Gentoo Bug 69154 - dev-libs/libxml2: Remotely exploitable buffer overflow

First Last Prev Next No search results available Search page Enter new bug

Bug#:	69154
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Dan Margolis (RETIRED) <krispykringle@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 69154 depends on:			Show dependency tree
Bug 69154 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2004-10-27 08:32 0000

Above report claims exploitable buffer overflow requiring the application using
libxml2 to parse untrusted xml or for the attacker to own/spoof DNS for the
victim.

------- Comment #1 From Luke Macken (RETIRED) 2004-10-28 12:46:11 0000 -------

gnome herd,

2.6.15 was released yesterday to fix these issues, please bump.

------- Comment #2 From foser (RETIRED) 2004-10-30 07:29:43 0000 -------

added libxml2-2.6.15-r1

------- Comment #3 From Thierry Carrez (RETIRED) 2004-10-30 09:05:01 0000 -------

Arches, please test and mark stable

------- Comment #4 From Gustavo Zacarias (RETIRED) 2004-10-30 09:21:25 0000 -------

sparc stable.

------- Comment #5 From Simon Stelling (RETIRED) 2004-10-30 09:52:39 0000 -------

stable on amd64

------- Comment #6 From Michael Hanselmann (hansmi) (RETIRED) 2004-10-30 11:01:03 0000 -------

Stable on ppc.

------- Comment #7 From SpanKY 2004-10-30 21:25:52 0000 -------

arm/ia64/s390 stable

hppa wont happen until binutils-2.15.92.0.2 goes stable for hppa ... and we really havent had much time to test it :/

------- Comment #8 From Bryan Østergaard (RETIRED) 2004-10-31 02:00:57 0000 -------

Stable on alpha.

------- Comment #9 From Matthias Geerdsen 2004-11-01 01:45:51 0000 -------

this seems to be CAN-2004-0989
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0989>

------- Comment #10 From Thierry Carrez (RETIRED) 2004-11-01 02:20:55 0000 -------

ppc64: please mark stable so that the GLSA can go out.

------- Comment #11 From Markus Rothe 2004-11-01 13:24:05 0000 -------

stable on ppc64.

Markus

------- Comment #12 From Thierry Carrez (RETIRED) 2004-11-02 09:38:28 0000 -------

GLSA 200411-05
hppa, mips : please mark stable to benefit from GLSA

------- Comment #13 From Hardave Riar (RETIRED) 2004-11-05 03:57:59 0000 -------

Stable on mips.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 69154

dev-libs/libxml2: Remotely exploitable buffer overflow

Last modified: 2005-06-26 04:21:04 0000