Mandriva issued this advisory on December 15: http://lists.mandriva.com/security-announce/2011-12/msg00013.php Patches are here: http://svn.mandriva.com/svn/packages/cooker/libxml2/current/SOURCES/libxml2-2.7.8-CVE-2011-0216.diff http://svn.mandriva.com/svn/packages/cooker/libxml2/current/SOURCES/libxml2-2.7.8-CVE-2011-3905.diff
Packages already in core/updates_testing by wally, adding him to CC. Suggested advisory: ======================== Updated libxml2 packages fix security vulnerabilities: Off-by-one error in libxml allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site (CVE-2011-0216). libxml2 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors (CVE-2011-3905). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3905 http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2011:188 https://bugzilla.redhat.com/show_bug.cgi?id=724906 https://bugzilla.redhat.com/show_bug.cgi?id=767387 ======================== Updated packages in core/updates_testing: ===================== libxml2-utils-2.7.8-9.3.mga1 lib(64)xml2_2-2.7.8-9.3.mga1 libxml2-python-2.7.8-9.3.mga1 lib(64)xml2-devel-2.7.8-9.3.mga1 from libxml2-2.7.8-9.3.mga1 src.rpm. ===================== No testcase.
Keywords: (none) => SecurityStatus: NEW => ASSIGNEDCC: (none) => anssi.hannula, jani.valimaaHardware: i586 => AllAssignee: bugsquad => qa-bugs
Tested successfully on i586. Made a python testcase (assuming this uses libxml2) based on a page I found on Google: http://stackoverflow.com/questions/4808753/find-occurrence-using-multiple-attributes-in-elementtree-python Save the example XML data as testdata.xml then run the following program. The output should be "run": import xml.etree.ElementTree x = xml.etree.ElementTree.ElementTree(file='testdata.xml') allcases = x.findall(".//testcase") cases = [c for c in allcases if c.get('classname') == 'TestOne' and c.get('name') == 'VHDL_BUILD_Passthrough'] print cases[0].attrib['status']
x86_64 The following 4 packages are going to be installed: - lib64xml2-devel-2.7.8-9.3.mga1.x86_64 - lib64xml2_2-2.7.8-9.3.mga1.x86_64 - libxml2-python-2.7.8-9.3.mga1.x86_64 - libxml2-utils-2.7.8-9.3.mga1.x86_64 Used David's testcase to check libxml2-python. (Thanks David) $ python testxml.py run $ xmllint --auto <?xml version="1.0"?> <info>abc</info> $ xmlcatalog --create <?xml version="1.0"?> <!DOCTYPE catalog PUBLIC "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN" "http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd"> <catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog"/> Ran chromium-browser under strace to view some sample xml files I found online. $ strace -o strace.out chromium-browser $ grep xml strace.out open("/usr/lib64/libxml2.so.2", O_RDONLY) = 3 $ rpm -qif /usr/lib64/libxml2.so.2 Name : lib64xml2_2 Relocations: (not relocatable) Version : 2.7.8 Vendor: Mageia.Org Release : 9.3.mga1 Build Date: Thu 15 Dec 2011 20:20:12 GMT Install Date: Mon 09 Jan 2012 12:09:39 GMT Build Host: jonund Group : System/Libraries Source RPM: libxml2-2.7.8-9.3.mga1.src.rpm Update validated advisory: ======================== Updated libxml2 packages fix security vulnerabilities: Off-by-one error in libxml allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site (CVE-2011-0216). libxml2 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors (CVE-2011-3905). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3905 http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2011:188 https://bugzilla.redhat.com/show_bug.cgi?id=724906 https://bugzilla.redhat.com/show_bug.cgi?id=767387 ======================== Source RPM: libxml2-2.7.8-9.3.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
update pushed.
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED