From Mageia wiki
Jump to: navigation, search

MGASA-2012-0350

Date: November 30th, 2012
Affected releases: 1, 2


Description:
Updated libxml2 packages fix security vulnerability:

Heap-based buffer underflow, in the xmlParseAttValueComplex function in
parser.c in libxml2 2.9.0 and earlier, allows remote attackers to cause a
denial of service or possibly execute arbitrary code via crafted entities
in an XML document (CVE-2012-5134).


Updated Packages:
Mageia 1:
lib(64)xml2_2-2.7.8-9.8.mga1
lib(64)xml2-devel-2.7.8-9.8.mga1
libxml2-utils-2.7.8-9.8.mga1
libxml2-python-2.7.8-9.8.mga1

Mageia 2:
libxml2-utils-2.7.8-14.20120229.4.mga2
libxml2-python-2.7.8-14.20120229.4.mga2
lib(64)xml2_2-2.7.8-14.20120229.4.mga2
lib(64)xml2-devel-2.7.8-14.20120229.4.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
https://rhn.redhat.com/errata/RHSA-2012-1512.html
https://bugs.mageia.org/show_bug.cgi?id=8248