Vulnerabilities > CVE-2008-4226 - Resource Management Errors vulnerability in Xmlsoft Libxml 2.7.2

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
xmlsoft
CWE-399
critical
nessus

Summary

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.

Vulnerable Configurations

Part Description Count
Application
Xmlsoft
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_126357-06.NASL
    descriptionSun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Apr/23/11
    last seen2020-06-01
    modified2020-06-02
    plugin id107950
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107950
    titleSolaris 10 (x86) : 126357-06
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(107950);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:27");
    
      script_cve_id("CVE-2008-2945", "CVE-2008-3529", "CVE-2008-4225", "CVE-2008-4226", "CVE-2009-0169", "CVE-2009-0170", "CVE-2009-0348", "CVE-2009-2268", "CVE-2009-2712", "CVE-2009-2713", "CVE-2011-0844", "CVE-2011-0847", "CVE-2011-3506");
    
      script_name(english:"Solaris 10 (x86) : 126357-06");
      script_summary(english:"Check for patch 126357-06");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 126357-06"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Sun Java System Access Manager 7.1 Solaris_x86.
    Date this patch was last updated by Sun : Apr/23/11"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/126357-06"
      );
      script_set_attribute(attribute:"solution", value:"Install patch 126357-06");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 79, 119, 189, 200, 255, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:126357");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/04/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    showrev = get_kb_item("Host/Solaris/showrev");
    if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
    os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
    if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
    full_ver = os_ver[1];
    os_level = os_ver[2];
    if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
    package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
    if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
    package_arch = package_arch[1];
    if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch);
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamclnt", version:"7.1,REV=06.11.22.00.23") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamcon", version:"7.1,REV=06.11.22.00.22") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamconsdk", version:"7.1,REV=06.11.22.00.22") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamdistauth", version:"7.1,REV=06.11.22.00.23") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamext", version:"7.1,REV=06.11.20.12.28") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamfcd", version:"7.1,REV=06.11.20.12.28") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWampwd", version:"7.1,REV=06.11.20.12.28") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamrsa", version:"7.1,REV=06.06.28.17.03") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsam", version:"7.1,REV=06.11.20.12.26") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsci", version:"7.1,REV=06.11.20.12.28") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsdk", version:"7.1,REV=07.01.18.06.04") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsdkconfig", version:"7.1,REV=06.12.15.12.35") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsfodb", version:"7.1,REV=06.11.20.12.28") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsvc", version:"7.1,REV=06.12.19.15.12") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamsvcconfig", version:"7.1,REV=06.11.20.12.28") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"126357-06", obsoleted_by:"", package:"SUNWamutl", version:"7.1,REV=07.01.18.05.38") < 0) flag++;
    
    if (flag) {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : solaris_get_report()
      );
    } else {
      patch_fix = solaris_patch_fix_get();
      if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
      tested = solaris_pkg_tests_get();
      if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWamclnt / SUNWamcon / SUNWamconsdk / SUNWamdistauth / SUNWamext / etc");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS7_123919.NASL
    descriptionSun Management Center 3.6.1: Patch for Solaris 7. Date this patch was last updated by Sun : Dec/01/09
    last seen2020-06-01
    modified2020-06-02
    plugin id23690
    published2006-11-20
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23690
    titleSolaris 7 (sparc) : 123919-12
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBXML2-5755.NASL
    descriptionThis update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. (CVE-2008-4226) Thanks to: Drew Yao of Apple Product Security
    last seen2020-06-01
    modified2020-06-02
    plugin id41555
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41555
    titleSuSE 10 Security Update : libxml2 (ZYPP Patch Number 5755)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_120954.NASL
    descriptionAM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 This plugin has been deprecated and either replaced with individual 120954 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id36756
    published2009-04-23
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=36756
    titleSolaris 10 (sparc) : 120954-12 (deprecated)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_126357.NASL
    descriptionSun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Jun/19/09
    last seen2016-09-26
    modified2011-09-18
    plugin id30014
    published2008-01-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=30014
    titleSolaris 5.9 (x86) : 126357-03
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-10000.NASL
    descriptionThis library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select subnodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. Update Information: Fixes a couple of security issues when overflowing text data size of buffer size.
    last seen2016-09-26
    modified2012-10-01
    plugin id37490
    published2009-04-23
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=37490
    titleFedora 10 2008-10000
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_120955-12.NASL
    descriptionAM 7.0_x86: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10
    last seen2020-06-01
    modified2020-06-02
    plugin id107871
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107871
    titleSolaris 10 (x86) : 120955-12
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_120954.NASL
    descriptionAM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10
    last seen2020-06-01
    modified2020-06-02
    plugin id37533
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37533
    titleSolaris 9 (sparc) : 120954-12
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_127681.NASL
    descriptionSun Management Center 4.0: Patch for Solaris 9. Date this patch was last updated by Sun : Nov/25/09
    last seen2020-06-01
    modified2020-06-02
    plugin id67167
    published2013-07-03
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67167
    titleSolaris 9 (sparc) : 127681-07
  • NASL familyWeb Servers
    NASL idHPSMH_6_0_0_95.NASL
    descriptionAccording to its self-reported version number, the HP System Management Homepage install on the remote host is earlier than 6.0.0.96 / 6.0.0-95. Such versions are potentially affected by the following vulnerabilities : - A cross-site scripting (XSS) vulnerability due to a failure to sanitize UTF-7 encoded input. Browsers are only affected if encoding is set to auto-select. (CVE-2008-1468) - An integer overflow in the libxml2 library that can result in a heap overflow. (CVE-2008-4226) - A buffer overflow in the PHP mbstring extension. (CVE-2008-5557) - An unspecified XSS in PHP when
    last seen2020-06-01
    modified2020-06-02
    plugin id46015
    published2010-04-27
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/46015
    titleHP System Management Homepage < 6.0.0.96 / 6.0.0-95 Multiple Vulnerabilities
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_123923.NASL
    descriptionSun Management Center 3.6.1: Patch for Solaris 10. Date this patch was last updated by Sun : Nov/25/09 This plugin has been deprecated and either replaced with individual 123923 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id37632
    published2009-04-23
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=37632
    titleSolaris 10 (sparc) : 123923-12 (deprecated)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12286.NASL
    descriptionThis update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. (CVE-2008-4226) Thanks to: Drew Yao of Apple Product Security
    last seen2020-06-01
    modified2020-06-02
    plugin id41253
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41253
    titleSuSE9 Security Update : libxml2 (YOU Patch Number 12286)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-9729.NASL
    descriptionFixes a couple of security issues when overflowing text data size of buffer size. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id34830
    published2008-11-21
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34830
    titleFedora 8 : libxml2-2.7.2-2.fc8 (2008-9729)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_127682.NASL
    descriptionSun Management Center 4.0: Patch for Solaris 9_x86. Date this patch was last updated by Sun : Nov/25/09
    last seen2020-06-01
    modified2020-06-02
    plugin id67170
    published2013-07-03
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67170
    titleSolaris 9 (x86) : 127682-07
  • NASL familyWindows
    NASL idSAFARI_4.0.NASL
    descriptionThe version of Safari installed on the remote Windows host is earlier than 4.0. It therefore is potentially affected by numerous issues in the following components : - CFNetwork - CoreGraphics - ImageIO - International Components for Unicode - libxml - Safari - Safari Windows Installer - WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id39339
    published2009-06-09
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39339
    titleSafari < 4.0 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0988.NASL
    descriptionUpdated libxml2 packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. libxml2 is a library for parsing and manipulating XML files. It includes support for reading, modifying, and writing XML and HTML files. An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-4226) A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. (CVE-2008-4225) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. Users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id34811
    published2008-11-18
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34811
    titleRHEL 2.1 / 3 / 4 / 5 : libxml2 (RHSA-2008:0988)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2009-0001.NASL
    descriptiona. Loading a corrupt delta disk may cause ESX to crash If the VMDK delta disk of a snapshot is corrupt, an ESX host might crash when the corrupted disk is loaded. VMDK delta files exist for virtual machines with one or more snapshots. This change ensures that a corrupt VMDK delta file cannot be used to crash ESX hosts. A corrupt VMDK delta disk, or virtual machine would have to be loaded by an administrator. VMware would like to thank Craig Marshall for reporting this issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4914 to this issue. b. Updated Service Console package net-snmp Net-SNMP is an implementation of the Simple Network Management Protocol (SNMP). SNMP is used by network management systems to monitor hosts. A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially- crafted request could cause the snmpd server to crash. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4309 to this issue. c. Updated Service Console package libxml2 An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4226 to this issue. A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-4225 to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id40387
    published2009-07-27
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40387
    titleVMSA-2009-0001 : ESX patches address an issue loading corrupt virtual disks and update Service Console packages
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200812-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200812-06 (libxml2: Multiple vulnerabilities) Multiple vulnerabilities were reported in libxml2: Andreas Solberg reported that libxml2 does not properly detect recursion during entity expansion in an attribute value (CVE-2008-3281). A heap-based buffer overflow has been reported in the xmlParseAttValueComplex() function in parser.c (CVE-2008-3529). Christian Weiske reported that predefined entity definitions in entities are not properly handled (CVE-2008-4409). Drew Yao of Apple Product Security reported an integer overflow in the xmlBufferResize() function that can lead to an infinite loop (CVE-2008-4225). Drew Yao of Apple Product Security reported an integer overflow in the xmlSAX2Characters() function leading to a memory corruption (CVE-2008-4226). Impact : A remote attacker could entice a user or automated system to open a specially crafted XML document with an application using libxml2, possibly resulting in the exeution of arbitrary code or a high CPU and memory consumption. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id35023
    published2008-12-03
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35023
    titleGLSA-200812-06 : libxml2: Multiple vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0988.NASL
    descriptionUpdated libxml2 packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. libxml2 is a library for parsing and manipulating XML files. It includes support for reading, modifying, and writing XML and HTML files. An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-4226) A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. (CVE-2008-4225) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. Users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37692
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37692
    titleCentOS 3 / 4 / 5 : libxml2 (CESA-2008:0988)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_120954-12.NASL
    descriptionAM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10
    last seen2020-06-01
    modified2020-06-02
    plugin id107369
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107369
    titleSolaris 10 (sparc) : 120954-12
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_126356-06.NASL
    descriptionSun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Apr/23/11
    last seen2020-06-01
    modified2020-06-02
    plugin id107450
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107450
    titleSolaris 10 (sparc) : 126356-06
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_126356.NASL
    descriptionSun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Jun/19/09
    last seen2016-09-26
    modified2011-09-18
    plugin id44085
    published2010-01-20
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=44085
    titleSolaris 5.9 (x86) : 126356-03
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-673-1.NASL
    descriptionDrew Yao discovered that libxml2 did not correctly handle certain corrupt XML documents. If a user or automated system were tricked into processing a malicious XML document, a remote attacker could cause applications linked against libxml2 to enter an infinite loop, leading to a denial of service. (CVE-2008-4225) Drew Yao discovered that libxml2 did not correctly handle large memory allocations. If a user or automated system were tricked into processing a very large XML document, a remote attacker could cause applications linked against libxml2 to crash, leading to a denial of service. (CVE-2008-4226). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36916
    published2009-04-23
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36916
    titleUbuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : libxml2 vulnerabilities (USN-673-1)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_123922.NASL
    descriptionSun Management Center 3.6.1_x86: Patch for Solaris 9. Date this patch was last updated by Sun : Nov/25/09
    last seen2020-06-01
    modified2020-06-02
    plugin id67169
    published2013-07-03
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67169
    titleSolaris 9 (x86) : 123922-11
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1666.NASL
    descriptionSeveral vulnerabilities have been discovered in the GNOME XML library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-4225 Drew Yao discovered that missing input sanitising in the xmlBufferResize() function may lead to an infinite loop, resulting in denial of service. - CVE-2008-4226 Drew Yao discovered that an integer overflow in the xmlSAX2Characters() function may lead to denial of service or the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id34810
    published2008-11-18
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34810
    titleDebian DSA-1666-1 : libxml2 - several vulnerabilities
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_126356.NASL
    descriptionSun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Jun/19/09
    last seen2018-09-01
    modified2018-08-22
    plugin id30007
    published2008-01-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=30007
    titleSolaris 5.10 (sparc) : 126356-03
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBXML2-5754.NASL
    descriptionThis update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. (CVE-2008-4226) Thanks to: Drew Yao of Apple Product Security
    last seen2020-06-01
    modified2020-06-02
    plugin id34846
    published2008-11-21
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34846
    titleopenSUSE 10 Security Update : libxml2 (libxml2-5754)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2009-0018.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Add bug347316.patch to backport fix for bug#347316 from upstream version - Add libxml2-enterprise.patch and update logos in tarball - Fix a couple of crash (CVE-2009-2414, CVE-2009-2416) - Resolves: rhbz#515236 - two patches for size overflows problems (CVE-2008-4225, CVE-2008-4226) - Resolves: rhbz#470474 - Patch to fix an entity name copy buffer overflow (CVE-2008-3529) - Resolves: rhbz#461023 - Better fix for (CVE-2008-3281) - Resolves: rhbz#458095 - change the patch for CVE-2008-3281 due to ABI issues - Resolves: rhbz#458095 - Patch to fix recursive entities handling (CVE-2008-3281) - Resolves: rhbz#458095 - Patch to fix UTF-8 decoding problem (CVE-2007-6284) - Resolves: rhbz#425933
    last seen2020-06-01
    modified2020-06-02
    plugin id79462
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79462
    titleOracleVM 2.1 : libxml2 (OVMSA-2009-0018)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119467.NASL
    descriptionIS 6.3_x86: Sun Java(TM) System Access Manager 6 2005Q1. Date this patch was last updated by Sun : Jun/29/09 This plugin has been deprecated and either replaced with individual 119467 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id25389
    published2007-06-04
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=25389
    titleSolaris 10 (x86) : 119467-17 (deprecated)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_127680.NASL
    descriptionSun Management Center 4.0: Patch for Solaris 8. Date this patch was last updated by Sun : Nov/25/09
    last seen2020-06-01
    modified2020-06-02
    plugin id67163
    published2013-07-03
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67163
    titleSolaris 8 (sparc) : 127680-07
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_120955.NASL
    descriptionAM 7.0_x86: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10
    last seen2020-06-01
    modified2020-06-02
    plugin id38005
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38005
    titleSolaris 9 (x86) : 120955-12
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0988.NASL
    descriptionFrom Red Hat Security Advisory 2008:0988 : Updated libxml2 packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. libxml2 is a library for parsing and manipulating XML files. It includes support for reading, modifying, and writing XML and HTML files. An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-4226) A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. (CVE-2008-4225) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. Users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67769
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67769
    titleOracle Linux 3 / 4 / 5 : libxml2 (ELSA-2008-0988)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2008-324-01.NASL
    descriptionNew libxml2 packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security issues including a denial or service or the possible execution of arbitrary code if untrusted XML is processed.
    last seen2020-06-01
    modified2020-06-02
    plugin id34822
    published2008-11-21
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34822
    titleSlackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : libxml2 (SSA:2008-324-01)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_120954.NASL
    descriptionAM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10
    last seen2020-06-01
    modified2020-06-02
    plugin id37271
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37271
    titleSolaris 8 (sparc) : 120954-12
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_126357.NASL
    descriptionSun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Jun/19/09
    last seen2018-09-01
    modified2018-08-22
    plugin id30010
    published2008-01-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=30010
    titleSolaris 5.10 (x86) : 126357-03
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_126356.NASL
    descriptionSun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Jun/19/09
    last seen2016-09-26
    modified2011-09-18
    plugin id30011
    published2008-01-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=30011
    titleSolaris 5.8 (sparc) : 126356-03
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-231.NASL
    descriptionDrew Yao of the Apple Product Security Team found two flaws in libxml2. The first is a denial of service flaw in libxml2
    last seen2020-06-01
    modified2020-06-02
    plugin id36883
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36883
    titleMandriva Linux Security Advisory : libxml2 (MDVSA-2008:231)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_F1E0164EB67B11DDA55E00163E000016.NASL
    descriptionSecunia reports : Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library. 1) An integer overflow error in the
    last seen2020-06-01
    modified2020-06-02
    plugin id34840
    published2008-11-21
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34840
    titleFreeBSD : libxml2 -- multiple vulnerabilities (f1e0164e-b67b-11dd-a55e-00163e000016)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20081117_LIBXML2_ON_SL3_X.NASL
    descriptionAn integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-4226) A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. (CVE-2008-4225)
    last seen2020-06-01
    modified2020-06-02
    plugin id60496
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60496
    titleScientific Linux Security Update : libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_123924-11.NASL
    descriptionSun Management Center 3.6.1_x86: Patch for Solaris 10. Date this patch was last updated by Sun : Nov/25/09
    last seen2020-06-01
    modified2020-06-02
    plugin id107898
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107898
    titleSolaris 10 (x86) : 123924-11
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_123921.NASL
    descriptionSun Management Center 3.6.1: Patch for Solaris 9. Date this patch was last updated by Sun : Nov/25/09
    last seen2020-06-01
    modified2020-06-02
    plugin id36354
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36354
    titleSolaris 9 (sparc) : 123921-12
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_123924.NASL
    descriptionSun Management Center 3.6.1_x86: Patch for Solaris 10. Date this patch was last updated by Sun : Nov/25/09 This plugin has been deprecated and either replaced with individual 123924 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id67153
    published2013-07-03
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=67153
    titleSolaris 10 (x86) : 123924-11 (deprecated)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_126356.NASL
    descriptionSun Java System Access Manager 7.1 Solaris. Date this patch was last updated by Sun : Jun/19/09
    last seen2016-09-26
    modified2011-09-18
    plugin id30013
    published2008-01-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=30013
    titleSolaris 5.9 (sparc) : 126356-03
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_120955.NASL
    descriptionAM 7.0_x86: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 This plugin has been deprecated and either replaced with individual 120955 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id38126
    published2009-04-23
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=38126
    titleSolaris 10 (x86) : 120955-12 (deprecated)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_119467.NASL
    descriptionIS 6.3_x86: Sun Java(TM) System Access Manager 6 2005Q1. Date this patch was last updated by Sun : Jun/29/09
    last seen2020-06-01
    modified2020-06-02
    plugin id23612
    published2006-11-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23612
    titleSolaris 9 (x86) : 119467-17
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-10038.NASL
    descriptionFixes a couple of security issues when overflowing text data size of buffer size. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62272
    published2012-09-24
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62272
    titleFedora 10 : libxml2-2.7.2-2.fc10 (2008-10038)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBXML2-5756.NASL
    descriptionThis update fixes an integer overflow in libxml2 that could lead to memory corruption and arbitrary code execution. (CVE-2008-4226) Thanks to: Drew Yao of Apple Product Security
    last seen2020-06-01
    modified2020-06-02
    plugin id34847
    published2008-11-21
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34847
    titleSuSE 10 Security Update : libxml2 (ZYPP Patch Number 5756)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_X86_126357.NASL
    descriptionSun Java System Access Manager 7.1 Solaris_x86. Date this patch was last updated by Sun : Jun/19/09
    last seen2016-09-26
    modified2011-09-18
    plugin id30012
    published2008-01-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=30012
    titleSolaris 5.8 (x86) : 126357-03
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_123923-12.NASL
    descriptionSun Management Center 3.6.1: Patch for Solaris 10. Date this patch was last updated by Sun : Nov/25/09
    last seen2020-06-01
    modified2020-06-02
    plugin id107395
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107395
    titleSolaris 10 (sparc) : 123923-12
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SAFARI4_0.NASL
    descriptionThe version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0. As such, it is potentially affected by numerous issues in the following components : - CFNetwork - libxml - Safari - WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id39338
    published2009-06-09
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39338
    titleMac OS X : Apple Safari < 4.0
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_123920.NASL
    descriptionSun Management Center 3.6.1: Patch for Solaris 8. Date this patch was last updated by Sun : Nov/25/09
    last seen2020-06-01
    modified2020-06-02
    plugin id37363
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37363
    titleSolaris 8 (sparc) : 123920-12
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-9773.NASL
    descriptionFixes a couple of security issues when overflowing text data size of buffer size. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id34834
    published2008-11-21
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34834
    titleFedora 9 : libxml2-2.7.2-2.fc9 (2008-9773)

Oval

  • accepted2009-03-23T04:00:21.430-04:00
    classvulnerability
    contributors
    namePai Peng
    organizationHewlett-Packard
    definition_extensions
    • commentSolaris 9 (SPARC) is installed
      ovaloval:org.mitre.oval:def:1457
    • commentSolaris 10 (SPARC) is installed
      ovaloval:org.mitre.oval:def:1440
    • commentSolaris 9 (x86) is installed
      ovaloval:org.mitre.oval:def:1683
    • commentSolaris 10 (x86) is installed
      ovaloval:org.mitre.oval:def:1926
    descriptionInteger overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
    familyunix
    idoval:org.mitre.oval:def:6219
    statusaccepted
    submitted2009-02-13T15:56:00.000-05:00
    titleSecurity Vulnerabilities in the libxml2 Library Routines xmlSAX2Characters() May Lead to Arbitrary Code Execution or Denial of Service (DoS)
    version35
  • accepted2010-05-17T04:00:14.937-04:00
    classvulnerability
    contributors
    • nameMichael Wood
      organizationHewlett-Packard
    • nameMichael Wood
      organizationHewlett-Packard
    • nameJ. Daniel Brown
      organizationDTCC
    definition_extensions
    • commentVMWare ESX Server 3.0.3 is installed
      ovaloval:org.mitre.oval:def:6026
    • commentVMWare ESX Server 3.0.2 is installed
      ovaloval:org.mitre.oval:def:5613
    • commentVMware ESX Server 3.5.0 is installed
      ovaloval:org.mitre.oval:def:5887
    descriptionInteger overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
    familyunix
    idoval:org.mitre.oval:def:6360
    statusaccepted
    submitted2009-09-23T15:39:02.000-04:00
    titleLibxml2 Integer Overflow in xmlSAX2Characters() May Let Remote Users Execute Arbitrary Code
    version5
  • accepted2013-04-29T04:23:04.825-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionInteger overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
    familyunix
    idoval:org.mitre.oval:def:9888
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleInteger overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
    version27

Redhat

advisories
bugzilla
id470480
titleCVE-2008-4225 libxml2: integer overflow leading to infinite loop in xmlBufferResize
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentlibxml2 is earlier than 0:2.6.16-12.6
          ovaloval:com.redhat.rhsa:tst:20080988001
        • commentlibxml2 is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20080032004
      • AND
        • commentlibxml2-python is earlier than 0:2.6.16-12.6
          ovaloval:com.redhat.rhsa:tst:20080988003
        • commentlibxml2-python is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20080032006
      • AND
        • commentlibxml2-devel is earlier than 0:2.6.16-12.6
          ovaloval:com.redhat.rhsa:tst:20080988005
        • commentlibxml2-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20080032002
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentlibxml2-python is earlier than 0:2.6.26-2.1.2.7
          ovaloval:com.redhat.rhsa:tst:20080988008
        • commentlibxml2-python is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080032011
      • AND
        • commentlibxml2 is earlier than 0:2.6.26-2.1.2.7
          ovaloval:com.redhat.rhsa:tst:20080988010
        • commentlibxml2 is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080032013
      • AND
        • commentlibxml2-devel is earlier than 0:2.6.26-2.1.2.7
          ovaloval:com.redhat.rhsa:tst:20080988012
        • commentlibxml2-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20080032009
rhsa
idRHSA-2008:0988
released2008-11-17
severityImportant
titleRHSA-2008:0988: libxml2 security update (Important)
rpms
  • libxml2-0:2.4.19-12.ent
  • libxml2-0:2.5.10-14
  • libxml2-0:2.6.16-12.6
  • libxml2-0:2.6.26-2.1.2.7
  • libxml2-debuginfo-0:2.5.10-14
  • libxml2-debuginfo-0:2.6.16-12.6
  • libxml2-debuginfo-0:2.6.26-2.1.2.7
  • libxml2-devel-0:2.4.19-12.ent
  • libxml2-devel-0:2.5.10-14
  • libxml2-devel-0:2.6.16-12.6
  • libxml2-devel-0:2.6.26-2.1.2.7
  • libxml2-python-0:2.4.19-12.ent
  • libxml2-python-0:2.5.10-14
  • libxml2-python-0:2.6.16-12.6
  • libxml2-python-0:2.6.26-2.1.2.7

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 32326 CVE(CAN) ID: CVE-2008-4226 libxml软件包提供允许用户操控XML文件的函数库,包含有读、修改和写XML和HTML文件支持。 libxml2库的xmlSAX2Characters()函数中存在整数溢出漏洞,如果用户受骗使用链接到该库的应用程序打开了超大的XML文件的话,就可以触发这个溢出,导致执行任意指令。 XMLSoft Libxml2 2.7.2 Debian ------ Debian已经为此发布了一个安全公告(DSA-1666-1)以及相应补丁: DSA-1666-1:New libxml2 packages fix several vulnerabilities 链接:<a href=http://www.debian.org/security/2008/dsa-1666 target=_blank>http://www.debian.org/security/2008/dsa-1666</a> 补丁下载: Source archives: <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6.dsc target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6.dsc</a> Size/MD5 checksum: 893 b6b2006ffadfb999e72974d574814b7c <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz</a> Size/MD5 checksum: 3416175 5ff71b22f6253a6dd9afc1c34778dec3 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6.diff.gz target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6.diff.gz</a> Size/MD5 checksum: 147867 d6a3bbbe39bffe96867de82b11c7c5be Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-6_all.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-6_all.deb</a> Size/MD5 checksum: 1328280 c2990030601040775b909c8ace076100 alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_alpha.deb</a> Size/MD5 checksum: 881946 38629543e71a18f6007b8d61d0500e36 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_alpha.deb</a> Size/MD5 checksum: 821150 f14ee677bb7eac20cd65adef90af0f3c <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_alpha.deb</a> Size/MD5 checksum: 37972 d7757b07f8b0c69f9fd0a07a1598a3e3 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_alpha.deb</a> Size/MD5 checksum: 184750 020e5ca7663ee88695e1502c8e8af77c <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_alpha.deb</a> Size/MD5 checksum: 917020 f837c687d428d94559bf68e012bc0e02 amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_amd64.deb</a> Size/MD5 checksum: 745790 94edf60cc7d02dd31a70376baf740958 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_amd64.deb</a> Size/MD5 checksum: 892010 a648a6d69a73593739035d78ed3c8436 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_amd64.deb</a> Size/MD5 checksum: 796410 9f38a5028c33f32cf1701535c1c37984 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_amd64.deb</a> Size/MD5 checksum: 36682 4de1bfa28b9361e462075451befbe66c <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_amd64.deb</a> Size/MD5 checksum: 184126 1aae3163d718d0c378203b7ea1a53a9b arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_arm.deb</a> Size/MD5 checksum: 673236 cda6995615db6e74610d8a51607e85e4 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_arm.deb</a> Size/MD5 checksum: 817602 c5f81e370d055ba14a40a64d3fbb6e9e <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_arm.deb</a> Size/MD5 checksum: 34682 4b01403ce80c2949f31559e0eacc044b <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_arm.deb</a> Size/MD5 checksum: 165284 f84251cc53fa6b67b7fb55f58dd47d5b <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_arm.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_arm.deb</a> Size/MD5 checksum: 742176 2e9e6cbbc777d49a99d8a6d98c5dc799 hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_hppa.deb</a> Size/MD5 checksum: 858220 0f8cf389ab60a7639fac0f6499325995 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_hppa.deb</a> Size/MD5 checksum: 863998 2332655d5ec188cf038cf9fcab862d9f <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_hppa.deb</a> Size/MD5 checksum: 850370 6c600a26f96c3a3eea898821b0a63937 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_hppa.deb</a> Size/MD5 checksum: 36852 75d6a8790e01eacb3183e6f295542215 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_hppa.deb</a> Size/MD5 checksum: 192850 f635c62c33d9a2ea17015b08370dfd8f i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_i386.deb</a> Size/MD5 checksum: 857246 6cebb1b5f8e5e87c00319eb59df9c497 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_i386.deb</a> Size/MD5 checksum: 169026 31acf12efa0a8f37045f3f0869b894f8 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_i386.deb</a> Size/MD5 checksum: 681544 f0f383f2ea6ae309bfbcd13f2a2e8efa <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_i386.deb</a> Size/MD5 checksum: 756128 f776e4a0c28389602bb6b26965fc70ce <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_i386.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_i386.deb</a> Size/MD5 checksum: 34496 0cf1427860bb36162af23351285ff091 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_ia64.deb</a> Size/MD5 checksum: 196528 3eaa55301a20961852f3a3c5b64bde8c <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_ia64.deb</a> Size/MD5 checksum: 48494 280c616ff34b4aa41a48173828b6e66c <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_ia64.deb</a> Size/MD5 checksum: 1106616 e7b32b8f711337ca52a041af581a05b6 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_ia64.deb</a> Size/MD5 checksum: 1080448 a7334ed64dba73272b2001e09d18493f <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_ia64.deb</a> Size/MD5 checksum: 874194 1410e29414572197b6f82dd5a8be061f mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_mips.deb</a> Size/MD5 checksum: 840690 ad2ce083ff5c14656ea3ae28b0fa783d <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_mips.deb</a> Size/MD5 checksum: 770540 d1faeaa723c3de301fb4c8a44ece376a <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_mips.deb</a> Size/MD5 checksum: 34424 c7c9469462957365ab26e7f06e1f0521 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_mips.deb</a> Size/MD5 checksum: 171674 5e6f7cbe84d053bd19dda54346330f75 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_mips.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_mips.deb</a> Size/MD5 checksum: 926930 c4a3402711ebb05f38b1146eebcd0a71 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_mipsel.deb</a> Size/MD5 checksum: 34396 79f5ff849d9a0ed01ab567ec542b7f3e <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_mipsel.deb</a> Size/MD5 checksum: 898480 c195cceafe5efce1de168475a462be54 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_mipsel.deb</a> Size/MD5 checksum: 769244 d0d36bff7e63adf76857166c3ed10daa <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_mipsel.deb</a> Size/MD5 checksum: 168696 3667deae6585a788c4da731b4fc9383d <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_mipsel.deb</a> Size/MD5 checksum: 833258 4b1612f79d4b9d1ce2d7086fbb8edbd0 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_powerpc.deb</a> Size/MD5 checksum: 780124 0d2ed3ecc5a1e7a5ce3870fab1bcfc43 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_powerpc.deb</a> Size/MD5 checksum: 172736 2011f174234c5e939cebeedc2fd9e707 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_powerpc.deb</a> Size/MD5 checksum: 37662 94991d67033b1b921bb72e5d7bf2b844 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_powerpc.deb</a> Size/MD5 checksum: 898080 321d90790cf68bc046b9b577e7986438 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_powerpc.deb</a> Size/MD5 checksum: 771124 47b6d53839ea42f54ae6ad2b89594a26 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_s390.deb</a> Size/MD5 checksum: 36368 fbc5505f4471c4c2fe6ad41903c5596f <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_s390.deb</a> Size/MD5 checksum: 885484 ead63bcf342e568c9c338c2772ea4e0d <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_s390.deb</a> Size/MD5 checksum: 750248 ed7465c981212e90fac94dc040ac6bb4 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_s390.deb</a> Size/MD5 checksum: 185718 414512cb0af24a7c5e3622b75ef9b56f <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_s390.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_s390.deb</a> Size/MD5 checksum: 806342 0f85b6120fdba835eaf39d02b4a606d9 sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_sparc.deb</a> Size/MD5 checksum: 34578 dd02c5498d378ee75330f8f93b2eb3a7 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_sparc.deb</a> Size/MD5 checksum: 781490 ecf288ea66fc19e8f9874b90884a888e <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_sparc.deb</a> Size/MD5 checksum: 713214 434a8a91f3a4acbfc3df2a2707acbbe0 <a href=http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_sparc.deb</a> Size/MD5 checksum: 759786 83ba89269fd32296c48c8498e100372b <a href=http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_sparc.deb</a> Size/MD5 checksum: 176878 9840698d19580fe86bfc55a2347361e5 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2008:0988-01)以及相应补丁: RHSA-2008:0988-01:Important: libxml2 security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2008-0988.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0988.html</a>
idSSV:4469
last seen2017-11-19
modified2008-11-20
published2008-11-20
reporterRoot
titlelibxml2 xmlSAX2Characters()函数整数溢出漏洞

References