MGASA-2012-0111
| Date: | June 10th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated libxml2 packages fix security vulnerabilities:
Juri Aedla discovered that libxml2 contained an off by one error in its
XPointer functionality. If a user or application linked against libxml2
were tricked into opening a specially crafted XML file, an attacker could
cause the application to crash or possibly execute arbitrary code with the
privileges of the user invoking the program (CVE-2011-3102).
Updated Packages:
Mageia 1:
libxml2-utils-2.7.8-9.6.mga1
libxml2-python-2.7.8-9.6.mga1
lib(64)xml2_2-2.7.8-9.6.mga1
lib(64)xml2-devel-2.7.8-9.6.mga1
Mageia 2:
libxml2-utils-2.7.8-14.20120229.2.mga2
libxml2-python-2.7.8-14.20120229.2.mga2
lib(64)xml2_2-2.7.8-14.20120229.2.mga2
lib(64)xml2-devel-2.7.8-14.20120229.2.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
http://www.ubuntu.com/usn/usn-1447-1/
https://bugs.mageia.org/show_bug.cgi?id=6025
