated libxml2 packages fixes security vulnerabilities
libxml2 is a library for manipulating XML files.
Multiple buffer overflow bugs have been found libxml2 versions prior to 2.6.14. If an attacker can trick a user into passing a specially crafted FTP URL or FTP proxy URL to libxml2, it could be possible to execute arbitrary code. Additionally, if an attacker can return a specially crafted DNS request to libxml, it is possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0989 to this issue.
All users are advised to upgrade to these updated packages, which contain fixes and are not vulnerable to this issue.
---------------------------------------------------------------------
* Wed Oct 27 2004 Daniel Veillard veillard@redhat.com 2.6.15-2
- upstream release 2.6.15 see http://xmlsoft.org/news.html
- incorporate a security fix for #137266 security problem
http://www.securityfocus.com/archive/1/379383/2004-10-24/2004-10-30/0
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
18b21e3d001164d71a53d121c0fd806f SRPMS/libxml2-2.6.15-2.src.rpm
1096a0ad82686ac816a9d5c2318cc3d0 x86_64/libxml2-2.6.15-2.x86_64.rpm
0243c634a62b2b7fb39f79fdd0c688b0 x86_64/libxml2-devel-2.6.15-2.x86_64.rpm
ff7dfc244ccd5c298ddf41e6d0efbc48 x86_64/libxml2-python-2.6.15-2.x86_64.rpm
97a6d139218ab8ab05d98bfdfdd5c45b x86_64/debug/libxml2-debuginfo-2.6.15-2.x86_64.rpm
f1181cf6048cca3bcc44fec39a3706d0 i386/libxml2-2.6.15-2.i386.rpm
e45b080e51a9960089256fb48898689e i386/libxml2-devel-2.6.15-2.i386.rpm
f9997ba6ed497fa060a521ad07b6b0ad i386/libxml2-python-2.6.15-2.i386.rpm
d0480ee25c1cc4d7f30da0899f2668d7 i386/debug/libxml2-debuginfo-2.6.15-2.i386.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.