aru Posted March 4, 2004 Report Share Posted March 4, 2004 MandrakeSoft Security Advisory MDKSA-2004:018 : libxml2 March 3rd, 2004 Updated libxml2 packages fix vulnerability A flaw in libxml2 versions prior to 2.6.6 was found by Yuuichi Teranishi. When fetching a remote source via FTP or HTTP, libxml2 uses special parsing routines that can overflow a buffer if passed a very long URL. In the event that the attacker can find a program that uses libxml2 which parses remote resources and allows them to influence the URL, this flaw could be used to execute arbitrary code. The updated packages provide a backported fix to correct the problem. The released versions of Mandrake GNU/Linux affected are: 9.1 9.2 9.2/AMD64 Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:018 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0110 Posted automatically by aru (mdksec2mub v0.0.8) Link to comment Share on other sites More sharing options...
Recommended Posts