diff options
author | Nico Golde <nion> | 2009-08-13 22:53:54 +0000 |
---|---|---|
committer | Nico Golde <nion> | 2009-08-13 22:53:54 +0000 |
commit | ed60c0f28111ab9145a54cfa5b9648d719321bfa (patch) | |
tree | 7f304b661e9218febc9cdf29ede821ca67144a50 | |
parent | 8ab9f3b0a9f07e6ece9ca21066ecbfc888ef81ea (diff) |
dsa-1861-1
CVS version numbers
english/security/2009/dsa-1861.data: INITIAL -> 1.1
english/security/2009/dsa-1861.wml: INITIAL -> 1.1
-rw-r--r-- | english/security/2009/dsa-1861.data | 75 | ||||
-rw-r--r-- | english/security/2009/dsa-1861.wml | 31 |
2 files changed, 106 insertions, 0 deletions
diff --git a/english/security/2009/dsa-1861.data b/english/security/2009/dsa-1861.data new file mode 100644 index 00000000000..926dfba7b1b --- /dev/null +++ b/english/security/2009/dsa-1861.data @@ -0,0 +1,75 @@ +<define-tag pagetitle>DSA-1861-1 libxml</define-tag> +<define-tag report_date>2009-8-13</define-tag> +<define-tag secrefs>CVE-2009-2416 CVE-2009-2414</define-tag> +<define-tag packages>libxml</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> + +#use wml::debian::security + +<h3>Debian GNU/Linux 4.0 (etch)</h3> + +<dl> + +Debian (oldstable) + + +<dt><source /> + + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-14+etch1.diff.gz /> + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17.orig.tar.gz /> + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-14+etch1.dsc /> + +<dt>Alpha: + + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_alpha.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_alpha.deb /> + +<dt>AMD64: + + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_amd64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_amd64.deb /> + +<dt>ARM: + + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_arm.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_arm.deb /> + +<dt>HP Precision: + + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_hppa.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_hppa.deb /> + +<dt>Intel IA-32: + + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_i386.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_i386.deb /> + +<dt>Intel IA-64: + + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_ia64.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_ia64.deb /> + +<dt>Big-endian MIPS: + + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_mips.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_mips.deb /> + +<dt>Little-endian MIPS: + + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_mipsel.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_mipsel.deb /> + +<dt>PowerPC: + + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_powerpc.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_powerpc.deb /> + +<dt>IBM S/390: + + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_s390.deb /> + <dd><fileurl http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_s390.deb /> + +</dl> + +<p><md5sums http://lists.debian.org/debian-security-announce/2009/msg00178.html /></p> diff --git a/english/security/2009/dsa-1861.wml b/english/security/2009/dsa-1861.wml new file mode 100644 index 00000000000..9f7c69e2a25 --- /dev/null +++ b/english/security/2009/dsa-1861.wml @@ -0,0 +1,31 @@ +<define-tag description>several vulnerabilities</define-tag> +<define-tag moreinfo> +<p>Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several +vulnerabilities in libxml, a library for parsing and handling XML data +files, which can lead to denial of service conditions or possibly arbitrary +code execution in the application using the library. The Common +Vulnerabilities and Exposures project identifies the following problems:</p> + +<p>An XML document with specially-crafted Notation or Enumeration attribute +types in a DTD definition leads to the use of a pointers to memory areas +which have already been freed (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416">CVE-2009-2416</a>).</p> + +<p>Missing checks for the depth of ELEMENT DTD definitions when parsing +child content can lead to extensive stack-growth due to a function +recursion which can be triggered via a crafted XML document (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414">CVE-2009-2414</a>).</p> + + +<p>For the oldstable distribution (etch), this problem has been fixed in +version 1.8.17-14+etch1.</p> + +<p>The stable (lenny), testing (squeeze) and unstable (sid) distribution +do not contain libxml anymore but libxml2 for which DSA-1859-1 has been +released.</p> + + +<p>We recommend that you upgrade your libxml packages.</p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2009/dsa-1861.data" +# $Id$ |