Common Vulnerabilities and Exposures assigned an identifier CVE-2004-0989 to the following vulnerability: Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost. References: http://marc.theaimsgroup.com/?l=bugtraq&m=109880813013482&w=2 http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890 http://www.debian.org/security/2004/dsa-582 http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml http://www.redhat.com/support/errata/RHSA-2004-615.html http://www.redhat.com/support/errata/RHSA-2004-650.html http://www.novell.com/linux/security/advisories/2005_01_sr.html http://marc.theaimsgroup.com/?l=bugtraq&m=110972110516151&w=2 http://www.ciac.org/ciac/bulletins/p-029.shtml http://www.securityfocus.com/bid/11526 http://www.osvdb.org/11179 http://www.osvdb.org/11180 http://www.osvdb.org/11324 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1173 http://securitytracker.com/id?1011941 http://secunia.com/advisories/13000 http://xforce.iss.net/xforce/xfdb/17870 http://xforce.iss.net/xforce/xfdb/17875 http://xforce.iss.net/xforce/xfdb/17872 http://xforce.iss.net/xforce/xfdb/17876
libxml-1.8.17-24.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/libxml-1.8.17-24.fc11
libxml-1.8.17-24.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/libxml-1.8.17-24.fc10
libxml-1.8.17-24.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
libxml-1.8.17-24.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This was addressed via: Red Hat Enterprise Linux version 2.1 (RHSA-2004:615 (libxml2) and RHSA-2004:650 (libxml)) Red Hat Enterprise Linux version 3 (RHSA-2004:615 (libxml2) and RHSA-2004:650 (libxml))