Bug 515195 (CVE-2009-2414)
| Summary: | CVE-2009-2414 libxml, libxml2, mingw32-libxml2: Stack overflow by parsing root XML element DTD definition | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> | ||||||||||
| Component: | vulnerability | Assignee: | Nobody <nobody> | ||||||||||
| Status: | MODIFIED --- | QA Contact: | |||||||||||
| Severity: | medium | Docs Contact: | |||||||||||
| Priority: | medium | ||||||||||||
| Version: | unspecified | CC: | juhani.eronen, rjones, veillard | ||||||||||
| Target Milestone: | --- | Keywords: | Security | ||||||||||
| Target Release: | --- | ||||||||||||
| Hardware: | All | ||||||||||||
| OS: | Linux | ||||||||||||
| Whiteboard: | |||||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||||
| Doc Text: | Story Points: | --- | |||||||||||
| Clone Of: | Environment: | ||||||||||||
| Last Closed: | Type: | --- | |||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||
| Documentation: | --- | CRM: | |||||||||||
| Verified Versions: | Category: | --- | |||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
| Embargoed: | |||||||||||||
| Bug Depends On: | 515226, 515233, 515234, 515235, 515236, 515237 | ||||||||||||
| Bug Blocks: | |||||||||||||
| Attachments: |
|
||||||||||||
|
Description
Jan Lieskovsky
2009-08-03 10:10:17 UTC
Created attachment 356032 [details]
Patch for RHEL-5 i.e. libxml2-2.6.26
Created attachment 356033 [details]
Patch for RHEL-4 i.e. libxml2-2.6.16
Created attachment 356035 [details]
Patch for RHEL-3 i.e. libxml2-2.5.10
Set of patches attached for libxml2 in RHEL-3/4/5 this also includes the fixes for #515205 Daniel Created attachment 356048 [details]
patch for libxml-1.8.17 in RHEL-3
libxml2-2.7.3-3.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/libxml2-2.7.3-3.fc11 libxml2-2.7.3-2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/libxml2-2.7.3-2.fc10 Richard, could you schedule the mingw32-libxml2 Fedora updates? Thanks, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team This issue has been addressed in following products: Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:1206 https://rhn.redhat.com/errata/RHSA-2009-1206.html libxml2-2.7.3-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. libxml2-2.7.3-3.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. libxml-1.8.17-24.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/libxml-1.8.17-24.fc11 libxml-1.8.17-24.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/libxml-1.8.17-24.fc10 mingw32-libxml2-2.7.3-2.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/mingw32-libxml2-2.7.3-2.fc11 mingw32-libxml2-2.7.3-2.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. libxml-1.8.17-24.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. libxml-1.8.17-24.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. |