aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNico Golde <nion>2009-08-13 22:53:54 +0000
committerNico Golde <nion>2009-08-13 22:53:54 +0000
commited60c0f28111ab9145a54cfa5b9648d719321bfa (patch)
tree7f304b661e9218febc9cdf29ede821ca67144a50
parent8ab9f3b0a9f07e6ece9ca21066ecbfc888ef81ea (diff)
dsa-1861-1
CVS version numbers english/security/2009/dsa-1861.data: INITIAL -> 1.1 english/security/2009/dsa-1861.wml: INITIAL -> 1.1
Diffstat
-rw-r--r--english/security/2009/dsa-1861.data75
-rw-r--r--english/security/2009/dsa-1861.wml31
2 files changed, 106 insertions, 0 deletions
diff --git a/english/security/2009/dsa-1861.data b/english/security/2009/dsa-1861.data
new file mode 100644
index 00000000000..926dfba7b1b
--- /dev/null
+++ b/english/security/2009/dsa-1861.data
@@ -0,0 +1,75 @@
+<define-tag pagetitle>DSA-1861-1 libxml</define-tag>
+<define-tag report_date>2009-8-13</define-tag>
+<define-tag secrefs>CVE-2009-2416 CVE-2009-2414</define-tag>
+<define-tag packages>libxml</define-tag>
+<define-tag isvulnerable>yes</define-tag>
+<define-tag fixed>yes</define-tag>
+
+#use wml::debian::security
+
+<h3>Debian GNU/Linux 4.0 (etch)</h3>
+
+<dl>
+
+Debian (oldstable)
+
+
+<dt><source />
+
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-14+etch1.diff.gz />
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17.orig.tar.gz />
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-14+etch1.dsc />
+
+<dt>Alpha:
+
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_alpha.deb />
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_alpha.deb />
+
+<dt>AMD64:
+
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_amd64.deb />
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_amd64.deb />
+
+<dt>ARM:
+
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_arm.deb />
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_arm.deb />
+
+<dt>HP Precision:
+
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_hppa.deb />
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_hppa.deb />
+
+<dt>Intel IA-32:
+
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_i386.deb />
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_i386.deb />
+
+<dt>Intel IA-64:
+
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_ia64.deb />
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_ia64.deb />
+
+<dt>Big-endian MIPS:
+
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_mips.deb />
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_mips.deb />
+
+<dt>Little-endian MIPS:
+
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_mipsel.deb />
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_mipsel.deb />
+
+<dt>PowerPC:
+
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_powerpc.deb />
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_powerpc.deb />
+
+<dt>IBM S/390:
+
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_s390.deb />
+ <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_s390.deb />
+
+</dl>
+
+<p><md5sums http://lists.debian.org/debian-security-announce/2009/msg00178.html /></p>
diff --git a/english/security/2009/dsa-1861.wml b/english/security/2009/dsa-1861.wml
new file mode 100644
index 00000000000..9f7c69e2a25
--- /dev/null
+++ b/english/security/2009/dsa-1861.wml
@@ -0,0 +1,31 @@
+<define-tag description>several vulnerabilities</define-tag>
+<define-tag moreinfo>
+<p>Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several
+vulnerabilities in libxml, a library for parsing and handling XML data
+files, which can lead to denial of service conditions or possibly arbitrary
+code execution in the application using the library. The Common
+Vulnerabilities and Exposures project identifies the following problems:</p>
+
+<p>An XML document with specially-crafted Notation or Enumeration attribute
+types in a DTD definition leads to the use of a pointers to memory areas
+which have already been freed (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416">CVE-2009-2416</a>).</p>
+
+<p>Missing checks for the depth of ELEMENT DTD definitions when parsing
+child content can lead to extensive stack-growth due to a function
+recursion which can be triggered via a crafted XML document (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414">CVE-2009-2414</a>).</p>
+
+
+<p>For the oldstable distribution (etch), this problem has been fixed in
+version 1.8.17-14+etch1.</p>
+
+<p>The stable (lenny), testing (squeeze) and unstable (sid) distribution
+do not contain libxml anymore but libxml2 for which DSA-1859-1 has been
+released.</p>
+
+
+<p>We recommend that you upgrade your libxml packages.</p>
+</define-tag>
+
+# do not modify the following line
+#include "$(ENGLISHDIR)/security/2009/dsa-1861.data"
+# $Id$

© 2014-2024 Faster IT GmbH | imprint | privacy policy