MDVSA-2009:200 -- Mandriva libxmlID: oval:org.secpod.oval:def:300502 | Date: (C)2012-01-07 (M)2024-02-08 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been found and corrected in libxml: Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework . Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service via crafted Notation or Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework . This update provides a solution to these vulnerabilities.
Platform: |
Mandriva Linux 2009.0 |
Mandriva Linux 2009.1 |
Mandriva Linux 2008.1 |