Fedora Core 2 Update: libxml2-2.6.15-2
Daniel Veillard
veillard at redhat.com
Thu Oct 28 13:24:36 UTC 2004
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-353
2004-10-28
---------------------------------------------------------------------
Product : Fedora Core 2
Name : libxml2
Version : 2.6.15
Release : 2
Summary : Library providing XML and HTML support
Description :
This library allows to manipulate XML files. It includes support
to read, modify and write XML and HTML files. There is DTDs support
this includes parsing and validation even with complex DtDs, either
at parse time or later once the document has been modified. The output
can be a simple SAX stream or and in-memory DOM like representations.
In this case one can use the built-in XPath and XPointer implementation
to select subnodes or ranges. A flexible Input/Output mechanism is
available, with existing HTTP and FTP modules and combined to an
URI library.
---------------------------------------------------------------------
Update Information:
Updated libxml2 packages fixes security vulnerabilities
libxml2 is a library for manipulating XML files.
Multiple buffer overflow bugs have been found libxml2 versions prior to
2.6.14. If an attacker can trick a user into passing a specially crafted
FTP URL or FTP proxy URL to libxml2, it could be possible to execute
arbitrary code. Additionally, if an attacker can return a specially
crafted DNS request to libxml, it is possible to execute arbitrary code.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0989 to this issue.
All users are advised to upgrade to these updated packages, which contain
fixes and are not vulnerable to this issue.
---------------------------------------------------------------------
* Wed Oct 27 2004 Daniel Veillard <veillard at redhat.com> 2.6.15-2
- upstream release 2.6.15 see http://xmlsoft.org/news.html
- incorporate a security fix for #137266 security problem
http://www.securityfocus.com/archive/1/379383/2004-10-24/2004-10-30/0
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
18b21e3d001164d71a53d121c0fd806f SRPMS/libxml2-2.6.15-2.src.rpm
1096a0ad82686ac816a9d5c2318cc3d0 x86_64/libxml2-2.6.15-2.x86_64.rpm
0243c634a62b2b7fb39f79fdd0c688b0 x86_64/libxml2-devel-2.6.15-2.x86_64.rpm
ff7dfc244ccd5c298ddf41e6d0efbc48 x86_64/libxml2-python-2.6.15-2.x86_64.rpm
97a6d139218ab8ab05d98bfdfdd5c45b x86_64/debug/libxml2-debuginfo-2.6.15-2.x86_64.rpm
f1181cf6048cca3bcc44fec39a3706d0 i386/libxml2-2.6.15-2.i386.rpm
e45b080e51a9960089256fb48898689e i386/libxml2-devel-2.6.15-2.i386.rpm
f9997ba6ed497fa060a521ad07b6b0ad i386/libxml2-python-2.6.15-2.i386.rpm
d0480ee25c1cc4d7f30da0899f2668d7 i386/debug/libxml2-debuginfo-2.6.15-2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
--
Daniel Veillard | Red Hat Desktop team http://redhat.com/
veillard at redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
More information about the fedora-announce-list
mailing list