Description of problem: ==== Double free vulnerabilities in libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression and via vectors related to XPath handling (CVE-2011-2821, CVE-2011-2834). Updated packages corrects these issues. ==== More info: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2821 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2834 Pushed new release [1] to core/updates_testing which fixes this issue. [1] libxml2-2.7.8-9.2.mga1
Not much more info :\ Caertainly nothing we can use for testing. This relates to google chrome but numerous applications make use of libxml2_2 I suggest testing with a few to make sure they work as expected, unless anybody knows a better way to test this one? $ urpmq --whatrequires libxml2_2 0ad GConf2 abiword amarok amarok anjuta anjuta-extras apache-mod_php ardour aria2 armagetron audacious-plugins audacious-plugins autofs autogen autopano-sift-C autoscan autoscan-agent avidemux avidemux avidemux avidemux-cli avidemux-cli avidemux-cli avidemux-gtk avidemux-gtk avidemux-gtk avidemux-qt avidemux-qt avidemux-qt beid-middleware beid-middleware bind bind bind-utils bind-utils bluefish brasero bug-buddy cairo-dock cairo-dock-rssreader cairo-dock-weather calligra-core calligra-mobile chromium-browser-beta chromium-browser-stable chromium-browser-stable chromium-browser-stable chromium-browser-unstable claws-mail-gtkhtml2_viewer-plugin claws-mail-rssyl-plugin clisp cman compiz compiz-fusion-plugins-main conky dconf-editor deja-dup dia dvbtune dvdauthor e_modules ekiga empathy eog epiphany evince evolution evolution-data-server evolution-exchange evolution-mono fence-agents ffado fizmo fizmo folks foomatic-db-engine fwbuilder gcalctool gcompris gda2.0 gedit geoclue glabels gmpc gmpc-discogs gmpc-jamendo gmpc-lastfm gmpc-lyrics gmpc-wikipedia gnome-applets gnome-control-center gnome-media gnome-pilot gnome-system-monitor gnote gok google-gadgets-common graphicsmagick grisbi gromacs gstreamer0.10-plugins-base gstreamer0.10-plugins-good gtkdive gtkmathview halevt heartbeat heartbeat-stonith hivex hotkeys icecast ices inkscape kdelibs4-core kdelibs4-core kdelibs4-core kiba-dock kino kipi-plugins-htmlexport kipi-plugins-htmlexport kmess kopete kopete
Tested i586 with chromium, avidemux, inkscape
Dave previously tested libxml and gave some useful info here.. https://bugs.mageia.org/show_bug.cgi?id=1669#c3 All of which tested OK i586 too
Tested OK x86_64 too Validating Advisory -------------- Double free vulnerabilities in libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression and via vectors related to XPath handling (CVE-2011-2821, CVE-2011-2834). Updated packages corrects these issues. ==== More info: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2821 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2834 --------------- SRPM: libxml2-2.7.8-9.2.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsHardware: i586 => All
Update pushed.
CC: (none) => tmb
.
Status: NEW => RESOLVEDResolution: (none) => FIXED