search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Libxml2 URI parsing errors in nanohttp and nanoftp

Vulnerability Note VU#493966

Original Release Date: 2004-03-09 | Last Revised: 2004-03-09

Overview

Libxml is the XML parser for Gnome, a desktop suite and development platform for Linux systems. Libxml2, the latest version of the library as of this writing, has a buffer overflow vulnerability which may allow execution of arbitrary code.

Description

Gnome, a desktop suite and development platform for Linux systems, uses Libxml as an XML parser to handle encoding and decoding or URI strings (this is part of the GNOME XML Toolkit). The Libxml2 release of Libxml prior to version 2.6.6 (published Feb 12 2004) contains a buffer overflow vulnerability when parsing URI strings in XML-structrued files. If the URI is over 4096 bytes, it may be possible to crash software using a vulnerable version of Libxml2.

Impact

The complete impact of this vulnerability is not yet known. It is reported to cause a SEGV in software using a vulnerable version of Libxml2.

Solution

Update to Libxml2 version 2.6.6 or later at http://www.xmlsoft.org/downloads.html

Vendor Information

493966
 

Debian Affected

Updated:  March 09, 2004

Status

Affected

Vendor Statement

Please see http://www.debian.org/security/2004/dsa-455

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 455-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
March 3rd, 2004                        
http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libxml, libxml2
Vulnerability  : buffer overflows
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0110

libxml2 is a library for manipulating XML files.

Yuuichi Teranishi discovered a flaw in libxml, the GNOME XML library.
When fetching a remote resource via FTP or HTTP, the library uses
special parsing routines which can overflow a buffer if passed a very
long URL.  If an attacker is able to find an application using libxml1
or libxml2 that parses remote resources and allows the attacker to
craft the URL, then this flaw could be used to execute arbitrary code.

For the stable distribution (woody) this problem has been fixed in
version 1.8.17-2woody1 of libxml and version 2.4.19-4woody1 of libxml2.

For the unstable distribution (sid) this problem has been fixed in
version 1.8.17-5 of libxml and version 2.6.6-1 of libxml2.

We recommend that you upgrade your libxml1 and libxml2 packages.


Upgrade Instructions
- --------------------

wget url
       will fetch the file for you
dpkg -i file.deb
       will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
       will update the internal database
apt-get upgrade
       will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

 Source archives:

   
http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-2woody1.dsc
     Size/MD5 checksum:      651 16512f774479d73b7d82ca4e1db527f5
   
http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-2woody1.diff.gz
     Size/MD5 checksum:    33976 68afef27edf44d2b81e02fde3431bca8
   
http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17.orig.tar.gz
     Size/MD5 checksum:  1016403 b8f01e43e1e03dec37dfd6b4507a9568

   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1.dsc
     Size/MD5 checksum:      654 6f56380f9bfade2c66f03956e1a65162
   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1.diff.gz
     Size/MD5 checksum:   344358 ba3ea49cc8c465ff1a6377780c35a45d
   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19.orig.tar.gz
     Size/MD5 checksum:  1925487 22e3c043f57e18baaed86c5fff3eafbc

 Alpha architecture:

   
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_alpha.deb
     Size/MD5 checksum:   381994 dc3ada5391f52bdfd642df1bc5b9a6be
   
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_alpha.deb
     Size/MD5 checksum:   208830 a0698c267c722bf5127ee3709024ecc9

   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_alpha.deb
     Size/MD5 checksum:   388786 a4ece19b65c46dd0e8f889c26e5938b3
   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_alpha.deb
     Size/MD5 checksum:   938568 5f3e46bd132c9167db9e93ca3c739952

 ARM architecture:

   
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_arm.deb
     Size/MD5 checksum:   392536 9e126158928d24a562ae1d2b3d35ae1d
   
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_arm.deb
     Size/MD5 checksum:   184172 0527fd6a14e003139be9b475e689ee41

   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_arm.deb
     Size/MD5 checksum:   346060 6b9caeac9a0061576f8a1e5b46ed8671
   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_arm.deb
     Size/MD5 checksum:   902966 688fb8c5ea18b0f9d8e7671dad5426c5

 Intel IA-32 architecture:

   
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_i386.deb
     Size/MD5 checksum:   330042 b1c61849e10edbe597429fcd05d1d2b3
   
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_i386.deb
     Size/MD5 checksum:   183310 3c217f980c138f24eac1a0abd89eba78

   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_i386.deb
     Size/MD5 checksum:   333034 11cfc7169e549c63dccf28f15300a8eb
   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_i386.deb
     Size/MD5 checksum:   843084 43a242f53ed8a688e5ed02284a150f52

 Intel IA-64 architecture:

   
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_ia64.deb
     Size/MD5 checksum:   447184 5bfa2835a9d9b43da6d31e1cadce6bc1
   
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_ia64.deb
     Size/MD5 checksum:   285484 a378583eaaaf1248aba8de4fd721c5fc

   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_ia64.deb
     Size/MD5 checksum:   507452 b447844080f6e0c1d498b34ec849c9b2
   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_ia64.deb
     Size/MD5 checksum:  1032662 ddd7aae0835fe1edb04aee7cdf2e41c0

 HP Precision architecture:

   
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_hppa.deb
     Size/MD5 checksum:   439372 d5f629dc7f885dd858671ab639d954f8
   
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_hppa.deb
     Size/MD5 checksum:   248212 837ec145aac757ce053075a4736ddb55

   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_hppa.deb
     Size/MD5 checksum:   425454 0719d6e0835b6dae714b1ce1a0bd9d77
   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_hppa.deb
     Size/MD5 checksum:   979152 41e110f4c9805a5afb94fff79d1f3d22

 Motorola 680x0 architecture:

   
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_m68k.deb
     Size/MD5 checksum:   318176 d0dcb654f8083e0873396d38aaa1a7a2
   
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_m68k.deb
     Size/MD5 checksum:   178226 c18c0c7bb3c0884c62f36922e5843e83

   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_m68k.deb
     Size/MD5 checksum:   336902 2990a52db32dc3fd3108be4e677e59bf
   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_m68k.deb
     Size/MD5 checksum:   828820 6378b37494b667bce472f934f50c3cb8

 Big endian MIPS architecture:

   
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_mips.deb
     Size/MD5 checksum:   376266 1c226409e23047ec521224697a82f76c
   
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_mips.deb
     Size/MD5 checksum:   183628 0fa6098bdbfeadb50dfb7e5f4f2c967c

   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_mips.deb
     Size/MD5 checksum:   348902 474e9b8bc026ca199218727203422c12
   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_mips.deb
     Size/MD5 checksum:   921098 b8aa537054fc482ab042647ac0551f94

 Little endian MIPS architecture:

   
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_mipsel.deb
     Size/MD5 checksum:   373696 603708cf407ea49748c987bea0ddaade
   
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_mipsel.deb
     Size/MD5 checksum:   182958 5397950eb709142774a2aa70f5faa9db

   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_mipsel.deb
     Size/MD5 checksum:   343660 985465f428571c774bb3b44699768c15
   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_mipsel.deb
     Size/MD5 checksum:   915010 0553eb273d500c82b93cac55b7c52ad4

 PowerPC architecture:

   
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_powerpc.deb
     Size/MD5 checksum:   356590 f97bc218912092bae051188dd9c157d5
   
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_powerpc.deb
     Size/MD5 checksum:   194062 b37b9d75744323dafdc4a76293c3456d

   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_powerpc.deb
     Size/MD5 checksum:   376486 bdfb8d5a839f65286e57e34857fd14f1
   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_powerpc.deb

      Size/MD5 checksum:   916952 90f7f069508d26431cc61f967886b159

 IBM S/390 architecture:

   
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_s390.deb
     Size/MD5 checksum:   329398 2b6046a2aeb468a00abc8556676d10d1
   
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_s390.deb
     Size/MD5 checksum:   184216 78803336930258db2d7b115c4b708fad

   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_s390.deb
     Size/MD5 checksum:   360282 a7bb4f832d6a4d86753b3d046f4e8fa1
   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_s390.deb
     Size/MD5 checksum:   857396 e7efd1f4a92ba1f6a1a3c96e5c5a851b

 Sun Sparc architecture:

   
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_sparc.deb
     Size/MD5 checksum:   347058 88ec785a5184e9ff44e617638b661be4
   
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_sparc.deb
     Size/MD5 checksum:   196108 da3f13d8c4e4ffd8604cd01cf26c781f

   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_sparc.deb
     Size/MD5 checksum:   363670 ab415cd91562622e7ab2dde1df98a09b
   
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_sparc.deb
     Size/MD5 checksum:   886976 ba693e42209a963c26f325d89ecbe989

 These files will probably be moved into the stable distribution on
 its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb
http://security.debian.org/ stable/updates main
For dpkg-ftp:
ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFARwN/W5ql+IAeqTIRAi+4AJoD/hPYY6rzbWuQGpwymgMPeDppXwCgsZ5c
cfOHbrGF3l7tC0/FaeVfgiU=
=QWbs
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fedora Project Affected

Updated:  March 09, 2004

Status

Affected

Vendor Statement

Please see http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00029.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

SECURITY: Update of libxml2 2.6.6 available


    • From: Daniel Veillard <veillard redhat com>
    • To: fedora-announce-list redhat com
    • Subject: SECURITY: Update of libxml2 2.6.6 available
    • Date: Wed, 25 Feb 2004 16:43:43 -0500


    ---------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2004-087
    2004-02-25
    ---------------------------------------------------------------------

    Name : libxml2
    Version : 2.6.6
    Release : 3
    Summary : Library providing XML and HTML support
    Description :
    This library allows to manipulate XML files. It includes support
    to read, modify and write XML and HTML files. There is DTDs support
    this includes parsing and validation even with complex DtDs, either
    at parse time or later once the document has been modified. The output
    can be a simple SAX stream or and in-memory DOM like representations.
    In this case one can use the built-in XPath and XPointer implementation
    to select subnodes or ranges. A flexible Input/Output mechanism is
    available, with existing HTTP and FTP modules and combined to an
    URI library.

    ---------------------------------------------------------------------
    Update Information:

    Updated libxml2 packages are available to fix an overflow when parsing
    the URI for remote resources.
    ---------------------------------------------------------------------
    * Thu Feb 12 2004 Daniel Veillard <veillard redhat com>

    - upstream release 2.6.6 see
    http://xmlsoft.org/news.html


    ---------------------------------------------------------------------
    This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

    c46c9ba42ba7d27bfcf48899119a1d40 SRPMS/libxml2-2.6.6-3.src.rpm
    d7a9dec974250e425d6052e0f648b6c5 i386/libxml2-2.6.6-3.i386.rpm
    0758aa446c1a43d18bc016df35288806 i386/libxml2-devel-2.6.6-3.i386.rpm
    07843af17c126497f4baa8d279c7d920 i386/libxml2-python-2.6.6-3.i386.rpm
    ae7105805216615e6460c60be9c679da i386/debug/libxml2-debuginfo-2.6.6-3.i386.rpm

    This update can also be installed with the Update Agent; you can
    launch the Update Agent with the 'up2date' command.
    ---------------------------------------------------------------------

    Daniel

    --
    Daniel Veillard | Red Hat Network
    https://rhn.redhat.com/
    veillard redhat com | libxml GNOME XML XSLT toolkit
    http://xmlsoft.org/
    http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/





    [Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]
     

    If you have feedback, comments, or additional information about this vulnerability, please send us email.

GNOME Project Affected

Updated:  March 09, 2004

Status

Affected

Vendor Statement

Please see http://lists.gnome.org/archives/gnome-announce-list/2004-February/msg00051.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

ANNOUNCE: The GNOME XML toolkit 2.6.6


    • From: Daniel Veillard <veillard redhat com>
    • To: gnome-announce-list gnome org
    • Subject: ANNOUNCE: The GNOME XML toolkit 2.6.6
    • Date: Thu, 12 Feb 2004 12:28:49 -0500 (EST)


    Application
    ===========

    The GNOME XML toolkit 2.6.6

    Description
    ===========

    Libxml2 is the XML C parser and toolkit developed for the Gnome project
    (but usable outside of the Gnome platform).
    It also provides the xmllint XML/HTML processing tool.
    This release fix a potential security problem, people are advised to
    upgrade.

    Enhancements
    ============

    - Parsers: added xmlByteConsumed(ctxt) API to get the byte offest in
    input.
    - XInclude: allow the 2001 namespace without warning.
    - reader API: structured error reporting (Steve Ball)

    Fixes
    =====

    - nanohttp and nanoftp: buffer overflow error on URI parsing (Igor and
    William)
    reported by Yuuichi Teranishi
    - make test and path issues
    - xmlWriter attribute serialization (William Brack)
    - xmlWriter indentation (William)
    - schemas validation (Eric Haszlakiewicz)
    - XInclude dictionnaries issues (William and Oleg Paraschenko)
    - XInclude empty fallback (William)
    - HTML warnings (William)
    - XPointer in XInclude (William)
    - Python namespace serialization
    - isolat1ToUTF8 bound error (Alfred Mickautsch)
    - output of parameter entities in internal subset (William)
    - internal subset bug in push mode
    - <xs:all> fix (Alexey Sarytchev)
    - Build: fix for automake-1.8 (Alexander Winston)
    warnings removal (Philip Ludlam)
    SOCKLEN_T detection fixes (Daniel Richard)
    fix --with-minimum configuration.
    - Documentation: missing example/index.html (John Fleck)
    version dependancies (John Fleck)
    - Windows compilation: mingw, msys (Mikhail Grushinskiy),
    function prototype (Cameron Johnson),
    MSVC6 compiler warnings,
    _WINSOCKAPI_ patch

    Download
    ========

    ftp://xmlsoft.org/

    Website
    =======

    http://xmlsoft.org/

    GNOME Software Map entry
    ========================

    http://www.gnome.org/softwaremap/projects/libxml


    If you have feedback, comments, or additional information about this vulnerability, please send us email.

Gentoo Linux Affected

Updated:  March 09, 2004

Status

Affected

Vendor Statement

Please see http://bugs.gentoo.org/show_bug.cgi?id=42735 or http://secunia.com/advisories/11051/

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200403-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
~                                            
http://security.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

~  Severity: Normal
~     Title: Libxml2 URI Parsing Buffer Overflow Vulnerabilities
~      Date: March 06, 2004
~      Bugs: #42735
~        ID: 200403-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A buffer overflow has been discovered in libxml2 versions prior to
2.6.6 which may be exploited by an attacker allowing the execution of
arbitrary code.

Description
===========

Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When the libxml2 library fetches a remote resource via FTP or HTTP,
libxml2 uses parsing routines that can overflow a buffer caused by
improper bounds checking if they are passed a URL longer than 4096
bytes.

Impact
======

If an attacker is able to exploit an application using libxml2 that
parses remote resources, then this flaw could be used to execute
arbitrary code.

Workaround
==========

No workaround is available; users are urged to upgrade libxml2 to
2.6.6.

Resolution
==========

All users are recommended to upgrade their libxml2 installation:

~    # emerge sync
~    # emerge -pv ">=dev-libs/libxml2-2.6.6"
~    # emerge ">=dev-libs/libxml2-2.6.6"

References
==========

~  [ 1 ]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org

iD8DBQFASl4EMMXbAy2b2EIRAv+yAJ9NbGSqlVb4KzZ2IC4c2DBt3aaV1ACgxlhB
1c1NaJh9ByyfACBlmAU0Yz4=
=scAU
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Linux Netwosix Affected

Updated:  March 09, 2004

Status

Affected

Vendor Statement

Please see http://www.netwosix.org/adv04.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

************************************************************************************
Netwosix Linux Security Advisory #2004-0004 <
http://www.netwosix.org>
- -----------------------------------------------------------------------------------

Package name: libxml2
Summary: Buffer overflow in the nanohttp or nanoftp modules in
XMLSoft Libxml2 2.6.0
Date: 2004-03-04
Affected versions: Netwosix 1.0
************************************************************************************

- -> Package description:
- ------------------------
Libxml2 is the XML C parser and toolkit developed for the Gnome project.

- -> Problem description:
- ------------------------
A flaw in libxml2 versions prior to 2.6.6 was found by Yuuichi
Teranishi. When fetching a remote source via FTP or HTTP, libxml2
uses special parsing routines that can overflow a buffer if passed a
very long URL. In the event that the attacker can find a program that
uses libxml2 which parses remote resources and allows them to
influence the URL, this flaw could be used to execute arbitrary code.

- -> Action:
- ------------------------
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.

- -> Location:
- ---------------------

You can download the latest version of this package in NEPOTE format from:
<
http://download.netwosix.org/0004/nepote>

- -> Nepote Update (Nepote has been updated with new ports on 25 February 2004.
Update your portage tree from
http://nepote.netwosix.org, first):
- ---------------------

See this instructions to update the port of this package:

# cd /usr/ports/lib/libxml
# rm nepote
# wget
http://download.netwosix.org/0004/nepote
# sh nepote (to install the new and updated package)

- -> References
- ---------------------

Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110

- -> About Linux Netwosix:
- ---------------------------------
Linux Netwosix is a powerful and optimized Linux distribution for servers
and Network Security related jobs. It can also be used for special operations
such as penetration testing with its big collection of security oriented
software and sources. It's a light distribution created for the requirements
of every SysAdmin and it's very portable and highly configurable. Our
philosophy is to give greater liberty for configuration to the SysAdmin.
Only in this way can he/she configure a powerful and stable server machine.
Linux Netwosix also has a powerful ports system (Nepote) similar to the xBSD
systems but more flexible and usable.


- -> Questions?
- ---------------------
Check out our mailing lists:
<
http://www.netwosix.org/mailing.html>


The advisory itself is available at
<
http://www.netwosix.org/adv04.html>
- --------------------------------------------------

MD5sums of the packages:
- - --------------------------------------------------------------------------
60cb43bdcc312a611178df10c52a19c6 0004/nepote
- - --------------------------------------------------------------------------


Vincenzo Ciaglia - Linux Netwosix Security Advisories
<ciaglia@netwosix.org> - <
http://www.netwosix.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAR6JP6jz9pGuz4koRAvzeAJ98LXBB30rNXDdkoTjW20FLCVuDmwCeOqsh
0JB1uL92Ux7adp2bz+uf/0c=
=ySSs
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MandrakeSoft Affected

Updated:  March 09, 2004

Status

Affected

Vendor Statement

Please see http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:018

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

                Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name:           libxml2
Advisory ID:            MDKSA-2004:018
Date:                   March 3rd, 2004

Affected versions: 9.1, 9.2, Corporate Server 2.1
______________________________________________________________________

Problem Description:

A flaw in libxml2 versions prior to 2.6.6 was found by Yuuichi
Teranishi.  When fetching a remote source via FTP or HTTP, libxml2
uses special parsing routines that can overflow a buffer if passed a
very long URL.  In the event that the attacker can find a program that
uses libxml2 which parses remote resources and allows them to
influence the URL, this flaw could be used to execute arbitrary code.

The updated packages provide a backported fix to correct the problem.
_______________________________________________________________________

References:

 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110
______________________________________________________________________

Updated Packages:
 
Corporate Server 2.1:
51af35991ac6ceef5cd6ddc4330e1995  corporate/2.1/RPMS/libxml2-2.4.23-4.2.C21mdk.i586.rpm
34e6aa4c010e14199767c97d5fe0b706  corporate/2.1/RPMS/libxml2-devel-2.4.23-4.2.C21mdk.i586.rpm
9b551a5dfa4129f88fa90062ed684725  corporate/2.1/RPMS/libxml2-python-2.4.23-4.2.C21mdk.i586.rpm
7c2efde8dde2fabc15d0c59fd867d156  corporate/2.1/RPMS/libxml2-utils-2.4.23-4.2.C21mdk.i586.rpm
153ca0fed634a7485046181baf06ea94  corporate/2.1/SRPMS/libxml2-2.4.23-4.2.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
2bfb3a34f15d5484119f94ea0d8c9d69  x86_64/corporate/2.1/RPMS/libxml2-2.4.23-4.2.C21mdk.x86_64.rpm
251108957d5ba90a9082d1f1976e5fb7  x86_64/corporate/2.1/RPMS/libxml2-devel-2.4.23-4.2.C21mdk.x86_64.rpm
7f4d9e5052d9ca41cd0ed8dba78d2416  x86_64/corporate/2.1/RPMS/libxml2-python-2.4.23-4.2.C21mdk.x86_64.rpm
63e3b6910f6e42b775cb936ce581b16e  x86_64/corporate/2.1/RPMS/libxml2-utils-2.4.23-4.2.C21mdk.x86_64.rpm
153ca0fed634a7485046181baf06ea94  x86_64/corporate/2.1/SRPMS/libxml2-2.4.23-4.2.C21mdk.src.rpm

Mandrakelinux 9.1:
9b91d9a62e88829d180335e93005d706  9.1/RPMS/libxml2-2.5.4-1.2.91mdk.i586.rpm
42ea5fe9ee7733bab3e726cb0005a9e8  9.1/RPMS/libxml2-devel-2.5.4-1.2.91mdk.i586.rpm
98642ae61a8884d25878bc91f1d06622  9.1/RPMS/libxml2-python-2.5.4-1.2.91mdk.i586.rpm
3a7b2acf410ed9d6dc7d34d7e7fc319a  9.1/RPMS/libxml2-utils-2.5.4-1.2.91mdk.i586.rpm
bbb88662f90ff49f28a2e3e6905106f3  9.1/SRPMS/libxml2-2.5.4-1.2.91mdk.src.rpm

Mandrakelinux 9.1/PPC:
bcf80b555579701ed2ba8925bc1a9634  ppc/9.1/RPMS/libxml2-2.5.4-1.2.91mdk.ppc.rpm
3f6a1d38b9aaefd39a2ad116ec65643d  ppc/9.1/RPMS/libxml2-devel-2.5.4-1.2.91mdk.ppc.rpm
cdb9ee131ca5bd58564259d6917a9c56  ppc/9.1/RPMS/libxml2-python-2.5.4-1.2.91mdk.ppc.rpm
3c96adac2eb332f1e535b80e626a2c80  ppc/9.1/RPMS/libxml2-utils-2.5.4-1.2.91mdk.ppc.rpm
bbb88662f90ff49f28a2e3e6905106f3  ppc/9.1/SRPMS/libxml2-2.5.4-1.2.91mdk.src.rpm

Mandrakelinux 9.2:
6566203ab3c4fb904ae0126196aaf400  9.2/RPMS/libxml2-2.5.11-1.2.92mdk.i586.rpm
5552925b636b9926059c5c27ca37a588  9.2/RPMS/libxml2-devel-2.5.11-1.2.92mdk.i586.rpm
377f7250ee689d7ee7453b852e651d02  9.2/RPMS/libxml2-python-2.5.11-1.2.92mdk.i586.rpm
7e04e506249fbb224690ce3cc6434776  9.2/RPMS/libxml2-utils-2.5.11-1.2.92mdk.i586.rpm
34048480a99f5f04d02902ab918cf5c8  9.2/SRPMS/libxml2-2.5.11-1.2.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
12bfba14856691201fb44eeecd2e0760  amd64/9.2/RPMS/lib64xml2-2.5.11-1.2.92mdk.amd64.rpm
0267276afa32b153be2ab27821f2a45c  amd64/9.2/RPMS/lib64xml2-devel-2.5.11-1.2.92mdk.amd64.rpm
545cdb232a403bb77dbd7ae5881dfe01  amd64/9.2/RPMS/lib64xml2-python-2.5.11-1.2.92mdk.amd64.rpm
32012969ba7f58a67f8569d86ca90246  amd64/9.2/RPMS/libxml2-utils-2.5.11-1.2.92mdk.amd64.rpm
34048480a99f5f04d02902ab918cf5c8  amd64/9.2/SRPMS/libxml2-2.5.11-1.2.92mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

 
http://www.mandrakesecure.net/en/ftp.php

All packages are signed by Mandrakesoft for security.  You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:

 gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrakelinux at:

 
http://www.mandrakesecure.net/en/advisories/

Mandrakesoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

 
http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

 security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
 <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFARrVQmqjQ0CJFipgRApmfAKDAmU1wWFUMOt0zdBXMK5B3TnbFiQCgtUPf
ZHaFx48BQTxaJG6ZbwDG/0E=
=Tz/7
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenPKG Affected

Updated:  March 09, 2004

Status

Affected

Vendor Statement

Please see http://www.openpkg.org/security/OpenPKG-SA-2004.003-libxml.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory                            The OpenPKG Project
http://www.openpkg.org/security.html              http://www.openpkg.org
openpkg-security@openpkg.org                         openpkg@openpkg.org
OpenPKG-SA-2004.003                                          05-Mar-2004
________________________________________________________________________

Package:             libxml
Vulnerability:       arbitrary code execution
OpenPKG Specific:    no

Affected Releases:   Affected Packages:          Corrected Packages:
OpenPKG CURRENT      <= libxml-2.6.5-20040126    >= libxml-2.6.6-20040212
OpenPKG 2.0          none                        N.A.
OpenPKG 1.3          <= libxml-2.5.8-1.3.0       >= libxml-2.5.8-1.3.1

Affected Releases:   Dependent Packages:
OpenPKG CURRENT      apache::with_mod_php_dom perl-xml::with_libxml
                    php::with_dom php5::with_xml php5::with_dom cadaver
                    dia kde-libs libgdome libglade libwmf libxslt
                    neon pan ripe-dbase roadrunner scli scrollkeeper
                    sitecopy subversion wv xmlsec xmlstarlet xmlto xmms
OpenPKG 1.3          apache::with_mod_php_dom perl-xml::with_libxml
                    php::with_dom libgdome libwmf libxslt neon sitecopy
                    xmlsec

Description:
 A flaw in the HTTP and FTP client sub-library of libxml2 [0]
 found by Yuuichi Teranishi can be exploited to cause a buffer
 overflow if passed a very long URL [1]. This could be used by
 an attacker to execute arbitrary code on the host computer. The
 Common Vulnerabilities and Exposures (CVE) project assigned the id
 CAN-2004-0110 [2] to the problem.

 Please check whether you are affected by running "<prefix>/bin/rpm -q
 libxml". If you have the "libxml" package installed and its version
 is affected (see above), we recommend that you immediately upgrade it
 (see solution) and any dependent packages (see above). [3][4]

Solution:
 Select the updated source RPM appropriate for your OpenPKG release
 [5], fetch it from the OpenPKG FTP service [6] or a mirror location,
 verify its integrity [7], build a corresponding binary RPM from it [3]
 and update your OpenPKG installation by applying the binary RPM [4].
 For the affected release OpenPKG 1.3, perform the following operations
 to permanently fix the security problem (for other releases adjust
 accordingly).

 $ ftp ftp.openpkg.org
 ftp> bin
 ftp> cd release/1.3/UPD
 ftp> get libxml-2.5.8-1.3.1.src.rpm
 ftp> bye
 $ <prefix>/bin/rpm -v --checksig libxml-2.5.8-1.3.1.src.rpm
 $ <prefix>/bin/rpm --rebuild libxml-2.5.8-1.3.1.src.rpm
 $ su -
 # <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/libxml-2.5.8-1.3.1.*.rpm

 Additionally, we recommend that you rebuild and reinstall
 all dependent packages (see above), if any, too. [3][4]
________________________________________________________________________

References:
 [0]
http://xmlsoft.org/
 [1]
http://xmlsoft.org/news.html
 [2]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0110
 [3]
http://www.openpkg.org/tutorial.html#regular-source
 [4]
http://www.openpkg.org/tutorial.html#regular-binary
 [5]
ftp://ftp.openpkg.org/release/1.3/UPD/libxml-2.5.8-1.3.1.src.rpm
 [6]
ftp://ftp.openpkg.org/release/1.3/UPD/
 [7]
http://www.openpkg.org/security.html#signature
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from
http://pgp.openpkg.org and
hkp://pgp.openpkg.org. Follow the instructions on
http://pgp.openpkg.org/
for details on how to verify the integrity of this advisory.
________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@openpkg.org>

iD8DBQFASLo3gHWT4GPEy58RAr+bAKDII0jb/BQ94576qHt2KDt7akiqEwCg2aUT
IuYPKcQCRD4xwJbjDNj9QHs=
=zN3S
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat Inc. Affected

Updated:  March 09, 2004

Status

Affected

Vendor Statement

Please see https://rhn.redhat.com/errata/RHSA-2004-090.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated libxml2 packages fix security vulnerability
Advisory ID: RHSA-2004:091-02
Issue date: 2004-03-03
Updated on: 2004-03-03
Product: Red Hat Linux
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2004-0110
- ---------------------------------------------------------------------

1. Topic:

Updated libxml2 packages that fix an overflow when parsing remote resources
are now available.

[Updated 3 March 2004]
Revised libxml2 packages are now available as the original packages did not
contain a complete patch.

2. Relevant releases/architectures:

Red Hat Linux 9 - i386

3. Problem description:

libxml2 is a library for manipulating XML files.

Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0110
to this issue.

All users are advised to upgrade to these updated packages, which contain a
backported fix and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. RPMs required:

Red Hat Linux 9:

SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/libxml2-2.5.4-3.rh9.src.rpm

i386:
ftp://updates.redhat.com/9/en/os/i386/libxml2-2.5.4-3.rh9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/libxml2-devel-2.5.4-3.rh9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/libxml2-python-2.5.4-3.rh9.i386.rpm



6. Verification:

MD5 sum Package Name
- --------------------------------------------------------------------------

cb550a537cbc60b95dcc4396ab419466 9/en/os/SRPMS/libxml2-2.5.4-3.rh9.src.rpm
b063360d9efb8f4de082f1324fdcd421 9/en/os/i386/libxml2-2.5.4-3.rh9.i386.rpm
8590c8fcd8268d3b682531a4428f14f8 9/en/os/i386/libxml2-devel-2.5.4-3.rh9.i386.rpm
d34886934ad6c00607e0117815bc1e0a 9/en/os/i386/libxml2-python-2.5.4-3.rh9.i386.rpm

These packages are GPG signed by Red Hat for security. Our key is
available from https://www.redhat.com/security/keys.html

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:

md5sum <filename>


7. References:

http://mail.gnome.org/archives/xml/2004-February/msg00070.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFARdnpXlSAg2UNWIIRAtbLAJwKtHXbxKmYMXH+ijc1U1tdDyh4OQCglW2U
cVDJ2zxOZzZgjfNOV0z3fIU=
=zsb2
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SGI Affected

Updated:  March 09, 2004

Status

Affected

Vendor Statement

Please see ftp://patches.sgi.com/support/free/security/advisories/20040301-01-U.asc

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----

____________________________________________________________________________
                          SGI Security Advisory

 Title     : SGI Advanced Linux Environment security update #13
 Number    : 20040301-01-U
 Date      : March 3, 2004
 Reference : Redhat Advisory RHSA-2004:090-06, CAN-2004-0110
 Reference : Redhat Advisory RHSA-2004:058-08, CAN-2003-0973
 Fixed in  : Patch 10056 for SGI ProPack v2.4 and SGI ProPack v2.3
______________________________________________________________________________

SGI provides this information freely to the SGI user community for its
consideration, interpretation, implementation and use.  SGI recommends that
this information be acted upon as soon as possible.

SGI provides the information in this Security Advisory on an "AS-IS" basis
only, and disclaims all warranties with respect thereto, express, implied
or otherwise, including, without limitation, any warranty of merchantability
or fitness for a particular purpose.  In no event shall SGI be liable for
any loss of profits, loss of business, loss of data or for any indirect,
special, exemplary, incidental or consequential damages of any kind arising
from your use of, failure to use or improper use of any of the instructions
or information in this Security Advisory.
______________________________________________________________________________

- --------------
- --- Update ---
- --------------

SGI has released Patch 10056: SGI Advanced Linux Environment security
update #13, which includes updated RPMs for SGI ProPack v2.4 and SGI
ProPack v2.3 for the SGI Altix family of systems, in response to the
following security issues:

Updated mod_python packages fix denial of service vulnerability
http://rhn.redhat.com/errata/RHSA-2004-058.html

Updated libxml2 packages fix security vulnerability
http://rhn.redhat.com/errata/RHSA-2004-090.html

Patch 10056 is available from
http://support.sgi.com/ and
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/

The individual RPMs from Patch 10056 are available from:
ftp://oss.sgi.com/projects/sgi_propack/download/2.3/updates/RPMS
ftp://oss.sgi.com/projects/sgi_propack/download/2.3/updates/SRPMS
ftp://oss.sgi.com/projects/sgi_propack/download/2.4/updates/RPMS
ftp://oss.sgi.com/projects/sgi_propack/download/2.4/updates/SRPMS

Note: Four weeks after the release of SGI ProPack v2.4,
weekly security updates for SGI ProPack v2.3 will discontinue.
Please upgrade to SGI ProPack v2.4 as soon as possible.
See the SGI ProPack Support Policy on
http://support.sgi.com/
for additional information.


- -------------
- --- Links ---
- -------------

SGI Security Advisories can be found at:
http://www.sgi.com/support/security/ and
ftp://patches.sgi.com/support/free/security/advisories/

Red Hat Errata: Security Alerts, Bugfixes, and Enhancements
http://www.redhat.com/apps/support/errata/

SGI Advanced Linux Environment security updates can found on:
ftp://oss.sgi.com/projects/sgi_propack/download/

SGI patches can be found at the following patch servers:
http://support.sgi.com/

The primary SGI anonymous FTP site for security advisories and
security patches is
ftp://patches.sgi.com/support/free/security/


- -----------------------------------------
- --- SGI Security Information/Contacts ---
- -----------------------------------------

If there are questions about this document, email can be sent to
security-info@sgi.com.

                     ------oOo------

SGI provides security information and patches for use by the entire SGI
community.  This information is freely available to any person needing the
information and is available via anonymous FTP and the Web.

The primary SGI anonymous FTP site for security advisories and patches is
patches.sgi.com.  Security advisories and patches are located under the URL
ftp://patches.sgi.com/support/free/security/

The SGI Security Headquarters Web page is accessible at the URL:
http://www.sgi.com/support/security/

For issues with the patches on the FTP sites, email can be sent to
security-info@sgi.com.

For assistance obtaining or working with security patches, please
contact your SGI support provider.

                     ------oOo------

SGI provides a free security mailing list service called wiretap and
encourages interested parties to self-subscribe to receive (via email) all
SGI Security Advisories when they are released. Subscribing to the mailing
list can be done via the Web
(
http://www.sgi.com/support/security/wiretap.html) or by sending email to
SGI as outlined below.

% mail wiretap-request@sgi.com
subscribe wiretap < YourEmailAddress such as midwatch@sgi.com >
end
^d

In the example above, <YourEmailAddress> is the email address that you wish
the mailing list information sent to.  The word end must be on a separate
line to indicate the end of the body of the message. The control-d (^d) is
used to indicate to the mail program that you are finished composing the
mail message.


                     ------oOo------

SGI provides a comprehensive customer World Wide Web site. This site is
located at
http://www.sgi.com/support/security/ .

                     ------oOo------

If there are general security questions on SGI systems, email can be sent to
security-info@sgi.com.

For reporting *NEW* SGI security issues, email can be sent to
security-alert@sgi.com or contact your SGI support provider.  A support
contract is not required for submitting a security report.

______________________________________________________________________________
     This information is provided freely to all interested parties
     and may be redistributed provided that it is not altered in any
     way, SGI is appropriately credited and the document retains and
     includes its valid PGP signature.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBQEZc7rQ4cFApAP75AQGbfgP9EVFvHOutQopidet9Q3H1lw4tbpIzqgt1
1MeA6n3rfDYDe1pQLw1jLb1Exlp8iEFzBerbe0Lxen+zEAlRdUi1wL9NCnyo89Ro
D6B8+KNvgibtERzcf9y7NgHU8fTDxPjcmegQMl3Nst3/6zYwy3NNUFPIXTfnAySe
X1ERZhNMqSk=
=4964
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Trustix Secure Linux Affected

Updated:  March 09, 2004

Status

Affected

Vendor Statement

Please see http://www.trustix.org/errata/misc/2004/TSL-2004-0010-libxml2.asc.txt

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2004-0010

Package name: libxml2
Summary: buffer overrun in nanohttp
Date: 2004-03-05
Affected versions: Trustix 2.0

- --------------------------------------------------------------------------
Package description:
This library allows to manipulate XML files. It includes support
to read, modify and write XML and HTML files.

Problem description:
URLs longer than 4096 bytes would cause an overflow while using nanohttp
in libxml2.

Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.


Location:
All Trustix updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.


Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.


Public testing:
Most updates for Trustix are made available for public testing some time
before release.
If you want to contribute by testing the various packages in the
testing tree, please feel free to share your findings on the
tsl-discuss mailinglist.
The testing tree is located at
<URI:http://tsldev.trustix.org/cloud/>

You may also use swup for public testing of updates:

site {
class = 0
location = "http://tsldev.trustix.org/cloud/rdfs/latest.rdf"
regexp = ".*"
}


Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>


Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>

The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.0/>
or directly at
<URI:http://www.trustix.org/errata/misc/2004/TSL-2004-0010-libxml2.asc.txt>


MD5sums of the packages:
- --------------------------------------------------------------------------
13066c223f0c3148eb69cfd399ea3f14 2.0/rpms/libxml2-2.5.10-1tr.i586.rpm
b0a80332a30d823552dc99a13ffbf689 2.0/rpms/libxml2-devel-2.5.10-1tr.i586.rpm
f58ec53e75a663aee96b7e472d01874f 2.0/rpms/libxml2-python-2.5.10-1tr.i586.rpm
2a048d808097e162648d7f31f6c0ada5 2.0/srpms/libxml2-2.5.10-1tr.src.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFASK8Ei8CEzsK9IksRAlmZAKC6aFKwT15n2LKkY7H1JGSFRWD8ywCdHGGE
GJx7SovoxEdiZWCV6Jy1bKc=
=fzDy
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Yuuichi Teranishi for finding this vulnerability.

This document was written by Jeffrey S. Havrilla.

Other Information

CVE IDs: CVE-2004-0110
Date Public: 2004-02-12
Date First Published: 2004-03-09
Date Last Updated: 2004-03-09 20:04 UTC
Document Revision: 9

Sponsored by CISA.