Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 69154 - dev-libs/libxml2: Remotely exploitable buffer overflow
Summary: dev-libs/libxml2: Remotely exploitable buffer overflow
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High critical
Assignee: Gentoo Security
URL: http://www.securityfocus.com/archive/...
Whiteboard: A1 [glsa] lewk
Keywords:
Depends on:
Blocks:
 
Reported: 2004-10-27 08:32 UTC by Dan Margolis (RETIRED)
Modified: 2005-06-26 04:21 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dan Margolis (RETIRED) gentoo-dev 2004-10-27 08:32:20 UTC
Above report claims exploitable buffer overflow requiring the application using libxml2 to parse untrusted xml or for the attacker to own/spoof DNS for the victim.
Comment 1 Luke Macken (RETIRED) gentoo-dev 2004-10-28 12:46:11 UTC
gnome herd,

2.6.15 was released yesterday to fix these issues, please bump.
Comment 2 foser (RETIRED) gentoo-dev 2004-10-30 07:29:43 UTC
added libxml2-2.6.15-r1

Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2004-10-30 09:05:01 UTC
Arches, please test and mark stable
Comment 4 Gustavo Zacarias (RETIRED) gentoo-dev 2004-10-30 09:21:25 UTC
sparc stable.
Comment 5 Simon Stelling (RETIRED) gentoo-dev 2004-10-30 09:52:39 UTC
stable on amd64
Comment 6 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2004-10-30 11:01:03 UTC
Stable on ppc.
Comment 7 SpanKY gentoo-dev 2004-10-30 21:25:52 UTC
arm/ia64/s390 stable

hppa wont happen until binutils-2.15.92.0.2 goes stable for hppa ... and we really havent had much time to test it :/
Comment 8 Bryan Østergaard (RETIRED) gentoo-dev 2004-10-31 02:00:57 UTC
Stable on alpha.
Comment 9 Matthias Geerdsen (RETIRED) gentoo-dev 2004-11-01 01:45:51 UTC
this seems to be CAN-2004-0989 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0989>
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2004-11-01 02:20:55 UTC
ppc64: please mark stable so that the GLSA can go out.
Comment 11 Markus Rothe (RETIRED) gentoo-dev 2004-11-01 13:24:05 UTC
stable on ppc64.

Markus
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2004-11-02 09:38:28 UTC
GLSA 200411-05
hppa, mips : please mark stable to benefit from GLSA
Comment 13 Hardave Riar (RETIRED) gentoo-dev 2004-11-05 03:57:59 UTC
Stable on mips.