libxml2-2.6.26-2.1.2.8.1AXS3
エラータID: AXSA:2009-377:01
リリース日:
2009/08/27 Thursday - 10:20
題名:
libxml2-2.6.26-2.1.2.8.1AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libxml と libxml2 には スタック消費の脆弱性が存在し、攻撃者がサービス拒否 (アプリ
ケーションのクラッシュ) を引き起こす脆弱性があります。
(CVE-2009-2414)
- libxml と libxml2 には複数の開放後使用 (use-after-free) の脆弱性が存在し、攻撃者
がサービス拒否攻撃 (アプリケーションのクラッシュ) を引き起こす脆弱性があります。(CVE-2009-2416)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-2414
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.
CVE-2009-2416
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
追加情報:
Asianux Server 3 SP2 からのアップデートパッケージです。
ダウンロード:
SRPMS
- libxml2-2.6.26-2.1.2.8.1AXS3.src.rpm
MD5: c683456ee3cca043e067fa16eeb1aaf3
SHA-256: 9f26ad3f359e77c5e6925134bb5ecae01236b076ccfc26d6526bf4335ba64fd1
Size: 4.33 MB
Asianux Server 3 for x86
- libxml2-2.6.26-2.1.2.8.1AXS3.i386.rpm
MD5: 4b9ed4680870d7bba5bb78f33e0c0ef8
SHA-256: 7fe41a54d3146a34aed21ff3983bea78be3db187c737ee0dbb7d7d3024931684
Size: 795.44 kB - libxml2-devel-2.6.26-2.1.2.8.1AXS3.i386.rpm
MD5: ebd52d4938ca742c9ccf06accaa76883
SHA-256: 3c52eaa95c553da28976ab05c810b940a7e1ea67e3b205703d2d7796b515d572
Size: 2.10 MB - libxml2-python-2.6.26-2.1.2.8.1AXS3.i386.rpm
MD5: 54f6d706d327795813c2e8c6826c42f0
SHA-256: 8b2d290a7a7630ee30d44951b893b9be49096dac0c11060c70c9935ea67689bb
Size: 704.20 kB
Asianux Server 3 for x86_64
- libxml2-2.6.26-2.1.2.8.1AXS3.x86_64.rpm
MD5: df8acfcc434826f601ef625bdc3af01a
SHA-256: 50a266854d5714b0d27c9fd48af0a7d850cf6d145240a5f532582798d31da827
Size: 807.94 kB - libxml2-devel-2.6.26-2.1.2.8.1AXS3.x86_64.rpm
MD5: 573be89fbbda36ce492521a67571cde0
SHA-256: 4c3bbe678fcbd213874c0a05ebc6e47e09096c05a7383daddc9af12497d9c7d2
Size: 2.14 MB - libxml2-python-2.6.26-2.1.2.8.1AXS3.x86_64.rpm
MD5: 377e44812bd425c3a3b49f9b06bf695c
SHA-256: 7f02c4886e43166cd9fe1c4976635b8c626a8aaa9403a0a59d3c08db7162ad07
Size: 714.65 kB