[bluewhite64-security] libxml2 (BW64SA:20081121-01)
Hash: SHA1
[bluewhite64-security] libxml2 (BW64SA:20081121-01)
New libxml2 packages are available for Bluewhite64 11.0, 12.0,and 12.1,to fix security
issues including a denial or service or the possible execution of arbitrary code if
untrusted XML is processed.
More details about the issues may be found in the Common Vulnerabilities and Exposures
(CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226
Here are the details from the Bluewhite64 12.1 ChangeLog:
+--------------------------+
PATCHES/packages/libxml2-2.6.32-x86_64-1.tgz: Upgraded to libxml2-2.6.32 and patched.
This fixes vulnerabilities including denial of service, or possibly the
execution of arbitrary code as the user running a libxml2 linked application
if untrusted XML content is parsed.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226
[*** Security fix ***]
+--------------------------+
Where to find the new packages:
+-----------------------------+
See the "Get Bluewhite64" section on http://bluewhite64.com for additional
mirror sites near you.
Updated package for Bluewhite64 11.0:
http://data.bluewhite64.com/bluewhite64-11.0/patches/packages/libxml2-2.6.32-x86_64-1.tgz
Updated package for Bluewhite64 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/libxml2-2.6.32-x86_64-1.tgz
Updated package for Bluewhite64 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/libxml2-2.6.32-x86_64-1.tgz
MD5 signatures:
+-------------+
Bluewhite64 11.0 package:
87cab4ce4944158f2aa46a502b163431 libxml2-2.6.32-x86_64-1.tgz
Bluewhite64 12.0 package:
e7fd3fac1c0e2e6b9b677407d7529225 libxml2-2.6.32-x86_64-1.tgz
Bluewhite64 12.1 package:
3be33b56734fb6c72c0dee78183b6a93 libxml2-2.6.32-x86_64-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg libxml2-2.6.32-x86_64-1.tgz
Then, restart any services that use libxml2.
+-----+
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key
security©bluewhite64.com
+-------------------------------------------------------+
| To leave the bluewhite64-security mailing list:
+-------------------------------------------------------+
| Send a blank email to
|
| bluewhite64-security-unsubscribe©bluewhite64.com
|
| You will get a confirmation message back containing
| instructions to complete the process.
|
| Please do not reply to this email address.
+-------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkl5kAACgkQpTOsxuDdlY4eHgCdHMMsEXNT3iC5zXhzPiRiNH6s
0MIAn3mz0zqT1DurDtgcBMWoNIUA4rWR
=ua/D
-----END PGP SIGNATURE-----