libxml2-2.6.26-2.1.12.2.0.1.AXS3

エラータID: AXSA:2012-43:01

Release date: 
Tuesday, January 31, 2012 - 20:13
Subject: 
libxml2-2.6.26-2.1.12.2.0.1.AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library.
Security issues fixed with this release:
CVE-2010-4008
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
CVE-2011-0216
Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.
CVE-2011-1944
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
CVE-2011-2834
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
CVE-2011-3905
libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3919
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Solution: 

Update packages.

CVEs: 
CVE-2010-4008
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
CVE-2011-0216
Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.
CVE-2011-1944
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
CVE-2011-2834
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
CVE-2011-3905
libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-3919
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.




Additional Info: 

N/A

Download: 

SRPMS
  1. libxml2-2.6.26-2.1.12.2.0.1.AXS3.src.rpm
    MD5: ee2dd6b11459f218a307006ebada3056
    SHA-256: 8a4ac5d2b976d0cd66515ca282a6a480ec1d1e588bd142c7c7070a5f0cc7ae8b
    Size: 4.34 MB

Asianux Server 3 for x86
  1. libxml2-2.6.26-2.1.12.2.0.1.AXS3.i386.rpm
    MD5: 0b0d1bd1d700cfb725b18be62aa3fe70
    SHA-256: ff182e61753c6c6846ca53b05bbe7d2e57e57d703b0312d12ff085794197da0a
    Size: 796.63 kB
  2. libxml2-devel-2.6.26-2.1.12.2.0.1.AXS3.i386.rpm
    MD5: 030ff9144d8d7acc33a62d7c4237a905
    SHA-256: 8cc2068311419159c6f5950725304ae8006d1d0dcdb3abce74ac3ab5c044fe06
    Size: 2.10 MB
  3. libxml2-python-2.6.26-2.1.12.2.0.1.AXS3.i386.rpm
    MD5: 53af84fb616ed18844b79826890c57f9
    SHA-256: 40a6dfab3c8ebb424bd87ebf24d69adf167f52d9cc51a5551223a61116a922f8
    Size: 705.08 kB

Asianux Server 3 for x86_64
  1. libxml2-2.6.26-2.1.12.2.0.1.AXS3.x86_64.rpm
    MD5: 15be1dda821da756948b8a0e0f3d6819
    SHA-256: 0042fc6129b1d0a366fa08aa7188b3d9fbbb84cf953db83b44552cd66bca1661
    Size: 808.97 kB
  2. libxml2-devel-2.6.26-2.1.12.2.0.1.AXS3.x86_64.rpm
    MD5: e9f49fa9708bafc735ff98f9a5370238
    SHA-256: cf119311215dc5ce2c6bf635e74a4e96f673c386749bb6a0a956da127baa08c0
    Size: 2.14 MB
  3. libxml2-python-2.6.26-2.1.12.2.0.1.AXS3.x86_64.rpm
    MD5: 6087e892ee6e2c423d08e94bb5ff6e78
    SHA-256: 299a673fa00000e6dd39ffbb579a05f5a6e2818cb05ce0d382d956a31ab53068
    Size: 715.51 kB