Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0110 to this issue. Reproducible: Always Steps to Reproduce: 1. 2. 3. patch available: https://bugzilla.fedora.us/attachment.cgi?id=566&action=view
sorry, i reported with my old account bug shouldnt affect ~x86 users, since the bug only affects versions prior to 2.6.6, and ~x86 version is 2.6.12
Was GLSA 200403-01 *** This bug has been marked as a duplicate of 42735 ***