A stack overflow flaw was found in libxml by parsing root XML document element DTD definition. Providing a specially-crafted XML file would lead to excessive stack growth and denial of service (application crash), when opened by a victim.
Created attachment 356032 [details] Patch for RHEL-5 i.e. libxml2-2.6.26
Created attachment 356033 [details] Patch for RHEL-4 i.e. libxml2-2.6.16
Created attachment 356035 [details] Patch for RHEL-3 i.e. libxml2-2.5.10
Set of patches attached for libxml2 in RHEL-3/4/5 this also includes the fixes for #515205 Daniel
Created attachment 356048 [details] patch for libxml-1.8.17 in RHEL-3
libxml2-2.7.3-3.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/libxml2-2.7.3-3.fc11
libxml2-2.7.3-2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/libxml2-2.7.3-2.fc10
Richard, could you schedule the mingw32-libxml2 Fedora updates? Thanks, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:1206 https://rhn.redhat.com/errata/RHSA-2009-1206.html
libxml2-2.7.3-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
libxml2-2.7.3-3.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
libxml-1.8.17-24.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/libxml-1.8.17-24.fc11
libxml-1.8.17-24.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/libxml-1.8.17-24.fc10
mingw32-libxml2-2.7.3-2.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/mingw32-libxml2-2.7.3-2.fc11
mingw32-libxml2-2.7.3-2.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
libxml-1.8.17-24.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
libxml-1.8.17-24.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.