Bug 515205 (CVE-2009-2416) - CVE-2009-2416 libxml, libxml2, mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types
Summary: CVE-2009-2416 libxml, libxml2, mingw32-libxml2: Pointer use-after-free flaws ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2009-2416
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 515226 515233 515234 515235 515236 515237
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-08-03 10:40 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:31 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-08-22 07:02:44 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1206 0 normal SHIPPED_LIVE Moderate: libxml and libxml2 security update 2009-08-10 18:14:27 UTC

Description Jan Lieskovsky 2009-08-03 10:40:22 UTC
Pointer use-after-free flaws were found in libxml by parsing Notation
and Enumeration attribute types. A remote attacker could provide
a specially-crafted XML file, which once opened by a local, unsuspecting
user would lead to denial of service (application crash).

Comment 7 Daniel Veillard 2009-08-03 14:34:27 UTC
The 3 patches for libxml2 in RHEL-3/4/5 were attached to #515195

Daniel

Comment 10 Fedora Update System 2009-08-10 14:40:26 UTC
libxml2-2.7.3-3.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/libxml2-2.7.3-3.fc11

Comment 11 Fedora Update System 2009-08-10 14:42:08 UTC
libxml2-2.7.3-2.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/libxml2-2.7.3-2.fc10

Comment 12 Jan Lieskovsky 2009-08-10 14:56:42 UTC
Richard,

  could you schedule the mingw32-libxml2 Fedora updates?

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Comment 13 errata-xmlrpc 2009-08-10 18:14:34 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2009:1206 https://rhn.redhat.com/errata/RHSA-2009-1206.html

Comment 14 Fedora Update System 2009-08-11 22:37:55 UTC
libxml2-2.7.3-2.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2009-08-11 22:40:01 UTC
libxml2-2.7.3-3.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 16 Fedora Update System 2009-08-12 14:03:48 UTC
libxml-1.8.17-24.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/libxml-1.8.17-24.fc11

Comment 17 Fedora Update System 2009-08-12 14:05:39 UTC
libxml-1.8.17-24.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/libxml-1.8.17-24.fc10

Comment 18 Fedora Update System 2009-08-12 22:14:30 UTC
mingw32-libxml2-2.7.3-2.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/mingw32-libxml2-2.7.3-2.fc11

Comment 19 Fedora Update System 2009-08-15 08:17:09 UTC
mingw32-libxml2-2.7.3-2.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 20 Fedora Update System 2009-08-15 08:18:12 UTC
libxml-1.8.17-24.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 21 Fedora Update System 2009-08-15 08:20:44 UTC
libxml-1.8.17-24.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.