Ubuntu has issued an advisory on May 21: http://www.ubuntu.com/usn/usn-1447-1/ Cauldron/Mageia 2 are also affected. Patch is here: http://launchpadlibrarian.net/105753006/libxml2_2.7.8.dfsg-5.1ubuntu4_2.7.8.dfsg-5.1ubuntu4.1.diff.gz
Created attachment 2360 [details] libxml2-2.7.8-CVE-2011-3102.diff Adding the patch as an attachment.
Patched packages uploaded for Mageia 1, Mageia 2, and Cauldron. Advisory: ======================== Updated libxml2 packages fix security vulnerabilities: Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2011-3102). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102 http://www.ubuntu.com/usn/usn-1447-1/ ======================== Updated packages in core/updates_testing: ======================== libxml2_2-2.7.8-9.6.mga1 libxml2-utils-2.7.8-9.6.mga1 libxml2-python-2.7.8-9.6.mga1 libxml2-devel-2.7.8-9.6.mga1 libxml2_2-2.7.8-14.20120229.2.mga2 libxml2-utils-2.7.8-14.20120229.2.mga2 libxml2-python-2.7.8-14.20120229.2.mga2 libxml2-devel-2.7.8-14.20120229.2.mga2 from SRPMS: libxml2-2.7.8-9.6.mga1.src.rpm libxml2-2.7.8-14.20120229.2.mga2.src.rpm
Assignee: bugsquad => qa-bugs
Installed on Mageia 2, 64-bits. Everything seems to work fine. Is there any particular point to check to validate this package?
CC: (none) => olivier.delaune
It's great that you are helping Olivier, thankyou :) We do have a page for this one on the wiki.. https://wiki.mageia.org/en/Testing_procedure_for_libxml2
Ok, I have followed https://wiki.mageia.org/en/Testing_procedure_for_libxml2 and everything looks good. So I think these packages are validated for me.
Tested OK i586 mga2. Adding some some bits to the whiteboard to help keep track.
Whiteboard: (none) => mga2-64-OK, mga2-i586-OK
Testing i586 mga1 shortly.
CC: (none) => davidwhodgins
Testing complete on i586 for Mageia 1 for the srpm libxml2-2.7.8-9.6.mga1.src.rpm
Whiteboard: mga2-64-OK, mga2-i586-OK => mga2-64-OK, mga2-i586-OK, mga1-i586-OK
Tested OK mga1 x86_64 Validating Please see comment for advisory and SRPM's (Please note this bug contains updates for mga1 and mga2) Could sysadmin please push both from core/updates_testing to core/updates. Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: mga2-64-OK, mga2-i586-OK, mga1-i586-OK => mga2-64-OK, mga2-i586-OK, mga1-i586-OK, mga1-64-OK
comment 2 for advisory and srpm's
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0111
CC: (none) => tmbStatus: NEW => RESOLVEDResolution: (none) => FIXED