Libxml2 URI parsing errors in nanohttp and nanoftp

2004-03-09T00:00:00
ID VU:493966
Type cert
Reporter CERT
Modified 2004-03-09T20:04:00

Description

Overview

Libxml is the XML parser for Gnome, a desktop suite and development platform for Linux systems. Libxml2, the latest version of the library as of this writing, has a buffer overflow vulnerability which may allow execution of arbitrary code.

Description

Gnome, a desktop suite and development platform for Linux systems, uses Libxml as an XML parser to handle encoding and decoding or URI strings (this is part of the GNOME XML Toolkit). The Libxml2 release of Libxml prior to version 2.6.6 (published Feb 12 2004) contains a buffer overflow vulnerability when parsing URI strings in XML-structrued files. If the URI is over 4096 bytes, it may be possible to crash software using a vulnerable version of Libxml2.


Impact

The complete impact of this vulnerability is not yet known. It is reported to cause a SEGV in software using a vulnerable version of Libxml2.


Solution

Update to Libxml2 version 2.6.6 or later at <http://www.xmlsoft.org/downloads.html>


Vendor Information

493966

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Debian __ Affected

Updated: March 09, 2004

Status

Affected

Vendor Statement

Please see <http://www.debian.org/security/2004/dsa-455>

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

`-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Debian Security Advisory DSA 455-1 security@debian.org
&lt;http://www.debian.org/security/&gt; Martin Schulze
March 3rd, 2004 &lt;http://www.debian.org/security/faq&gt;


Package : libxml, libxml2
Vulnerability : buffer overflows
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0110

libxml2 is a library for manipulating XML files.

Yuuichi Teranishi discovered a flaw in libxml, the GNOME XML library.
When fetching a remote resource via FTP or HTTP, the library uses
special parsing routines which can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml1
or libxml2 that parses remote resources and allows the attacker to
craft the URL, then this flaw could be used to execute arbitrary code.

For the stable distribution (woody) this problem has been fixed in
version 1.8.17-2woody1 of libxml and version 2.4.19-4woody1 of libxml2.

For the unstable distribution (sid) this problem has been fixed in
version 1.8.17-5 of libxml and version 2.6.6-1 of libxml2.

We recommend that you upgrade your libxml1 and libxml2 packages.

Upgrade Instructions


wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-2woody1.dsc&gt;
Size/MD5 checksum: 651 16512f774479d73b7d82ca4e1db527f5
&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-2woody1.diff.gz&gt;
Size/MD5 checksum: 33976 68afef27edf44d2b81e02fde3431bca8
&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17.orig.tar.gz&gt;
Size/MD5 checksum: 1016403 b8f01e43e1e03dec37dfd6b4507a9568

&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1.dsc&gt;
Size/MD5 checksum: 654 6f56380f9bfade2c66f03956e1a65162
&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1.diff.gz&gt;
Size/MD5 checksum: 344358 ba3ea49cc8c465ff1a6377780c35a45d
&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19.orig.tar.gz&gt;
Size/MD5 checksum: 1925487 22e3c043f57e18baaed86c5fff3eafbc

Alpha architecture:

&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_alpha.deb&gt;
Size/MD5 checksum: 381994 dc3ada5391f52bdfd642df1bc5b9a6be
&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_alpha.deb&gt;
Size/MD5 checksum: 208830 a0698c267c722bf5127ee3709024ecc9

&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_alpha.deb&gt;
Size/MD5 checksum: 388786 a4ece19b65c46dd0e8f889c26e5938b3
&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_alpha.deb&gt;
Size/MD5 checksum: 938568 5f3e46bd132c9167db9e93ca3c739952

ARM architecture:

&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_arm.deb&gt;
Size/MD5 checksum: 392536 9e126158928d24a562ae1d2b3d35ae1d
&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_arm.deb&gt;
Size/MD5 checksum: 184172 0527fd6a14e003139be9b475e689ee41

&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_arm.deb&gt;
Size/MD5 checksum: 346060 6b9caeac9a0061576f8a1e5b46ed8671
&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_arm.deb&gt;
Size/MD5 checksum: 902966 688fb8c5ea18b0f9d8e7671dad5426c5

Intel IA-32 architecture:

&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_i386.deb&gt;
Size/MD5 checksum: 330042 b1c61849e10edbe597429fcd05d1d2b3
&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_i386.deb&gt;
Size/MD5 checksum: 183310 3c217f980c138f24eac1a0abd89eba78

&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_i386.deb&gt;
Size/MD5 checksum: 333034 11cfc7169e549c63dccf28f15300a8eb
&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_i386.deb&gt;
Size/MD5 checksum: 843084 43a242f53ed8a688e5ed02284a150f52

Intel IA-64 architecture:

&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_ia64.deb&gt;
Size/MD5 checksum: 447184 5bfa2835a9d9b43da6d31e1cadce6bc1
&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_ia64.deb&gt;
Size/MD5 checksum: 285484 a378583eaaaf1248aba8de4fd721c5fc

&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_ia64.deb&gt;
Size/MD5 checksum: 507452 b447844080f6e0c1d498b34ec849c9b2
&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_ia64.deb&gt;
Size/MD5 checksum: 1032662 ddd7aae0835fe1edb04aee7cdf2e41c0

HP Precision architecture:

&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_hppa.deb&gt;
Size/MD5 checksum: 439372 d5f629dc7f885dd858671ab639d954f8
&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_hppa.deb&gt;
Size/MD5 checksum: 248212 837ec145aac757ce053075a4736ddb55

&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_hppa.deb&gt;
Size/MD5 checksum: 425454 0719d6e0835b6dae714b1ce1a0bd9d77
&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_hppa.deb&gt;
Size/MD5 checksum: 979152 41e110f4c9805a5afb94fff79d1f3d22

Motorola 680x0 architecture:

&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_m68k.deb&gt;
Size/MD5 checksum: 318176 d0dcb654f8083e0873396d38aaa1a7a2
&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_m68k.deb&gt;
Size/MD5 checksum: 178226 c18c0c7bb3c0884c62f36922e5843e83

&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_m68k.deb&gt;
Size/MD5 checksum: 336902 2990a52db32dc3fd3108be4e677e59bf
&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_m68k.deb&gt;
Size/MD5 checksum: 828820 6378b37494b667bce472f934f50c3cb8

Big endian MIPS architecture:

&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_mips.deb&gt;
Size/MD5 checksum: 376266 1c226409e23047ec521224697a82f76c
&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_mips.deb&gt;
Size/MD5 checksum: 183628 0fa6098bdbfeadb50dfb7e5f4f2c967c

&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_mips.deb&gt;
Size/MD5 checksum: 348902 474e9b8bc026ca199218727203422c12
&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_mips.deb&gt;
Size/MD5 checksum: 921098 b8aa537054fc482ab042647ac0551f94

Little endian MIPS architecture:

&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_mipsel.deb&gt;
Size/MD5 checksum: 373696 603708cf407ea49748c987bea0ddaade
&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_mipsel.deb&gt;
Size/MD5 checksum: 182958 5397950eb709142774a2aa70f5faa9db

&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_mipsel.deb&gt;
Size/MD5 checksum: 343660 985465f428571c774bb3b44699768c15
&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_mipsel.deb&gt;
Size/MD5 checksum: 915010 0553eb273d500c82b93cac55b7c52ad4

PowerPC architecture:

&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_powerpc.deb&gt;
Size/MD5 checksum: 356590 f97bc218912092bae051188dd9c157d5
&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_powerpc.deb&gt;
Size/MD5 checksum: 194062 b37b9d75744323dafdc4a76293c3456d

&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_powerpc.deb&gt;
Size/MD5 checksum: 376486 bdfb8d5a839f65286e57e34857fd14f1
`&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_powerpc.deb&gt;

` Size/MD5 checksum: 916952 90f7f069508d26431cc61f967886b159

IBM S/390 architecture:

&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_s390.deb&gt;
Size/MD5 checksum: 329398 2b6046a2aeb468a00abc8556676d10d1
&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_s390.deb&gt;
Size/MD5 checksum: 184216 78803336930258db2d7b115c4b708fad

&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_s390.deb&gt;
Size/MD5 checksum: 360282 a7bb4f832d6a4d86753b3d046f4e8fa1
&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_s390.deb&gt;
Size/MD5 checksum: 857396 e7efd1f4a92ba1f6a1a3c96e5c5a851b

Sun Sparc architecture:

&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_sparc.deb&gt;
Size/MD5 checksum: 347058 88ec785a5184e9ff44e617638b661be4
&lt;http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_sparc.deb&gt;
Size/MD5 checksum: 196108 da3f13d8c4e4ffd8604cd01cf26c781f

&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_sparc.deb&gt;
Size/MD5 checksum: 363670 ab415cd91562622e7ab2dde1df98a09b
&lt;http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_sparc.deb&gt;
Size/MD5 checksum: 886976 ba693e42209a963c26f325d89ecbe989

These files will probably be moved into the stable distribution on
its next revision.


For apt-get: deb &lt;http://security.debian.org/&gt; stable/updates main
For dpkg-ftp: &lt;ftp://security.debian.org/debian-security&gt; dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and <http://packages.debian.org/><pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFARwN/W5ql+IAeqTIRAi+4AJoD/hPYY6rzbWuQGpwymgMPeDppXwCgsZ5c
cfOHbrGF3l7tC0/FaeVfgiU=
=QWbs
-----END PGP SIGNATURE-----`

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fedora Project __ Affected

Updated: March 09, 2004

Status

Affected

Vendor Statement

Please see <http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00029.html>

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

SECURITY: Update of libxml2 2.6.6 available


* _From_: Daniel Veillard &lt;veillard redhat com&gt;
* _To_: fedora-announce-list redhat com
* _Subject_: SECURITY: Update of libxml2 2.6.6 available
* _Date_: Wed, 25 Feb 2004 16:43:43 -0500

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-087
2004-02-25
---------------------------------------------------------------------

Name : libxml2
Version : 2.6.6
Release : 3
Summary : Library providing XML and HTML support
Description :
This library allows to manipulate XML files. It includes support
to read, modify and write XML and HTML files. There is DTDs support
this includes parsing and validation even with complex DtDs, either
at parse time or later once the document has been modified. The output
can be a simple SAX stream or and in-memory DOM like representations.
In this case one can use the built-in XPath and XPointer implementation
to select subnodes or ranges. A flexible Input/Output mechanism is
available, with existing HTTP and FTP modules and combined to an
URI library.

---------------------------------------------------------------------
Update Information:

Updated libxml2 packages are available to fix an overflow when parsing
the URI for remote resources.
---------------------------------------------------------------------
* Thu Feb 12 2004 Daniel Veillard <veillard redhat com>

- upstream release 2.6.6 see http://xmlsoft.org/news.html

---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

c46c9ba42ba7d27bfcf48899119a1d40 SRPMS/libxml2-2.6.6-3.src.rpm
d7a9dec974250e425d6052e0f648b6c5 i386/libxml2-2.6.6-3.i386.rpm
0758aa446c1a43d18bc016df35288806 i386/libxml2-devel-2.6.6-3.i386.rpm
07843af17c126497f4baa8d279c7d920 i386/libxml2-python-2.6.6-3.i386.rpm
ae7105805216615e6460c60be9c679da i386/debug/libxml2-debuginfo-2.6.6-3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

Daniel

--
Daniel Veillard | Red Hat Network https://rhn.redhat.com/
veillard redhat com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/


[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

If you have feedback, comments, or additional information about this vulnerability, please send us email.

GNOME Project __ Affected

Updated: March 09, 2004

Status

Affected

Vendor Statement

Please see <http://lists.gnome.org/archives/gnome-announce-list/2004-February/msg00051.html>

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

ANNOUNCE: The GNOME XML toolkit 2.6.6


* _From_: Daniel Veillard &lt;veillard redhat com&gt;
* _To_: gnome-announce-list gnome org
* _Subject_: ANNOUNCE: The GNOME XML toolkit 2.6.6
* _Date_: Thu, 12 Feb 2004 12:28:49 -0500 (EST)

Application

The GNOME XML toolkit 2.6.6

Description

Libxml2 is the XML C parser and toolkit developed for the Gnome project
(but usable outside of the Gnome platform).
It also provides the xmllint XML/HTML processing tool.
This release fix a potential security problem, people are advised to
upgrade.

Enhancements

- Parsers: added xmlByteConsumed(ctxt) API to get the byte offest in
input.
- XInclude: allow the 2001 namespace without warning.
- reader API: structured error reporting (Steve Ball)

Fixes

- nanohttp and nanoftp: buffer overflow error on URI parsing (Igor and
William)
reported by Yuuichi Teranishi
- make test and path issues
- xmlWriter attribute serialization (William Brack)
- xmlWriter indentation (William)
- schemas validation (Eric Haszlakiewicz)
- XInclude dictionnaries issues (William and Oleg Paraschenko)
- XInclude empty fallback (William)
- HTML warnings (William)
- XPointer in XInclude (William)
- Python namespace serialization
- isolat1ToUTF8 bound error (Alfred Mickautsch)
- output of parameter entities in internal subset (William)
- internal subset bug in push mode
- <xs:all> fix (Alexey Sarytchev)
- Build: fix for automake-1.8 (Alexander Winston)
warnings removal (Philip Ludlam)
SOCKLEN_T detection fixes (Daniel Richard)
fix --with-minimum configuration.
- Documentation: missing example/index.html (John Fleck)
version dependancies (John Fleck)
- Windows compilation: mingw, msys (Mikhail Grushinskiy),
function prototype (Cameron Johnson),
MSVC6 compiler warnings,
WINSOCKAPI patch

Download

ftp://xmlsoft.org/

Website

http://xmlsoft.org/

GNOME Software Map entry

http://www.gnome.org/softwaremap/projects/libxml

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Gentoo Linux __ Affected

Updated: March 09, 2004

Status

Affected

Vendor Statement

Please see <http://bugs.gentoo.org/show_bug.cgi?id=42735> or &lt;http://secunia.com/advisories/11051/&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

`-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Gentoo Linux Security Advisory GLSA 200403-01


~ &lt;http://security.gentoo.org&gt;


~ Severity: Normal
~ Title: Libxml2 URI Parsing Buffer Overflow Vulnerabilities
~ Date: March 06, 2004
~ Bugs: #42735
~ ID: 200403-01


Synopsis

A buffer overflow has been discovered in libxml2 versions prior to
2.6.6 which may be exploited by an attacker allowing the execution of
arbitrary code.

Description

Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When the libxml2 library fetches a remote resource via FTP or HTTP,
libxml2 uses parsing routines that can overflow a buffer caused by
improper bounds checking if they are passed a URL longer than 4096
bytes.

Impact

If an attacker is able to exploit an application using libxml2 that
parses remote resources, then this flaw could be used to execute
arbitrary code.

Workaround

No workaround is available; users are urged to upgrade libxml2 to
2.6.6.

Resolution

All users are recommended to upgrade their libxml2 installation:

~ # emerge sync
~ # emerge -pv ">=dev-libs/libxml2-2.6.6"
~ # emerge ">=dev-libs/libxml2-2.6.6"

References

~ [ 1 ] &lt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110&gt;

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
&lt;http://bugs.gentoo.org&gt;.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - &lt;http://enigmail.mozdev.org&gt;

iD8DBQFASl4EMMXbAy2b2EIRAv+yAJ9NbGSqlVb4KzZ2IC4c2DBt3aaV1ACgxlhB
1c1NaJh9ByyfACBlmAU0Yz4=
=scAU
-----END PGP SIGNATURE-----`

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Linux Netwosix __ Affected

Updated: March 09, 2004

Status

Affected

Vendor Statement

Please see <http://www.netwosix.org/adv04.html>

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Netwosix Linux Security Advisory #2004-0004 <<http://www.netwosix.org>>
- -----------------------------------------------------------------------------------

Package name: libxml2
Summary: Buffer overflow in the nanohttp or nanoftp modules in
XMLSoft Libxml2 2.6.0
Date: 2004-03-04
Affected versions: Netwosix 1.0


- -> Package description:
- ------------------------
Libxml2 is the XML C parser and toolkit developed for the Gnome project.

- -> Problem description:
- ------------------------
A flaw in libxml2 versions prior to 2.6.6 was found by Yuuichi
Teranishi. When fetching a remote source via FTP or HTTP, libxml2
uses special parsing routines that can overflow a buffer if passed a
very long URL. In the event that the attacker can find a program that
uses libxml2 which parses remote resources and allows them to
influence the URL, this flaw could be used to execute arbitrary code.

- -> Action:
- ------------------------
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.

- -> Location:
- ---------------------

You can download the latest version of this package in NEPOTE format from:
<<http://download.netwosix.org/0004/nepote>>

- -> Nepote Update (Nepote has been updated with new ports on 25 February 2004.
Update your portage tree from <http://nepote.netwosix.org>, first):
- ---------------------

See this instructions to update the port of this package:

cd /usr/ports/lib/libxml

rm nepote

wget <http://download.netwosix.org/0004/nepote>

sh nepote (to install the new and updated package)

- -> References
- ---------------------

Specific references for this advisory:
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110>

- -> About Linux Netwosix:
- ---------------------------------
Linux Netwosix is a powerful and optimized Linux distribution for servers
and Network Security related jobs. It can also be used for special operations
such as penetration testing with its big collection of security oriented
software and sources. It's a light distribution created for the requirements
of every SysAdmin and it's very portable and highly configurable. Our
philosophy is to give greater liberty for configuration to the SysAdmin.
Only in this way can he/she configure a powerful and stable server machine.
Linux Netwosix also has a powerful ports system (Nepote) similar to the xBSD
systems but more flexible and usable.

- -> Questions?
- ---------------------
Check out our mailing lists:
<<http://www.netwosix.org/mailing.html>>

The advisory itself is available at
<<http://www.netwosix.org/adv04.html>>
- --------------------------------------------------

MD5sums of the packages:
- - --------------------------------------------------------------------------
60cb43bdcc312a611178df10c52a19c6 0004/nepote
- - --------------------------------------------------------------------------

Vincenzo Ciaglia - Linux Netwosix Security Advisories
<ciaglia@netwosix.org> - <<http://www.netwosix.org>>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAR6JP6jz9pGuz4koRAvzeAJ98LXBB30rNXDdkoTjW20FLCVuDmwCeOqsh
0JB1uL92Ux7adp2bz+uf/0c=
=ySSs
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MandrakeSoft __ Affected

Updated: March 09, 2004

Status

Affected

Vendor Statement

Please see <http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:018>

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

`-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Mandrakelinux Security Update Advisory


Package name: libxml2
Advisory ID: MDKSA-2004:018
Date: March 3rd, 2004

Affected versions: 9.1, 9.2, Corporate Server 2.1


Problem Description:

A flaw in libxml2 versions prior to 2.6.6 was found by Yuuichi
Teranishi. When fetching a remote source via FTP or HTTP, libxml2
uses special parsing routines that can overflow a buffer if passed a
very long URL. In the event that the attacker can find a program that
uses libxml2 which parses remote resources and allows them to
influence the URL, this flaw could be used to execute arbitrary code.

The updated packages provide a backported fix to correct the problem.


References:

&lt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110&gt;


Updated Packages:

Corporate Server 2.1:
51af35991ac6ceef5cd6ddc4330e1995 corporate/2.1/RPMS/libxml2-2.4.23-4.2.C21mdk.i586.rpm
34e6aa4c010e14199767c97d5fe0b706 corporate/2.1/RPMS/libxml2-devel-2.4.23-4.2.C21mdk.i586.rpm
9b551a5dfa4129f88fa90062ed684725 corporate/2.1/RPMS/libxml2-python-2.4.23-4.2.C21mdk.i586.rpm
7c2efde8dde2fabc15d0c59fd867d156 corporate/2.1/RPMS/libxml2-utils-2.4.23-4.2.C21mdk.i586.rpm
153ca0fed634a7485046181baf06ea94 corporate/2.1/SRPMS/libxml2-2.4.23-4.2.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
2bfb3a34f15d5484119f94ea0d8c9d69 x86_64/corporate/2.1/RPMS/libxml2-2.4.23-4.2.C21mdk.x86_64.rpm
251108957d5ba90a9082d1f1976e5fb7 x86_64/corporate/2.1/RPMS/libxml2-devel-2.4.23-4.2.C21mdk.x86_64.rpm
7f4d9e5052d9ca41cd0ed8dba78d2416 x86_64/corporate/2.1/RPMS/libxml2-python-2.4.23-4.2.C21mdk.x86_64.rpm
63e3b6910f6e42b775cb936ce581b16e x86_64/corporate/2.1/RPMS/libxml2-utils-2.4.23-4.2.C21mdk.x86_64.rpm
153ca0fed634a7485046181baf06ea94 x86_64/corporate/2.1/SRPMS/libxml2-2.4.23-4.2.C21mdk.src.rpm

Mandrakelinux 9.1:
9b91d9a62e88829d180335e93005d706 9.1/RPMS/libxml2-2.5.4-1.2.91mdk.i586.rpm
42ea5fe9ee7733bab3e726cb0005a9e8 9.1/RPMS/libxml2-devel-2.5.4-1.2.91mdk.i586.rpm
98642ae61a8884d25878bc91f1d06622 9.1/RPMS/libxml2-python-2.5.4-1.2.91mdk.i586.rpm
3a7b2acf410ed9d6dc7d34d7e7fc319a 9.1/RPMS/libxml2-utils-2.5.4-1.2.91mdk.i586.rpm
bbb88662f90ff49f28a2e3e6905106f3 9.1/SRPMS/libxml2-2.5.4-1.2.91mdk.src.rpm

Mandrakelinux 9.1/PPC:
bcf80b555579701ed2ba8925bc1a9634 ppc/9.1/RPMS/libxml2-2.5.4-1.2.91mdk.ppc.rpm
3f6a1d38b9aaefd39a2ad116ec65643d ppc/9.1/RPMS/libxml2-devel-2.5.4-1.2.91mdk.ppc.rpm
cdb9ee131ca5bd58564259d6917a9c56 ppc/9.1/RPMS/libxml2-python-2.5.4-1.2.91mdk.ppc.rpm
3c96adac2eb332f1e535b80e626a2c80 ppc/9.1/RPMS/libxml2-utils-2.5.4-1.2.91mdk.ppc.rpm
bbb88662f90ff49f28a2e3e6905106f3 ppc/9.1/SRPMS/libxml2-2.5.4-1.2.91mdk.src.rpm

Mandrakelinux 9.2:
6566203ab3c4fb904ae0126196aaf400 9.2/RPMS/libxml2-2.5.11-1.2.92mdk.i586.rpm
5552925b636b9926059c5c27ca37a588 9.2/RPMS/libxml2-devel-2.5.11-1.2.92mdk.i586.rpm
377f7250ee689d7ee7453b852e651d02 9.2/RPMS/libxml2-python-2.5.11-1.2.92mdk.i586.rpm
7e04e506249fbb224690ce3cc6434776 9.2/RPMS/libxml2-utils-2.5.11-1.2.92mdk.i586.rpm
34048480a99f5f04d02902ab918cf5c8 9.2/SRPMS/libxml2-2.5.11-1.2.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
12bfba14856691201fb44eeecd2e0760 amd64/9.2/RPMS/lib64xml2-2.5.11-1.2.92mdk.amd64.rpm
0267276afa32b153be2ab27821f2a45c amd64/9.2/RPMS/lib64xml2-devel-2.5.11-1.2.92mdk.amd64.rpm
545cdb232a403bb77dbd7ae5881dfe01 amd64/9.2/RPMS/lib64xml2-python-2.5.11-1.2.92mdk.amd64.rpm
32012969ba7f58a67f8569d86ca90246 amd64/9.2/RPMS/libxml2-utils-2.5.11-1.2.92mdk.amd64.rpm
34048480a99f5f04d02902ab918cf5c8 amd64/9.2/SRPMS/libxml2-2.5.11-1.2.92mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

&lt;http://www.mandrakesecure.net/en/ftp.php&gt;

All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrakelinux at:

&lt;http://www.mandrakesecure.net/en/advisories/&gt;

Mandrakesoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:

&lt;http://www.mandrakesecure.net/en/mlist.php&gt;

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFARrVQmqjQ0CJFipgRApmfAKDAmU1wWFUMOt0zdBXMK5B3TnbFiQCgtUPf
ZHaFx48BQTxaJG6ZbwDG/0E=
=Tz/7
-----END PGP SIGNATURE-----`

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenPKG __ Affected

Updated: March 09, 2004

Status

Affected

Vendor Statement

Please see <http://www.openpkg.org/security/OpenPKG-SA-2004.003-libxml.html>

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

`-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


OpenPKG Security Advisory The OpenPKG Project
&lt;http://www.openpkg.org/security.html&gt; &lt;http://www.openpkg.org&gt;
openpkg-security@openpkg.org openpkg@openpkg.org
OpenPKG-SA-2004.003 05-Mar-2004


Package: libxml
Vulnerability: arbitrary code execution
OpenPKG Specific: no

Affected Releases: Affected Packages: Corrected Packages:
OpenPKG CURRENT <= libxml-2.6.5-20040126 >= libxml-2.6.6-20040212
OpenPKG 2.0 none N.A.
OpenPKG 1.3 <= libxml-2.5.8-1.3.0 >= libxml-2.5.8-1.3.1

Affected Releases: Dependent Packages:
OpenPKG CURRENT apache::with_mod_php_dom perl-xml::with_libxml
php::with_dom php5::with_xml php5::with_dom cadaver
dia kde-libs libgdome libglade libwmf libxslt
neon pan ripe-dbase roadrunner scli scrollkeeper
sitecopy subversion wv xmlsec xmlstarlet xmlto xmms
OpenPKG 1.3 apache::with_mod_php_dom perl-xml::with_libxml
php::with_dom libgdome libwmf libxslt neon sitecopy
xmlsec

Description:
A flaw in the HTTP and FTP client sub-library of libxml2 [0]
found by Yuuichi Teranishi can be exploited to cause a buffer
overflow if passed a very long URL [1]. This could be used by
an attacker to execute arbitrary code on the host computer. The
Common Vulnerabilities and Exposures (CVE) project assigned the id
CAN-2004-0110 [2] to the problem.

Please check whether you are affected by running "<prefix>/bin/rpm -q
libxml". If you have the "libxml" package installed and its version
is affected (see above), we recommend that you immediately upgrade it
(see solution) and any dependent packages (see above). [3][4]

Solution:
Select the updated source RPM appropriate for your OpenPKG release
[5], fetch it from the OpenPKG FTP service [6] or a mirror location,
verify its integrity [7], build a corresponding binary RPM from it [3]
and update your OpenPKG installation by applying the binary RPM [4].
For the affected release OpenPKG 1.3, perform the following operations
to permanently fix the security problem (for other releases adjust
accordingly).

$ ftp ftp.openpkg.org
ftp> bin
ftp> cd release/1.3/UPD
ftp> get libxml-2.5.8-1.3.1.src.rpm
ftp> bye
$ <prefix>/bin/rpm -v --checksig libxml-2.5.8-1.3.1.src.rpm
$ <prefix>/bin/rpm --rebuild libxml-2.5.8-1.3.1.src.rpm
$ su -

<prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/libxml-2.5.8-1.3.1.*.rpm

Additionally, we recommend that you rebuild and reinstall
all dependent packages (see above), if any, too. [3][4]


References:
[0] &lt;http://xmlsoft.org/&gt;
[1] &lt;http://xmlsoft.org/news.html&gt;
[2] &lt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0110&gt;
[3] &lt;http://www.openpkg.org/tutorial.html#regular-source&gt;
[4] &lt;http://www.openpkg.org/tutorial.html#regular-binary&gt;
[5] &lt;ftp://ftp.openpkg.org/release/1.3/UPD/libxml-2.5.8-1.3.1.src.rpm&gt;
[6] &lt;ftp://ftp.openpkg.org/release/1.3/UPD/&gt;
[7] &lt;http://www.openpkg.org/security.html#signature&gt;


For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from &lt;http://pgp.openpkg.org&gt; and
hkp://pgp.openpkg.org. Follow the instructions on &lt;http://pgp.openpkg.org/&gt;
for details on how to verify the integrity of this advisory.


-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@openpkg.org>

iD8DBQFASLo3gHWT4GPEy58RAr+bAKDII0jb/BQ94576qHt2KDt7akiqEwCg2aUT
IuYPKcQCRD4xwJbjDNj9QHs=
=zN3S
-----END PGP SIGNATURE-----`

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat Inc. __ Affected

Updated: March 09, 2004

Status

Affected

Vendor Statement

Please see <https://rhn.redhat.com/errata/RHSA-2004-090.html>

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated libxml2 packages fix security vulnerability
Advisory ID: RHSA-2004:091-02
Issue date: 2004-03-03
Updated on: 2004-03-03
Product: Red Hat Linux
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0110
- ---------------------------------------------------------------------

1. Topic:

Updated libxml2 packages that fix an overflow when parsing remote resources
are now available.

[Updated 3 March 2004]
Revised libxml2 packages are now available as the original packages did not
contain a complete patch.

2. Relevant releases/architectures:

Red Hat Linux 9 - i386

3. Problem description:

libxml2 is a library for manipulating XML files.

Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0110
to this issue.

All users are advised to upgrade to these updated packages, which contain a
backported fix and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (.rpm) if your current directory only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

<https://rhn.redhat.com/help/latest-up2date.pxt>

5. RPMs required:

Red Hat Linux 9:

SRPMS:
<ftp://updates.redhat.com/9/en/os/SRPMS/libxml2-2.5.4-3.rh9.src.rpm>

i386:
<ftp://updates.redhat.com/9/en/os/i386/libxml2-2.5.4-3.rh9.i386.rpm>
<ftp://updates.redhat.com/9/en/os/i386/libxml2-devel-2.5.4-3.rh9.i386.rpm>
<ftp://updates.redhat.com/9/en/os/i386/libxml2-python-2.5.4-3.rh9.i386.rpm>

6. Verification:

MD5 sum Package Name
- --------------------------------------------------------------------------

cb550a537cbc60b95dcc4396ab419466 9/en/os/SRPMS/libxml2-2.5.4-3.rh9.src.rpm
b063360d9efb8f4de082f1324fdcd421 9/en/os/i386/libxml2-2.5.4-3.rh9.i386.rpm
8590c8fcd8268d3b682531a4428f14f8 9/en/os/i386/libxml2-devel-2.5.4-3.rh9.i386.rpm
d34886934ad6c00607e0117815bc1e0a 9/en/os/i386/libxml2-python-2.5.4-3.rh9.i386.rpm

These packages are GPG signed by Red Hat for security. Our key is
available from <https://www.redhat.com/security/keys.html>

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:

md5sum <filename>

7. References:

<http://mail.gnome.org/archives/xml/2004-February/msg00070.html>
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110>

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at <https://www.redhat.com/solutions/security/news/contact.html>

Copyright 2003 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFARdnpXlSAg2UNWIIRAtbLAJwKtHXbxKmYMXH+ijc1U1tdDyh4OQCglW2U
cVDJ2zxOZzZgjfNOV0z3fIU=
=zsb2
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SGI __ Affected

Updated: March 09, 2004

Status

Affected

Vendor Statement

Please see <ftp://patches.sgi.com/support/free/security/advisories/20040301-01-U.asc>

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

`-----BEGIN PGP SIGNED MESSAGE-----


SGI Security Advisory

Title : SGI Advanced Linux Environment security update #13
Number : 20040301-01-U
Date : March 3, 2004
Reference : Redhat Advisory RHSA-2004:090-06, CAN-2004-0110
Reference : Redhat Advisory RHSA-2004:058-08, CAN-2003-0973
Fixed in : Patch 10056 for SGI ProPack v2.4 and SGI ProPack v2.3


SGI provides this information freely to the SGI user community for its
consideration, interpretation, implementation and use. SGI recommends that
this information be acted upon as soon as possible.

SGI provides the information in this Security Advisory on an "AS-IS" basis
only, and disclaims all warranties with respect thereto, express, implied
or otherwise, including, without limitation, any warranty of merchantability
or fitness for a particular purpose. In no event shall SGI be liable for
any loss of profits, loss of business, loss of data or for any indirect,
special, exemplary, incidental or consequential damages of any kind arising
from your use of, failure to use or improper use of any of the instructions
or information in this Security Advisory.



  • --- Update ---

SGI has released Patch 10056: SGI Advanced Linux Environment security
update #13, which includes updated RPMs for SGI ProPack v2.4 and SGI
ProPack v2.3 for the SGI Altix family of systems, in response to the
following security issues:

Updated mod_python packages fix denial of service vulnerability
&lt;http://rhn.redhat.com/errata/RHSA-2004-058.html&gt;

Updated libxml2 packages fix security vulnerability
&lt;http://rhn.redhat.com/errata/RHSA-2004-090.html&gt;

Patch 10056 is available from &lt;http://support.sgi.com/&gt; and
&lt;ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/&gt;
&lt;ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/&gt;

The individual RPMs from Patch 10056 are available from:
&lt;ftp://oss.sgi.com/projects/sgi_propack/download/2.3/updates/RPMS&gt;
&lt;ftp://oss.sgi.com/projects/sgi_propack/download/2.3/updates/SRPMS&gt;
&lt;ftp://oss.sgi.com/projects/sgi_propack/download/2.4/updates/RPMS&gt;
&lt;ftp://oss.sgi.com/projects/sgi_propack/download/2.4/updates/SRPMS&gt;

Note: Four weeks after the release of SGI ProPack v2.4,
weekly security updates for SGI ProPack v2.3 will discontinue.
Please upgrade to SGI ProPack v2.4 as soon as possible.
See the SGI ProPack Support Policy on &lt;http://support.sgi.com/&gt;
for additional information.


  • --- Links ---

SGI Security Advisories can be found at:
&lt;http://www.sgi.com/support/security/&gt; and
&lt;ftp://patches.sgi.com/support/free/security/advisories/&gt;

Red Hat Errata: Security Alerts, Bugfixes, and Enhancements
&lt;http://www.redhat.com/apps/support/errata/&gt;

SGI Advanced Linux Environment security updates can found on:
&lt;ftp://oss.sgi.com/projects/sgi_propack/download/&gt;

SGI patches can be found at the following patch servers:
&lt;http://support.sgi.com/&gt;

The primary SGI anonymous FTP site for security advisories and
security patches is &lt;ftp://patches.sgi.com/support/free/security/&gt;


  • --- SGI Security Information/Contacts ---

If there are questions about this document, email can be sent to
security-info@sgi.com.

------oOo------

SGI provides security information and patches for use by the entire SGI
community. This information is freely available to any person needing the
information and is available via anonymous FTP and the Web.

The primary SGI anonymous FTP site for security advisories and patches is
patches.sgi.com. Security advisories and patches are located under the URL
&lt;ftp://patches.sgi.com/support/free/security/&gt;

The SGI Security Headquarters Web page is accessible at the URL:
&lt;http://www.sgi.com/support/security/&gt;

For issues with the patches on the FTP sites, email can be sent to
security-info@sgi.com.

For assistance obtaining or working with security patches, please
contact your SGI support provider.

------oOo------

SGI provides a free security mailing list service called wiretap and
encourages interested parties to self-subscribe to receive (via email) all
SGI Security Advisories when they are released. Subscribing to the mailing
list can be done via the Web
(&lt;http://www.sgi.com/support/security/wiretap.html&gt;) or by sending email to
SGI as outlined below.

% mail wiretap-request@sgi.com
subscribe wiretap < YourEmailAddress such as midwatch@sgi.com >
end
^d

In the example above, <YourEmailAddress> is the email address that you wish
the mailing list information sent to. The word end must be on a separate
line to indicate the end of the body of the message. The control-d (^d) is
used to indicate to the mail program that you are finished composing the
mail message.

------oOo------

SGI provides a comprehensive customer World Wide Web site. This site is
located at &lt;http://www.sgi.com/support/security/&gt; .

------oOo------

If there are general security questions on SGI systems, email can be sent to
security-info@sgi.com.

For reporting NEW SGI security issues, email can be sent to
security-alert@sgi.com or contact your SGI support provider. A support
contract is not required for submitting a security report.


This information is provided freely to all interested parties
and may be redistributed provided that it is not altered in any
way, SGI is appropriately credited and the document retains and
includes its valid PGP signature.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBQEZc7rQ4cFApAP75AQGbfgP9EVFvHOutQopidet9Q3H1lw4tbpIzqgt1
1MeA6n3rfDYDe1pQLw1jLb1Exlp8iEFzBerbe0Lxen+zEAlRdUi1wL9NCnyo89Ro
D6B8+KNvgibtERzcf9y7NgHU8fTDxPjcmegQMl3Nst3/6zYwy3NNUFPIXTfnAySe
X1ERZhNMqSk=
=4964
-----END PGP SIGNATURE-----`

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Trustix Secure Linux __ Affected

Updated: March 09, 2004

Status

Affected

Vendor Statement

Please see <http://www.trustix.org/errata/misc/2004/TSL-2004-0010-libxml2.asc.txt>

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2004-0010

Package name: libxml2
Summary: buffer overrun in nanohttp
Date: 2004-03-05
Affected versions: Trustix 2.0

- --------------------------------------------------------------------------
Package description:
This library allows to manipulate XML files. It includes support
to read, modify and write XML and HTML files.

Problem description:
URLs longer than 4096 bytes would cause an overflow while using nanohttp
in libxml2.

Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.

Location:
All Trustix updates are available from
<URI:<http://http.trustix.org/pub/trustix/updates/>>
<URI:<ftp://ftp.trustix.org/pub/trustix/updates/>>

About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.

Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.

Public testing:
Most updates for Trustix are made available for public testing some time
before release.
If you want to contribute by testing the various packages in the
testing tree, please feel free to share your findings on the
tsl-discuss mailinglist.
The testing tree is located at
<URI:<http://tsldev.trustix.org/cloud/>>

You may also use swup for public testing of updates:

site {
class = 0
location = "<http://tsldev.trustix.org/cloud/rdfs/latest.rdf>"
regexp = ".*"
}

Questions?
Check out our mailing lists:
<URI:<http://www.trustix.org/support/>>

Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:<http://www.trustix.org/TSL-SIGN-KEY>>

The advisory itself is available from the errata pages at
<URI:<http://www.trustix.org/errata/trustix-2.0/>>
or directly at
<URI:<http://www.trustix.org/errata/misc/2004/TSL-2004-0010-libxml2.asc.txt>>

MD5sums of the packages:
- --------------------------------------------------------------------------
13066c223f0c3148eb69cfd399ea3f14 2.0/rpms/libxml2-2.5.10-1tr.i586.rpm
b0a80332a30d823552dc99a13ffbf689 2.0/rpms/libxml2-devel-2.5.10-1tr.i586.rpm
f58ec53e75a663aee96b7e472d01874f 2.0/rpms/libxml2-python-2.5.10-1tr.i586.rpm
2a048d808097e162648d7f31f6c0ada5 2.0/srpms/libxml2-2.5.10-1tr.src.rpm
- --------------------------------------------------------------------------

Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFASK8Ei8CEzsK9IksRAlmZAKC6aFKwT15n2LKkY7H1JGSFRWD8ywCdHGGE
GJx7SovoxEdiZWCV6Jy1bKc=
=fzDy
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | |
Temporal | |
Environmental | |

References

  • <http://mail.gnome.org/archives/xml/2004-February/msg00070.html>
  • <http://www.gnome.org/softwaremap/projects/libxml>
  • <http://www.xmlsoft.org/news.html>
  • <http://www.xmlsoft.org/downloads.html>
  • <http://secunia.com/advisories/10958/>
  • <http://www.securityfocus.com/bid/9718>
  • <http://xforce.iss.net/xforce/xfdb/15301>
  • <http://xforce.iss.net/xforce/xfdb/15302>
  • <http://www.ciac.org/ciac/bulletins/o-086.shtml>
  • <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110>

Acknowledgements

Thanks to Yuuichi Teranishi for finding this vulnerability.

This document was written by Jeffrey S. Havrilla.

Other Information

CVE IDs: | CVE-2004-0110
---|---
Date Public: | 2004-02-12
Date First Published: | 2004-03-09
Date Last Updated: | 2004-03-09 20:04 UTC
Document Revision: | 9