libxml XML实体名堆缓冲区溢出漏洞

2008-09-14T00:00:00
ID SSV:4049
Type seebug
Reporter Root
Modified 2008-09-14T00:00:00

Description

BUGTRAQ ID: 31126 CVE ID:CVE-2008-3529 CNCVE ID:CNCVE-20083529

libxml软件包提供允许用户操控XML文件的函数库,包含有读、修改和写XML和HTML文件支持。 libxml处理畸形XML内容时存在问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 当libxml2处理超长XML实体名时存在基于堆的缓冲区溢出,如果应用程序链接libxml2处理不可信的畸形XML内容,可导致应用程序崩溃或任意代码执行。

XMLSoft Libxml2 2.6.31 XMLSoft Libxml2 2.6.30 XMLSoft Libxml2 2.6.26 XMLSoft Libxml2 2.6.16 XMLSoft Libxml2 2.6.15 XMLSoft Libxml2 2.6.14 + OpenPKG OpenPKG Current XMLSoft Libxml2 2.6.13 XMLSoft Libxml2 2.6.12 XMLSoft Libxml2 2.6.11 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 XMLSoft Libxml2 2.6.9 + Conectiva Linux 10.0 + Conectiva Linux 9.0 XMLSoft Libxml2 2.6.8 + RedHat Fedora Core2 XMLSoft Libxml2 2.6.7 XMLSoft Libxml2 2.6.6 XMLSoft Libxml2 2.6.5 XMLSoft Libxml2 2.6.4 XMLSoft Libxml2 2.6.3 XMLSoft Libxml2 2.6.2 XMLSoft Libxml2 2.6.1 XMLSoft Libxml2 2.6 .0 XMLSoft Libxml2 2.5.11 + MandrakeSoft Linux Mandrake 9.2 amd64 + MandrakeSoft Linux Mandrake 9.2 XMLSoft Libxml2 2.5.10 + Trustix Secure Linux 2.0 XMLSoft Libxml2 2.5.8 XMLSoft Libxml2 2.5.4 + MandrakeSoft Linux Mandrake 9.1 ppc + MandrakeSoft Linux Mandrake 9.1 XMLSoft Libxml2 2.5.1 + Conectiva Linux 9.0 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 RedHat Desktop 3.0

可参考如下补丁: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : Source: <a href=ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm target=_blank>ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm</a> i386: libxml2-2.4.19-11.ent.i386.rpm libxml2-devel-2.4.19-11.ent.i386.rpm libxml2-python-2.4.19-11.ent.i386.rpm ia64: libxml2-2.4.19-11.ent.ia64.rpm libxml2-devel-2.4.19-11.ent.ia64.rpm libxml2-python-2.4.19-11.ent.ia64.rpm

Red Hat Linux Advanced Workstation 2.1: Source: <a href=ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm target=_blank>ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm</a> ia64: libxml2-2.4.19-11.ent.ia64.rpm libxml2-devel-2.4.19-11.ent.ia64.rpm libxml2-python-2.4.19-11.ent.ia64.rpm

Red Hat Enterprise Linux ES version 2.1: Source: <a href=ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm target=_blank>ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm</a> i386: libxml2-2.4.19-11.ent.i386.rpm libxml2-devel-2.4.19-11.ent.i386.rpm libxml2-python-2.4.19-11.ent.i386.rpm

Red Hat Enterprise Linux WS version 2.1: Source: <a href=ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm target=_blank>ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm</a> i386: libxml2-2.4.19-11.ent.i386.rpm libxml2-devel-2.4.19-11.ent.i386.rpm libxml2-python-2.4.19-11.ent.i386.rpm