Bug 515205 - (CVE-2009-2416) CVE-2009-2416 libxml, libxml2, mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types
CVE-2009-2416 libxml, libxml2, mingw32-libxml2: Pointer use-after-free flaws ...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,reported=20090730,public=2...
: Security
Depends On: 515226 515233 515234 515235 515236 515237
Blocks:
  Show dependency treegraph
 
Reported: 2009-08-03 06:40 EDT by Jan Lieskovsky
Modified: 2016-03-04 06:11 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-08-22 03:02:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2009-08-03 06:40:22 EDT
Pointer use-after-free flaws were found in libxml by parsing Notation
and Enumeration attribute types. A remote attacker could provide
a specially-crafted XML file, which once opened by a local, unsuspecting
user would lead to denial of service (application crash).
Comment 7 Daniel Veillard 2009-08-03 10:34:27 EDT
The 3 patches for libxml2 in RHEL-3/4/5 were attached to #515195

Daniel
Comment 10 Fedora Update System 2009-08-10 10:40:26 EDT
libxml2-2.7.3-3.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/libxml2-2.7.3-3.fc11
Comment 11 Fedora Update System 2009-08-10 10:42:08 EDT
libxml2-2.7.3-2.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/libxml2-2.7.3-2.fc10
Comment 12 Jan Lieskovsky 2009-08-10 10:56:42 EDT
Richard,

  could you schedule the mingw32-libxml2 Fedora updates?

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Comment 13 errata-xmlrpc 2009-08-10 14:14:34 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2009:1206 https://rhn.redhat.com/errata/RHSA-2009-1206.html
Comment 14 Fedora Update System 2009-08-11 18:37:55 EDT
libxml2-2.7.3-2.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Fedora Update System 2009-08-11 18:40:01 EDT
libxml2-2.7.3-3.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 16 Fedora Update System 2009-08-12 10:03:48 EDT
libxml-1.8.17-24.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/libxml-1.8.17-24.fc11
Comment 17 Fedora Update System 2009-08-12 10:05:39 EDT
libxml-1.8.17-24.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/libxml-1.8.17-24.fc10
Comment 18 Fedora Update System 2009-08-12 18:14:30 EDT
mingw32-libxml2-2.7.3-2.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/mingw32-libxml2-2.7.3-2.fc11
Comment 19 Fedora Update System 2009-08-15 04:17:09 EDT
mingw32-libxml2-2.7.3-2.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 20 Fedora Update System 2009-08-15 04:18:12 EDT
libxml-1.8.17-24.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 21 Fedora Update System 2009-08-15 04:20:44 EDT
libxml-1.8.17-24.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.