French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes Libxml2 Denial of Service Vulnerability

Title : Mandriva Security Update Fixes Libxml2 Denial of Service Vulnerability
Advisory ID : FrSIRT/ADV-2008-0124
CVE ID : CVE-2007-6284
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-01-14

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

A vulnerability has been identified in Mandriva, which could be exploited by attackers to cause a denial of service [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
77dacb3f7ceed6b154d13b2230993f6a 2007.0/i586/libxml2-2.6.26-2.1mdv2007.0.i586.rpm
b65bd8c95b4cb202ad9c6ee0b0bd240a 2007.0/i586/libxml2-devel-2.6.26-2.1mdv2007.0.i586.rpm
783aa1a2d3e7e8f7e1d97a656606e1c0 2007.0/i586/libxml2-python-2.6.26-2.1mdv2007.0.i586.rpm
fc8a74a258531db13fa948d95f4c2b0f 2007.0/i586/libxml2-utils-2.6.26-2.1mdv2007.0.i586.rpm
213917a525e29b1be556eaa909ae70b8 2007.0/SRPMS/libxml2-2.6.26-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
39239bd612197276042a12756b12f25a 2007.0/x86_64/lib64xml2-2.6.26-2.1mdv2007.0.x86_64.rpm
8559d17572b7ecf59c322fd5e24a32ac 2007.0/x86_64/lib64xml2-devel-2.6.26-2.1mdv2007.0.x86_64.rpm
9be60ad740a273022ba6f0ac63242d4e 2007.0/x86_64/lib64xml2-python-2.6.26-2.1mdv2007.0.x86_64.rpm
6d455daad1c6043033535790f6891a03 2007.0/x86_64/libxml2-utils-2.6.26-2.1mdv2007.0.x86_64.rpm
213917a525e29b1be556eaa909ae70b8 2007.0/SRPMS/libxml2-2.6.26-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
39a6f6fd2ebed09f57fb448d5608254d 2007.1/i586/libxml2-2.6.27-3.1mdv2007.1.i586.rpm
85dd4f3000b2d7a1b3ec6d7c0a839481 2007.1/i586/libxml2-devel-2.6.27-3.1mdv2007.1.i586.rpm
04d59c5ceb87225b3da6b31a76c6e5a2 2007.1/i586/libxml2-python-2.6.27-3.1mdv2007.1.i586.rpm
87814c987e3c1f58c722a3ea3a8e310c 2007.1/i586/libxml2-utils-2.6.27-3.1mdv2007.1.i586.rpm
fb22892957a80ffd6f6a3679dda1ff3a 2007.1/SRPMS/libxml2-2.6.27-3.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
fe616f34b82ffd18e15e34c33efbac7a 2007.1/x86_64/lib64xml2-2.6.27-3.1mdv2007.1.x86_64.rpm
77b4273b2b847dc93430288b313effe1 2007.1/x86_64/lib64xml2-devel-2.6.27-3.1mdv2007.1.x86_64.rpm
7256a9e600ba1ccffe8263b7ca79ca9f 2007.1/x86_64/lib64xml2-python-2.6.27-3.1mdv2007.1.x86_64.rpm
ba8ef3136d30fc8df4ab560eb6ed8d07 2007.1/x86_64/libxml2-utils-2.6.27-3.1mdv2007.1.x86_64.rpm
fb22892957a80ffd6f6a3679dda1ff3a 2007.1/SRPMS/libxml2-2.6.27-3.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
3c20ada83e676e7746b79f1a31727dbc 2008.0/i586/libxml2-devel-2.6.30-1.1mdv2008.0.i586.rpm
6d48ec5ab06b9c9da52f09ac30dc9c80 2008.0/i586/libxml2-python-2.6.30-1.1mdv2008.0.i586.rpm
ab3b8931c36ab441c50bd807c7c1f178 2008.0/i586/libxml2-utils-2.6.30-1.1mdv2008.0.i586.rpm
e830e8a3ff3be74baca3b6d6e08048db 2008.0/i586/libxml2_2-2.6.30-1.1mdv2008.0.i586.rpm
95a1741cd2ffc9aea77525d3f4ce1032 2008.0/SRPMS/libxml2-2.6.30-1.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
b906a3f182b4c263e6866469b7830d37 2008.0/x86_64/lib64xml2-devel-2.6.30-1.1mdv2008.0.x86_64.rpm
938706227bb990215af729038959499e 2008.0/x86_64/lib64xml2_2-2.6.30-1.1mdv2008.0.x86_64.rpm
dc73b6975441524b039e168e471d4a4a 2008.0/x86_64/libxml2-python-2.6.30-1.1mdv2008.0.x86_64.rpm
0388308a1a1bc7286112023204048c30 2008.0/x86_64/libxml2-utils-2.6.30-1.1mdv2008.0.x86_64.rpm
95a1741cd2ffc9aea77525d3f4ce1032 2008.0/SRPMS/libxml2-2.6.30-1.1mdv2008.0.src.rpm

Corporate 3.0:
0922b67b2e1f8731f72e4ca3b5585d92 corporate/3.0/i586/libxml2-2.6.6-1.2.C30mdk.i586.rpm
dda560864d31455db52e8f00dc2aa43f corporate/3.0/i586/libxml2-devel-2.6.6-1.2.C30mdk.i586.rpm
e6f5fd59e95a74c09cdd57deed498c9a corporate/3.0/i586/libxml2-python-2.6.6-1.2.C30mdk.i586.rpm
7dac1af99fa5eda79e8b9d471d86c55d corporate/3.0/i586/libxml2-utils-2.6.6-1.2.C30mdk.i586.rpm
56183137289bcf9c11699e891dac442a corporate/3.0/SRPMS/libxml2-2.6.6-1.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
186a08bf1f0110bfaa5bd884934b2fac corporate/3.0/x86_64/lib64xml2-2.6.6-1.2.C30mdk.x86_64.rpm
05cf4c50a781c706c020854971160934 corporate/3.0/x86_64/lib64xml2-devel-2.6.6-1.2.C30mdk.x86_64.rpm
b636186a1473f4a45fecc396e9cd5be4 corporate/3.0/x86_64/lib64xml2-python-2.6.6-1.2.C30mdk.x86_64.rpm
ba733e52ff5a7bf0662d6ad4cf4f4db5 corporate/3.0/x86_64/libxml2-utils-2.6.6-1.2.C30mdk.x86_64.rpm
56183137289bcf9c11699e891dac442a corporate/3.0/SRPMS/libxml2-2.6.6-1.2.C30mdk.src.rpm

Corporate 4.0:
a9dfe938313ea3d1a8d7eabe81109e82 corporate/4.0/i586/libxml2-2.6.21-3.1.20060mlcs4.i586.rpm
81242f717837d167804a74c133aca257 corporate/4.0/i586/libxml2-devel-2.6.21-3.1.20060mlcs4.i586.rpm
4f72201469336da9fba2b2a2237f454d corporate/4.0/i586/libxml2-python-2.6.21-3.1.20060mlcs4.i586.rpm
b50e445cab3dfb2eef5d6870fcb0e389 corporate/4.0/i586/libxml2-utils-2.6.21-3.1.20060mlcs4.i586.rpm
b6aba6be396f65fa83ed0bc129b26e39 corporate/4.0/SRPMS/libxml2-2.6.21-3.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
1e842a7e72843912858d308ae9d1e15b corporate/4.0/x86_64/lib64xml2-2.6.21-3.1.20060mlcs4.x86_64.rpm
d129d0911beee47ebfc84d635825c907 corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.1.20060mlcs4.x86_64.rpm
6e74fb611a915fe3ee14e4425257e1e8 corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.1.20060mlcs4.x86_64.rpm
cafcc6d6ccbe9fb2ea58051de8261d2d corporate/4.0/x86_64/libxml2-utils-2.6.21-3.1.20060mlcs4.x86_64.rpm
b6aba6be396f65fa83ed0bc129b26e39 corporate/4.0/SRPMS/libxml2-2.6.21-3.1.20060mlcs4.src.rpm

ChangeLog

2008-01-14 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Oracle Products Multiple Code Execution and Security Bypass Issues

Oracle Products Command Execution and SQL Injection Vulnerabilities

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

Sun Solaris Covert Channel Local Security Bypass Vulnerability

Sun Solaris NFS RPC Zone Denial of Service Vulnerability

Sun Solaris NFS Kernel Module Local Denial of Service Vulnerability

Sun Solaris NFSv4 Client Kernel Module Denial of Service Vulnerability

Sun Java System Portal Server Cross Site Scripting Vulnerability

Sun rdesktop Code Execution and Denial of Service

Sun Java System Web Proxy Server Denial of Service Vulnerability

Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability

Mozilla Products Remote Code Execution and Security Bypass Issues

Mozilla Products Code Execution and Injection Vulnerabilities

Mozilla JavaScript Garbage Collector Code Execution Vulnerability

Mozilla Thunderbird Code Execution and Cross Site Scripting Issues

Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy